{"id":278,"date":"2017-11-15T10:46:26","date_gmt":"2017-11-15T08:46:26","guid":{"rendered":"https:\/\/www.tobanet.de\/s\/?p=278"},"modified":"2020-12-19T12:02:26","modified_gmt":"2020-12-19T10:02:26","slug":"create-your-own-debian-mirror-with-debmirror","status":"publish","type":"post","link":"https:\/\/www.tobanet.de\/s\/2017\/11\/create-your-own-debian-mirror-with-debmirror\/","title":{"rendered":"Create your own Debian mirror with debmirror"},"content":{"rendered":"\n

We will walk through these steps to get the local Debian mirror up and running:<\/strong><\/p>\n\n\n\n

  1. make sure you have enough space on your harddrive<\/li>
  2. install debmirror<\/code>, configure a cronjob to sync data<\/li>
  3. make your mirror available to your clients (via apache or nfs)<\/li>
  4. keep an eye on your cronjob – from time to time your script may have trouble to sync<\/li>
  5. configure sources.list<\/code> to use your local mirror<\/li><\/ol>\n\n\n\n\n\n\n\n

    1. Space requirements<\/h2>\n\n\n\n

    You will need some space to host the mirror.<\/p>\n\n\n\n

    My local mirror hosts the distributions for jessie and stretch with architecture amd64.<\/p>\n\n\n\n

    This setup currently (2017-11) consumes ~113 GB.<\/p>\n\n\n\n

    2. Installation<\/h2>\n\n\n\n

    The basics<\/h3>\n\n\n\n

    My debmirror runs on jessie<\/strong>. But that’s not really relevant here.<\/p>\n\n\n\n

