provision and use a apt (aka debian) repository

.gitignore

@@ -1,5 +1,12 @@
-.vagrant/
-.idea/
-provision/provision-nexus/sources/
+.vagrant/
+.idea/
+provision/provision-nexus/sources/
 shared/
 binaries/
+/hello-world-debian-package/hello-world/debian/.debhelper/
+/hello-world-debian-package/hello-world_*
+/hello-world-debian-package/hello-world-*
+/hello-world-debian-package/hello-world/debian/hello-world*
+/hello-world-debian-package/hello-world/debian/debhelper-build-stamp
+/hello-world-debian-package/hello-world/debian/files
+/hello-world-debian-package/hello-world/hello-world

Vagrantfile

@@ -11,6 +11,7 @@ Vagrant.configure(2) do |config|
     lv.cpus = 4
     lv.cpu_mode = 'host-passthrough'
     lv.keymap = 'pt'
+    lv.random :model => 'random'
   end
 
   config.vm.provider :virtualbox do |vb|
@@ -31,6 +32,7 @@ Vagrant.configure(2) do |config|
     config.vm.provision :shell, path: 'provision/provision-nexus.sh'
     config.vm.provision :shell, path: 'provision/use-docker-repository.sh'
     config.vm.provision :shell, path: 'provision/use-raw-repository.sh'
+    config.vm.provision :shell, path: 'provision/use-apt-repository.sh'
     config.vm.provision :shell, path: 'provision/use-maven-repository-from-mvn.sh'
     config.vm.provision :shell, path: 'provision/use-maven-repository-from-gradle.sh'
     config.vm.provision :shell, path: 'provision/use-nuget-repository.sh'

hello-world-debian-package/hello-world/Makefile

@@ -0,0 +1,19 @@
+prefix = /usr
+
+all: hello-world
+
+hello-world: main.c
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDCFLAGS) -o $@ $^
+
+install: hello-world
+	install -D hello-world $(DESTDIR)$(prefix)/bin/hello-world
+
+clean:
+	rm -f hello-world
+
+distclean: clean
+
+uninstall:
+	rm -f $(DESTDIR)$(prefix)/bin/hello-world
+
+.PHONY: all install clean distclean uninstall

hello-world-debian-package/hello-world/debian/changelog

@@ -0,0 +1,5 @@
+hello-world (1.0.0) bionic; urgency=low
+
+  * Hello World.
+
+ -- Alice Doe <alice.doe@example.com>  Sat, 9 May 2020 08:09:10 +0100

hello-world-debian-package/hello-world/debian/compat

@@ -0,0 +1 @@
+10

hello-world-debian-package/hello-world/debian/control

@@ -0,0 +1,17 @@
+Source: hello-world
+Section: misc
+Priority: optional
+Maintainer: "Alice Doe" <alice.doe@example.com>
+Build-Depends: debhelper (>=11~)
+Standards-Version: 4.1.4
+Homepage: https://example.com
+
+Package: hello-world
+Architecture: any
+Multi-Arch: foreign
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: classic hello world
+ The classic hello world application.
+ .
+ It serves as an example package that is used
+ to test the nexus apt-hosted repository.

hello-world-debian-package/hello-world/debian/copyright

@@ -0,0 +1,24 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2020 Alice Doe
+License: MIT
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in all
+ copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.

hello-world-debian-package/hello-world/debian/rules

@@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+export DH_VERBOSE=1
+
+%:
+	dh $@

hello-world-debian-package/hello-world/debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

hello-world-debian-package/hello-world/main.c

@@ -0,0 +1,6 @@
+#include <stdio.h>
+
+int main() {
+    printf("Hello, world!\n");
+    return 0;
+}

provision/provision-base.sh

@@ -27,6 +27,22 @@ update-grub2
 # update the package cache.
 apt-get -y update
 
+# install a EGD (Entropy Gathering Daemon).
+# NB the host should have an EGD and expose/virtualize it to the guest.
+#    on libvirt there's virtio-rng which will read from the host /dev/random device
+#    so your host should have a TRNG (True RaNdom Generator) with rng-tools
+#    reading from it and feeding it into /dev/random or have the haveged
+#    daemon running.
+# see https://wiki.qemu.org/Features/VirtIORNG
+# see https://wiki.archlinux.org/index.php/Rng-tools
+# see https://www.kernel.org/doc/Documentation/hw_random.txt
+# see https://hackaday.com/2017/11/02/what-is-entropy-and-how-do-i-get-more-of-it/
+# see cat /sys/devices/virtual/misc/hw_random/rng_current
+# see cat /proc/sys/kernel/random/entropy_avail
+# see rngtest -c 1000 </dev/hwrng
+# see rngtest -c 1000 </dev/random
+# see rngtest -c 1000 </dev/urandom
+apt-get install -y rng-tools
 
