Private Secure APT Repository
-
I'm in the beginning stages of researching the implementation of a private secured and authenticated APT repository. Anyone here by chance have experience setting up said service? My initial searches haven't proven to be all that fruitful, but I really haven't strained the limits of my google-fu yet.
Before I started delving any deeper into the Google or sitting down to actually RTFM, I thought I would be a little lazy and try to scrape anything useful from your collective brain sacks...
-
All you're doing really is setting up a local repository. Question about the secure part tho, how do you see the local repository being any more secure than the normal repo?
-
What's the reason for secure and authenticated? You are going to be deploying private apps that would be dangerous to have exposed?
-
I think I've been able to put the pieces together via some debian documentation and other tutorials I've found involving reprepro. I guess it really isn't going to be private after the initial package build and testing. I don't necessarily want to advertise it publicly. They are eventually looking at opening it up to a single client to ease the installation of software and subsequent releases.
If I understand things correctly I'll just build the local repository and provide authentication to it via configuration of nginx, apache, ssh, etc... (whichever medium they choose to provide access).
-
@RamblingBiped said:
I think I've been able to put the pieces together via some debian documentation and other tutorials I've found involving reprepro. I guess it really isn't going to be private after the initial package build and testing. I don't necessarily want to advertise it publicly. They are eventually looking at opening it up to a single client to ease the installation of software and subsequent releases.
If I understand things correctly I'll just build the local repository and provide authentication to it via configuration of nginx, apache, ssh, etc... (whichever medium they choose to provide access).
If you are okay without authentication, locking to an IP address would be simple. Adding authentication is probably doable, but I've never seen that done before.
-
@scottalanmiller With my luck they will probably want both just so they can funnel me all of the subsequent client support calls with complaints about their credentials not working when they are trying to install our software from home or the local coffee shop.
-
I think Landscape does this plus a lot more. I think it's free for 10 physical and 10 virtual machines, but I don't know the cost after that.
There are some Juju charms that you can create a Landscape setup with pretty easily.