    First, install the debmirror and debian-keyring package:<\/p>\n\n\n\n

    apt-get install debmirror debian-keyring<\/pre>\n\n\n\n
    Decide where to store your mirror:<\/p>\n\n\n\n
    mkdir \/srv\/mirror<\/pre>\n\n\n\n
    Add a user who will run the mirror script:<\/p>\n\n\n\n
    groupadd mirror\nuseradd -d \/srv\/mirror -c \"Debmirror\" -g mirror mirror<\/pre>\n\n\n\n
    Change permissions:<\/p>\n\n\n\n
    chown -R mirror.mirror \/srv\/mirror<\/pre>\n\n\n\n
    Handle gpg keys<\/h3>\n\n\n\n
    gpg uses trustdb.gpg<\/code> as the default keyring; debmirror however expects the keys to reside in trustedkeys.gpg<\/code> !<\/p>\n\n\n\n
    If something breaks that’s usually because some keys have been added to the official keyring and are missing locally.<\/p>\n\n\n\n
    Import gpg keys.<\/strong>
    The easiest thing is to import the official debian-archive-keyring for debmirror.<\/p>\n\n\n\n
    # become mirror\nsu - mirror\n \n# 1st import the following:\ngpg --no-default-keyring --keyring trustedkeys.gpg --import \/usr\/share\/keyrings\/debian-archive-keyring.gpg\n \n# check the key list, it should give you something like this:\ngpg --list-keys --keyring trustedkeys.gpg\n \n\/srv\/mirror\/.gnupg\/trustedkeys.gpg\n----------------------------------\n \npub   4096R\/473041FA 2010-08-27 [verf\u00e4llt: 2018-03-05]\nuid                  Debian Archive Automatic Signing Key (6.0\/squeeze) <ftpmaster@debian.org>\n \npub   4096R\/B98321F9 2010-08-07 [verfallen: 2017-08-05]\nuid                  Squeeze Stable Release Key <debian-release@lists.debian.org>\n \npub   4096R\/65FFB764 2012-05-08 [verf\u00e4llt: 2019-05-07]\nuid                  Wheezy Stable Release Key <debian-release@lists.debian.org>\n \npub   4096R\/46925553 2012-04-27 [verf\u00e4llt: 2020-04-25]\nuid                  Debian Archive Automatic Signing Key (7.0\/wheezy) <ftpmaster@debian.org>\n \npub   4096R\/2B90D010 2014-11-21 [verf\u00e4llt: 2022-11-19]\nuid                  Debian Archive Automatic Signing Key (8\/jessie) <ftpmaster@debian.org>\n \npub   4096R\/518E17E1 2013-08-17 [verf\u00e4llt: 2021-08-15]\nuid                  Jessie Stable Release Key <debian-release@lists.debian.org>\n \npub   4096R\/C857C906 2014-11-21 [verf\u00e4llt: 2022-11-19]\nuid                  Debian Security Archive Automatic Signing Key (8\/jessie) <ftpmaster@debian.org>\n \npub   4096R\/1A7B6500 2017-05-20 [verf\u00e4llt: 2025-05-18]\nuid                  Debian Stable Release Key (9\/stretch) <debian-release@lists.debian.org>\n \npub   4096R\/F66AEC98 2017-05-22 [verf\u00e4llt: 2025-05-20]\nuid                  Debian Archive Automatic Signing Key (9\/stretch) <ftpmaster@debian.org>\nsub   4096R\/B7D453EC 2017-05-22 [verf\u00e4llt: 2025-05-20]\n \npub   4096R\/8AE22BA9 2017-05-22 [verf\u00e4llt: 2025-05-20]\nuid                  Debian Security Archive Automatic Signing Key (9\/stretch) <ftpmaster@debian.org>\nsub   4096R\/331F7F50 2017-05-22 [verf\u00e4llt: 2025-05-20]<\/pre>\n\n\n\n
    From time to time keys will be updated or removed. We just need to sync keys from debian-archive-keyring. gpg will automatically skip duplicates and add what is missing. This step is vitally important when you add a new distribution like stretch.<\/em><\/p>\n\n\n\n
    # update the keyring, same procedure as install:\ngpg --no-default-keyring --keyring trustedkeys.gpg --import \/usr\/share\/keyrings\/debian-archive-keyring.gpg \n \n# and verify what's in the keyring:\ngpg --list-keys --keyring trustedkeys.gpg<\/pre>\n\n\n\n
    NOTE:<\/strong><\/p>\n\n\n\n
    If you do not have ~\/.gnupg\/trustedkeys.gpg then you can also copy the complete archive keyring file (as user ‘mirror’):<\/p>\n\n\n\n
    cp \/usr\/share\/keyrings\/debian-archive-keyring.gpg ~\/.gnupg\/trustedkeys.gpg <\/pre>\n\n\n\n
    Script & Cronjob<\/h3>\n\n\n\n
    Create a script to be run by cron as root.<\/strong>
    The script below will mirror jessie and stretch.<\/p>\n\n\n\n
    #!\/bin\/bash\n \n# sourcehost: choose a mirror in your proximity!\nHOST=ftp2.de.debian.org;\n \n# destination directory\nDEST=\/srv\/mirror\/debian\n \n# Debian version(s) to mirror\nDIST=jessie,stretch\n \n# architecture\nARCH=amd64\n \n# log timestamp\nlogger -t mirror[$$] updating Debian mirror\n \nsu mirror -c \\\n \"debmirror ${DEST} \\\n --nosource \\\n --host=${HOST} \\\n --root=\/debian \\\n --dist=${DIST} \\\n --section=main,contrib,non-free,main\/debian-installer \\\n --i18n \\\n --arch=${ARCH} \\\n --passive --cleanup \\\n $VERBOSE\"\n \nlogger -t mirror[$$] finished updating Debian mirror<\/pre>\n\n\n\n
    Edit \/etc\/cron.d\/local-debmirror:<\/p>\n\n\n\n
