Howto create your own local Debian mirror.

debmirror has been updated: http://alioth.debian.org/~fjp/log/tags/debmirror.html
You can safely install the squeeze package on a lenny host!

First, install the debmirror and debian-keyring package:

apt-get install debmirror debian-keyring

Decide where to store your mirror:

mkdir /srv/mirror

Add a user who will run the mirror script:

groupadd mirror
useradd -d /srv/mirror -c "Debmirror" -g mirror mirror

Change permissions:

chown -R mirror.mirror /srv/mirror

Import gpg keys.
If you are missing a key for some reason you can find the key in question at http://keyserver.ubuntu.com. Search for “Debian Archive Automatic Signing Key ” and pick the ID.

# get mirror
su - mirror
 
# 1st import the following:
gpg --import /usr/share/keyring/debian-archive-keyring.gpg
 
# check the key list, it should give you at least:
gpg --list-keys
 
pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>
 
pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
 
pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

If you are missing e.g. ID 6070D3A1 then you can try the following:

gpg --keyserver keyserver.ubuntu.com --recv-keys 6070D3A1

From time to time keys will be updated or removed. Install the current debian-archive-keyring.deb and run

gpg --import /usr/share/keyrings/debian-archive-keyring.gpg

gpg --list-keys
pub   1024D/2D230C5F 2006-01-03 [expired: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>

pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>

pub   1024D/ADB11277 2006-09-17
uid                  Etch Stable Release Key <debian-release@lists.debian.org>

pub   1024D/BBE55AB3 2007-03-31 [expires: 2010-03-30]
uid                  Debian-Volatile Archive Automatic Signing Key (4.0/etch)
sub   2048g/36CA98F3 2007-03-31 [expires: 2010-03-30]

pub   1024D/F42584E6 2008-04-06 [expires: 2012-05-15]
uid                  Lenny Stable Release Key <debian-release@lists.debian.org>

pub   4096R/55BE302B 2009-01-27 [expires: 2012-12-31]
uid                  Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>

pub   2048R/6D849617 2009-01-24 [expires: 2013-01-23]
uid                  Debian-Volatile Archive Automatic Signing Key (5.0/lenny)

This list is current for 2009-05-04.

NOTE:

If you do not have ~/.gnupg/trustedkeys.gpg then you can try to copy the complete archive keyring file (as user 'mirror'):

cp /usr/share/keyrings/debian-archive-keyring.gpg ~/.gnupg/trustedkeys.gpg

To list which keys are in ~/.gnupg/trustedkeys.gpg use this command:

gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --list-key

Create a script to be run by cron as root.
The script below will mirror etch and lenny. Installer images are also synced for lenny in this case (available since debmirror 2.2!)

#!/bin/bash
 
# sourcehost
HOST=ftp.de.debian.org;
 
# destination directory
DEST=/srv/mirror/debian
 
# Debian version(s) to mirror
DIST=etch,lenny
 
# architecture
ARCH=i386,amd64
 
debmirror ${DEST} \
 --nosource \
 --host=${HOST} \
 --root=/debian \
 --dist=${DIST} \
 --section=main,contrib,non-free,main/debian-installer \
 --arch=${ARCH} \
 --passive --cleanup \
 --state-cache-days=7 \
 --di-dist=lenny --di-arch=${ARCH} \
 --progress --verbose

Edit your crontab:

# debmirror
38 04 * * 1-5 /root/scripts/mirror