December 19th Meeting Notes

We had a great year end meeting with 12 in attendance including 2 new people plus one of our orginal members back from early 2000's!
 
While we were waiting for our presenter to arrive, We welcomed back one of our original members (2004), Alice who had been unable to attendin recent years.  She had a few questions concerning running Apple's IOS and Android in a Virtual Machine in Linux.  Promised some research on this and would get back to her.  We also talked about virtualization platforms including Hyper-V Virtualization (Windows 10) and KVM/QEMU.

Our Meeting Dates Going Forward:
Wednesday January 17th
Tuesday February 20th
Tuesday March 20th
Tuesday April 17th
 
Link Porterfreld then took us on a deep dive in to configuring and using Reprepro. He had prepared a set of slides to guide us through... Here are his slides in the conversation:
Hosting A Software Repository With Reprepro
• Boise Linux User Group
• 2017-12-19
• Link Porterfeld
• QPG, Ltd. Co./epic.network
 
Packages - What is kept in reprepro repository.
 
Reprepro
What started this journey for me?
1. Software offered only as direct downloads of Debian packages
    1. Atom
    2. php-wp-cli
    3. RescueTime
    4. TeamViewer
    5. Zoom
2. Annoyance of having to download to every host and install with dpkg every time there was an update
3. Desire to learn more about hosting a repository
 
Examples of direct download locations for updates, now stored in one location, reprepro!
Atom direct download at https://atom.io
wp-cli: https://github.com/wp-cli/builds/tree/gh-pages/deb
Zoom Client for Linux: https://zoom.us/download
 
Reprepro Installation and Usage:
Where do I start?
 
1. Let's start with some assumptions (even if they aren't true)
● You know how to set up a Debian based Linux web server with SSL/TLS
● You know how to make and manage GPG keys
 
2. Install reprepro
$ sudo apt install reprepro
 
3. Create your reprepro directories
● sudo mkdir -p /srv/www/example.com/repo/debian/{conf,db,dists,incoming,pool}
● cd /srv/www/example.com/repo/debian/
● sudo chown -R `whoami` .
 
4. Create a GPG signing key
● The following is a good reference:
https://www.digitalocean.com/community/tutorials/how-to-use-reprepro-for-a-secure-packagerepository-on-ubuntu-14-04#prepare-and-publish-a-signing-key
● Rather than preparing the GPG key on the server, I created mine on my Linux workstation
and load it into my GPG keyring for safekeeping.
● Use a passphrase
● I exported the signing key and transfer it to the server.
● I imported it into my user keyring and confirmed it as described in the Digital Ocean tutorial.
● Example:
gpg --export-secret-subkeys KEYID > signing.key
scp signing.key repo.example.com:
On your repo server
gpg --import signing.key
 
5. Confgure your webserver
● setup a TLS web server for repo.example.
vhost.config:
# repo.example.com reprepro
<VirtualHost *:443>
ServerAdmin repo@example.com
UseCanonicalName On
ServerName repo.example.com
DocumentRoot /srv/www/example.com/repo/
Alias /favicon.ico /srv/www/example.com/www/favicon.ico
# enable SSL
SSLEngine On
SSLCertifcateFile /etc/ssl/certs/example.com.pem
SSLCertifcateChainFile /etc/ssl/certs/example.com.ca-bundle.pem
SSLCertifcateKeyFile /etc/ssl/private/example.com.key
# add options
<Directory /srv/www/example.com/repo/ >
Options Indexes FollowSymLinks Multiviews
Require all granted
</Directory>
# secure directories
<Directory /srv/www/example.com/repo/debian/db/ >
Require all denied
</Directory>
<Directory /srv/www/example.com/repo/debian/conf/ >
Require all denied
</Directory>
<Directory /srv/www/example.com/repo/debian/incoming/ >
Require all denied
</Directory>
</VirtualHost>
 
6. Confgure reprepro settings
● conf/distributions
 
Examples:
Origin: My Personal Repo
Label: Package Repository
Codename: xenial
Architectures: i386 amd64
Components: main
Description: My Favorite Packages
SignWith: KEYID*
Origin: My Personal Repo
Label: Package Repository
Codename: jessie
Architectures: i386 amd64
Components: main
Description: My Favorite Packages
SignWith: KEYID*
Origin: My Personal Repo
Label: Package Repository
Codename: stretch
Architectures: i386 amd64
Components: main
Description: My Favorite Packages
SignWith: KEYID*
# *KEYID is the ID of the signing
subkey
● conf/options
At a bare minimum include ask-passphrase
 
7. Add some packages
● $ reprepro -v includedeb stretch incoming/yourpackage-version_amd64.deb
Don’t run this command in a terminal multiplexer like tmux or gpg-agent won’t be able to ask for your passphrase
● $ reprepro copy xenial stretch yourpackage
Reprepro Resources
● Debian Repository Setup With Reprepro
https://wiki.debian.org/DebianRepository/SetupWithReprepro
● Howto Setup a Private Package Repository
with reprepro and nginx
http://davehall.com.au/blog/dave/2010/02/06/howto-setup-private-package-repository-reprepro-nginx
● How to Use Reprepro for a Secure Package Repository
on Ubuntu 14.04
https://www.digitalocean.com/community/tutorials/how-to-use-reprepro-for-a-secure-package-repository-on-ubuntu-14-04
 
Yum Resources (Fedora, RedHat, Centos, Arch, others)
● Create your own yum repository
https://www.techrepublic.com/blog/linux-andopen-source/create-your-own-yum-repository/
● How to create YUM repository in Centos 7
https://cyberpersons.com/2017/07/12/how-to-create-yum-repository-in-centos-7/
 
Package Notes
● Atom releases
https://atom.io/releases
● Atom Text Editor APT/YUM Mirror
https://github.com/alanfranz/atom-text-editor-repository
At this point, Link brought his demonstration to a close.
 
Additional Resources:
Gooogle Search reprepro (orginally known as mirrorer)
 
https://debian-administration.org/article/286/Setting_up_your_own_APT_repository_with_upload_support
https://wikitech.wikimedia.org/wiki/Reprepro
home page: https://mirrorer.alioth.debian.org/
man page:  https://mirrorer.alioth.debian.org/reprepro.1.html
(exellent manual, download as webpage.)
 
=============================================================
 
Other conversations:
 
One members asked about alternatives to "Crashplan", a cloud based "backup" archive that is going commercial. Suggestions included syncthing and rsync between your local machines and a cloud based storage "drive".
 
python 3.7 idle. Python packages, probably been done...
 
Issues with Java as a moving target version client side: Sun versions, openJVM, IceTea versions.
 
TOR
 
VPN
 
Opera - China owns!
 
Microsoft Edge on Android????
Points for using Edge to search and use points to buy xbox games!
Google as "Evil Empire".  Use DuckDuckGo.com for searches.
 
SharkLinux needs documentation writers - Source Forge:
https://sourceforge.net/p/forge/helpwanted/documenters/thread/434d48e0/?limit=25
11-22-2017
Lots of undocumented tools. Most can be easily written and even exist to some degree elsewhere. The sheer volume of docs to be written makes it worth asking for help as the entire distro is maintained by myself as a solo effort. This keeps me busy and docs fall by wayside. Shark operates differently in a number of ways and the lack of docs has caused a lot of misunderstanding and misuse.
 
Our next meeting will be on Wednesday, January 17th, in the Bitterbrush room, Boise Library! Ustick Branch at 6:30 PM.  On the agenda, tentatively, a presentation on Python tools Anaconda and PIP.
 
Best Wishes for the New Year!