    # debmirror\n38 04 * * 1-5 root \/root\/scripts\/mirror<\/pre>\n\n\n\n
    3. Make the mirror available<\/h2>\n\n\n\n
    The easiest way would be to set up a webserver (e.g. apache) to serve the data to your clients.<\/p>\n\n\n\n
    Your mirror directory tree should look like:<\/p>\n\n\n\n
    tree -d -L 2 \/srv\/mirror\/debian\n\/srv\/mirror\/debian\n\u251c\u2500\u2500 dists\n\u2502   \u251c\u2500\u2500 jessie\n\u2502   \u251c\u2500\u2500 oldstable -> jessie\n\u2502   \u251c\u2500\u2500 stable -> stretch\n\u2502   \u2514\u2500\u2500 stretch\n\u251c\u2500\u2500 pool\n\u2502   \u251c\u2500\u2500 contrib\n\u2502   \u251c\u2500\u2500 main\n\u2502   \u2514\u2500\u2500 non-free\n\u2514\u2500\u2500 project\n    \u2514\u2500\u2500 trace<\/pre>\n\n\n\n
    Decide how you want to access the mirror – debmirror.example.com sounds great, doesn’t it? Don’t forget to update your DNS!<\/p>\n\n\n\n
    Create a virtual host configuration like so: \/etc\/apache2\/sites-available\/debmirror<\/a><\/p>\n\n\n\n
    <VirtualHost *:80>\n        ServerName debmirror.example.com\n        ServerAdmin webmaster@localhost\n\n        DocumentRoot \/srv\/mirror\n        <Directory \/>\n                Options FollowSymLinks\n                AllowOverride None\n        <\/Directory>\n        <Directory \/srv\/mirror>\n                Options Indexes FollowSymLinks MultiViews\n                AllowOverride All\n                Order allow,deny\n                allow from all\n        <\/Directory>\n\n        ErrorLog \/var\/log\/apache2\/debmirror.example.com-error.log\n\n        # Possible values include: debug, info, notice, warn, error, crit,\n        # alert, emerg.\n        LogLevel warn\n\n        CustomLog \/var\/log\/apache2\/debmirror.example.com-access.log combined\n        ServerSignature On\n\n<\/VirtualHost><\/pre>\n\n\n\n
    To tune your landing page on debmirror.example.com, you can pimp your directory index<\/a>.<\/p>\n\n\n\n
    And finally enable the shiny new site:<\/p>\n\n\n\n
    a2ensite debmirror\n\/etc\/init.d\/apache force-reload<\/pre>\n\n\n\n
    4. Cronjob monitoring<\/h2>\n\n\n\n
    The least you can do is to make sure you recieve any output your cronjob generates by mail.<\/p>\n\n\n\n
    So check whether your \/etc\/aliases<\/code> is setup properly to redirect any mail to your mirror<\/code> user to your preferred mailaccount: aliases<\/a><\/p>\n\n\n\n
    # \/etc\/aliases\nroot: localuser, you@example.com\n[...]\nmirror: you@example.com\n[...]<\/pre>\n\n\n\n
    Run newaliases<\/code> and verify you receive mail sent to the mirror user. If you are not directly connected to the internet and sitting behind a NAT router, you will have to tune your mailserver configuration.<\/p>\n\n\n\n
    5. Configure your clients<\/h2>\n\n\n\n
    Now we are done on the server side. It is time to actually use the local mirror. All we have to do is to enable the mirror in \/etc\/apt\/sources.list<\/code> – just replace the existing upstream resource with something like that: sources.list<\/a><\/p>\n\n\n\n
    [...]\n\n# Jessie:\ndeb http:\/\/debmirror.example.com\/debian\/ jessie main contrib non-free\n\n[...]<\/pre>\n\n\n\n
    Now you can happily apt-get update<\/code> and with your next apt-get install whatever<\/code> the selected package(s) will be retrieved from your local mirror.<\/p>\n","protected":false},"excerpt":{"rendered":"
    We will walk through these steps to get the local Debian mirror up and running: make sure you have enough space on your harddrive install debmirror, configure a cronjob to sync data make your mirror available to your clients (via apache or nfs) keep an eye on your cronjob – from time to time your script may have trouble to sync configure sources.list to use your local mirror<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[29],"class_list":["post-278","post","type-post","status-publish","format-standard","hentry","category-linux","tag-debian"],"_links":{"self":[{"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/posts\/278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/comments?post=278"}],"version-history":[{"count":3,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/posts\/278\/revisions"}],"predecessor-version":[{"id":288,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/posts\/278\/revisions\/288"}],"wp:attachment":[{"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/media?parent=278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/categories?post=278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tobanet.de\/s\/wp-json\/wp\/v2\/tags?post=278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}