Skip to content

Instantly share code, notes, and snippets.

@anubhavg-icpl

anubhavg-icpl/YUM-repo.md

Created September 13, 2024 10:37
Show Gist options
  • Save anubhavg-icpl/e5894d745bfd7610a6d1349be74c9c48 to your computer and use it in GitHub Desktop.
Save anubhavg-icpl/e5894d745bfd7610a6d1349be74c9c48 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
YUM-repo.md

Setting up YUM/DNF Repository Management on Arch Linux

Prerequisites

  • Arch Linux system
  • sudo privileges
  • AWS account with S3 access (optional, for remote hosting)

Installation

  1. Update your system:
sudo pacman -Syu
  1. Install necessary dependencies:
sudo pacman -S base-devel git
  1. Install createrepo_c from AUR:
git clone https://aur.archlinux.org/createrepo_c.git
cd createrepo_c
makepkg -si
  1. Install AWS CLI (if you plan to use S3):
sudo pacman -S aws-cli

Setting up the Repository

  1. Create a directory for your repository:
sudo mkdir -p /var/repo/your_repo_name

  1. Copy your RPM packages to this directory.

  2. Generate repository metadata:

sudo createrepo_c /var/repo/your_repo_name

Signing Packages (Optional but Recommended)

  1. Install rpm-sign:
git clone https://aur.archlinux.org/rpm-sign.git
cd rpm-sign
makepkg -si
  1. Generate a GPG key:
gpg --full-generate-key
  1. Export the public key:
gpg --armor --export Your-Key-ID > RPM-GPG-KEY-YourName
  1. Sign your packages:
rpm --addsign /var/repo/your_repo_name/*.rpm

Hosting the Repository

Local Hosting

  1. Install a web server (e.g., nginx):
sudo pacman -S nginx
  1. Configure nginx to serve your repository:
server {
    listen 80;
    server_name your_domain.com;
    root /var/repo;
    autoindex on;
}
  1. Start and enable nginx:
sudo systemctl start nginx
sudo systemctl enable nginx

Remote Hosting on S3 (Optional)

  1. Configure AWS CLI:
aws configure
  1. Sync your repository to S3:
aws s3 sync /var/repo/your_repo_name s3://your-bucket-name/your-repo-path/
  1. Make sure to upload your GPG public key as well:
aws s3 cp RPM-GPG-KEY-YourName s3://your-bucket-name/your-repo-path/

Client-side Configuration (on RPM-based systems)

On the client machines that will use your repository:

  1. Create a new .repo file:
sudo vi /etc/yum.repos.d/your-repo.repo
  1. Add the following content:
[your-repo]
name=Your Custom Repository
baseurl=http://your_domain.com/your_repo_name/
        # or for S3: https://your-bucket-name.s3.amazonaws.com/your-repo-path/
enabled=1
gpgcheck=1
gpgkey=http://your_domain.com/your_repo_name/RPM-GPG-KEY-YourName
        # or for S3: https://your-bucket-name.s3.amazonaws.com/your-repo-path/RPM-GPG-KEY-YourName
  1. Import the GPG key:
sudo rpm --import http://your_domain.com/your_repo_name/RPM-GPG-KEY-YourName
# or for S3: sudo rpm --import https://your-bucket-name.s3.amazonaws.com/your-repo-path/RPM-GPG-KEY-YourName
  1. Clean and update YUM/DNF cache:
sudo yum clean all && sudo yum makecache  # for YUM
# or
sudo dnf clean all && sudo dnf makecache  # for DNF

Updating the Repository

When you add new packages:

  1. Add the new RPMs to your repository directory.
  2. Update the repository metadata:
sudo createrepo_c --update /var/repo/your_repo_name
  1. If using S3, sync again:
aws s3 sync /var/repo/your_repo_name s3://your-bucket-name/your-repo-path/

Troubleshooting

  • Ensure all necessary ports are open if hosting locally.
  • Check S3 bucket permissions if using remote hosting.
  • Verify GPG key import on client machines for signing issues.
  • Review /var/log/yum.log or /var/log/dnf.log on client machines for detailed logs.

