====== Create your own Debian mirror ======
Howto create your own local Debian mirror.
//debmirror has been updated:// http://alioth.debian.org/~fjp/log/tags/debmirror.html\\
You can safely install the squeeze package on a lenny host!
----
First, install the debmirror and debian-keyring package:
apt-get install debmirror debian-keyring
Decide where to store your mirror:
mkdir /srv/mirror
Add a user who will run the mirror script:
groupadd mirror
useradd -d /srv/mirror -c "Debmirror" -g mirror mirror
Change permissions:
chown -R mirror.mirror /srv/mirror
**Import gpg keys.** \\
If you are missing a key for some reason you can find the key in question at [[http://keyserver.ubuntu.com]]. Search for "Debian Archive Automatic Signing Key " and pick the ID.
# get mirror
su - mirror
# 1st import the following:
gpg --keyring trustedkeys.gpg --import /usr/share/keyring/debian-archive-keyring.gpg
# check the key list, it should give you at least:
gpg --list-keys --keyring trustedkeys.gpg
pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid Debian Archive Automatic Signing Key (2006)
pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch)
pub 1024D/ADB11277 2006-09-17
uid Etch Stable Release Key
If you are missing e.g. ID 6070D3A1 then you can try the following:
:!: Warning: gpg uses trustdb.gpg as the default keyring; debmirror however expects the keys to reside in trustedkeys.gpg !
gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keyserver.ubuntu.com --recv-keys B98321F9
:!: //From time to time keys will be updated or removed. Install the current debian-archive-keyring.deb and run//
gpg --keyring trustedkeys.gpg --import /usr/share/keyrings/debian-archive-keyring.gpg
gpg --list-keys --keyring trustedkeys.gpg
pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid Debian Archive Automatic Signing Key (2006)
pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch)
pub 1024D/ADB11277 2006-09-17
uid Etch Stable Release Key
pub 1024D/BBE55AB3 2007-03-31 [expires: 2010-03-30]
uid Debian-Volatile Archive Automatic Signing Key (4.0/etch)
sub 2048g/36CA98F3 2007-03-31 [expires: 2010-03-30]
pub 1024D/F42584E6 2008-04-06 [expires: 2012-05-15]
uid Lenny Stable Release Key
pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31]
uid Debian Archive Automatic Signing Key (5.0/lenny)
pub 2048R/6D849617 2009-01-24 [expires: 2013-01-23]
uid Debian-Volatile Archive Automatic Signing Key (5.0/lenny)
//This list is current for 2009-05-04.//
:!: **NOTE:**
If you do not have ~/.gnupg/trustedkeys.gpg then you can try to copy the
complete archive keyring file (as user 'mirror'):
cp /usr/share/keyrings/debian-archive-keyring.gpg ~/.gnupg/trustedkeys.gpg
To list which keys are in ~/.gnupg/trustedkeys.gpg use this command:
gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --list-key
**Create a script to be run by cron as root.**\\
The script below will mirror etch and lenny. Installer images are also synced for lenny in this case (available since debmirror 2.2!)
#!/bin/bash
# sourcehost
HOST=ftp.de.debian.org;
# destination directory
DEST=/srv/mirror/debian
# Debian version(s) to mirror
DIST=lenny, squeeze
# architecture
ARCH=i386,amd64
debmirror ${DEST} \
--nosource \
--host=${HOST} \
--root=/debian \
--dist=${DIST} \
--section=main,contrib,non-free,main/debian-installer \
--arch=${ARCH} \
--passive --cleanup \
--state-cache-days=7 \
--di-dist=lenny --di-arch=${ARCH} \
--progress --verbose
Edit your crontab:
# debmirror
38 04 * * 1-5 /root/scripts/mirror
{{tag>debian}}