 # vim.
 apt-get install -y --no-install-recommends vim

provision/provision-nexus.sh

@@ -109,9 +109,54 @@ bash -c "while [[ \"\$(wget -qO- https://$nexus_domain/service/extdirect/poll/ra
 wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq --raw-output .data.data.uiSettings.value.title
 wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq .data.data.status.value
 
+
+# generate a gpg key for the apt-hosted repository.
+# see https://www.gnupg.org/documentation//manuals/gnupg/Unattended-GPG-key-generation.html
+# see https://help.sonatype.com/repomanager3/formats/apt-repositories
+# see https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
+export GNUPGHOME="$(mktemp -d)"
+cat >"$GNUPGHOME/apt-hosted-gpg-batch" <<EOF
+%echo Generating apt-hosted key...
+Key-Type: RSA
+Key-Length: 4096
+Key-Usage: sign
+#Subkey-Type: RSA
+#Subkey-Length: 4096
+#Subkey-Usage: sign
+Name-Real: apt-hosted
+Name-Email: apt-hosted@$nexus_domain
+Name-Comment: nexus apt-hosted
+Expire-Date: 0
+Passphrase: abracadabra
+%commit
+%echo done
+EOF
+cat >"$GNUPGHOME/gpg-agent.conf" <<EOF
+allow-loopback-pinentry
+EOF
+gpgconf --kill gpg-agent
+gpg --batch --generate-key "$GNUPGHOME/apt-hosted-gpg-batch"
+gpg \
+    --export \
+    --armor \
+    "apt-hosted@$nexus_domain" \
+    >/vagrant/shared/apt-hosted-public.key
+gpg \
+    --export-secret-key \
+    --armor \
+    --pinentry-mode loopback \
+    --passphrase abracadabra \
+    "apt-hosted@$nexus_domain" \
+    >/vagrant/shared/apt-hosted-private.key
+gpgconf --kill gpg-agent
+rm -rf "$GNUPGHOME"
+unset GNUPGHOME
+
+
 # configure nexus with the groovy script.
 bash /vagrant/provision/execute-provision.groovy-script.sh
 
+
 # configure nexus ldap with a groovy script.
 if [ "$config_authentication" = 'ldap' ]; then
     bash /vagrant/provision/execute-provision-ldap.groovy-script.sh

provision/provision-nexus/src/main/groovy/provision.groovy

@@ -33,6 +33,12 @@ capabilityRegistry.all.findAll {it.context().type().toString().startsWith("Outre
 repository.createRawHosted("adhoc-package", "default", false, WritePolicy.ALLOW_ONCE)
 
 
+// create a apt repository backed by the default blob store.
+// see https://help.sonatype.com/repomanager3/formats/apt-repositories
+pgpPrivateKey = new File('/vagrant/shared/apt-hosted-private.key').getText('UTF-8')
+repository.createAptHosted("apt-hosted", "bionic", pgpPrivateKey, "abracadabra", "default", WritePolicy.ALLOW_ONCE, true)
+
+
 // create a npm repository backed by the default blob store.
 repository.createNpmHosted("npm-hosted", "default", true, WritePolicy.ALLOW_ONCE)
 // create a npm proxy repository backed by the default blob store.

provision/use-apt-repository.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+set -eux
+
+nexus_domain=$(hostname --fqdn)
+
+cd /vagrant/hello-world-debian-package
+
+#
+# test the apt repository.
+
+# create the hello-world package.
+# see https://www.debian.org/doc/manuals/debmake-doc/ch04.en.html
+# see https://www.debian.org/doc/debian-policy/ch-source.html
+# see apt-get source dash
+apt-get install -y devscripts debmake debhelper dpkg-dev
+pushd hello-world
+debuild -i -us -uc -b
+popd
+
+# upload.
+# see https://help.sonatype.com/repomanager3/formats/apt-repositories
+apt-get install -y curl
+curl \
+    --user 'alice.doe:password' \
+    --header 'Content-Type: multipart/form-data' \
+    --data-binary @hello-world_1.0.0_amd64.deb \
+    https://$nexus_domain/repository/apt-hosted/
+
+# trust the apt-hosted key.
+apt-key add /vagrant/shared/apt-hosted-public.key
+
+# install the hello-world package.
+echo "deb [arch=amd64] https://$nexus_domain/repository/apt-hosted bionic main" >/etc/apt/sources.list.d/nexus-apt-hosted.list
+apt-get update
+apt-get install -y hello-world
+apt-cache show hello-world
+apt-cache policy hello-world
+hello-world