Remember to keep your AWS credentials and GPG keys secure. Never share them publicly or include them in configuration files.

@anubhavg-icpl
Copy link
Author

Again needed troubleshoot then use this !

I understand. You're right to consider regenerating the repository metadata, as this is often a solution when there are discrepancies between the repository content and its metadata. Let's proceed with regenerating the metadata:

  1. First, ensure you have the necessary permissions to modify the repository:

    sudo chown -R $USER:$USER /var/repo/invinsense

  2. Navigate to the repository directory:

    cd /var/repo/invinsense

  3. Regenerate the repository metadata:

    createrepo_c --update .

    The --update flag tells createrepo to refresh existing metadata instead of creating it from scratch, which is faster if you've only added new packages.

  4. If you want to force a complete regeneration, use:

    createrepo_c --database .

  5. After regenerating the metadata, you'll need to sync these changes to your S3 bucket:

    aws s3 sync . s3://invinsense/4.x/yum/ --delete

    The --delete flag ensures that any files in the S3 bucket that don't exist in your local directory are removed, keeping the repository clean.

  6. Verify that the S3 bucket contents are correct:

    aws s3 ls s3://invinsense/4.x/yum/ --recursive

  7. On the client machine (where you're trying to install the package), force a metadata refresh:

    sudo yum clean all
sudo yum makecache --disablerepo="*" --enablerepo="invinsense"

  8. Try to install the package again:

    sudo yum install invinsense

If you still encounter issues after these steps, here are a few more things to check:

  1. Ensure the S3 bucket has the correct permissions. It should be readable by the public if you want it to be a public repository.

  2. Check that the baseurl in your /etc/yum.repos.d/invinsense.repo file on the client machine exactly matches the S3 bucket URL.

  3. Verify that the GPG key is correctly imported on the client machine:

    sudo rpm --import https://invinsense.s3.us-east-2.amazonaws.com/4.x/yum/INVINSENSE

  4. If possible, try accessing the repository URL directly in a web browser to ensure it's publicly accessible.

If the problem persists after all these steps, it would indeed be advisable to contact the repository maintainers (which might be you or your team) to investigate further. They might need to check:

  1. The S3 bucket policies and permissions
  2. The correctness of the RPM package itself
  3. Any CloudFront or other CDN configurations if they're being used
  4. The repository's metadata generation process

Remember, troubleshooting custom repositories can be complex, especially when hosted on cloud services like S3. Don't hesitate to seek help from your team or AWS support if needed.

@anubhavg-icpl
Copy link
Author

[root@377f1d618d07 /]# cat /etc/yum.repos.d/invinsense.repo

[invinsense]
name=Infopercept Consulting PVT ( INVINSENSE )
baseurl=https://invinsense.s3.us-east-2.amazonaws.com/4.x/yum/
enabled=1
gpgcheck=1
gpgkey=https://invinsense.s3.us-east-2.amazonaws.com/4.x/yum/INVINSENSE

[root@377f1d618d07 /]#

@anubhavg-icpl
Copy link
Author

Adding xdr-manager Package to Existing YUM Repository

  1. Prepare the RPM package

    • Ensure you have the xdr-manager RPM package ready.

  2. Copy the RPM to the repository directory

    sudo cp path/to/xdr-manager.rpm /var/repo/invinsense/

  3. Update the repository metadata

    cd /var/repo/invinsense
sudo createrepo_c --update .

  4. Sign the new package (if using GPG signing)

    rpm --addsign /var/repo/invinsense/xdr-manager.rpm

  5. Sync the updated repository to S3

    aws s3 sync /var/repo/invinsense s3://invinsense/4.x/yum/ --delete

  6. Verify the upload

    aws s3 ls s3://invinsense/4.x/yum/ --recursive

  7. Update client machines
    On machines using this repository:

    sudo yum clean all
sudo yum makecache --disablerepo="*" --enablerepo="invinsense"

  8. Test the new package

    sudo yum install xdr-manager

Remember to replace path/to/xdr-manager.rpm with the actual path to your RPM file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment