Ubuntu: add sign of packages in own repository

This article is extension of http://ag-up.com/ubuntu-create-own-repository/

1. Generate own key
gpg --gen-key
Choose generate sign-only key
enter your Name and Email

2. gpg --armor --export foo@bar.com --output > /opt/repository/ubuntu/public.key where foo@bar.com is Email which you use for generating the key.
3. apt-get install dpkg-sig
dpkg-sig --sign builder /tmp/nginx-ng_1.8.x-1_amd64.deb — sign deb package, use password which you input in the 1st step

4. In the previous article we used command reprepro -C main includedeb precise /tmp/nginx-ng_1.8.x-1_amd64.deb for adding new package in repository,
we have to modify that command to reprepro --ask-passphrase -V -C main includedeb precise /tmp/nginx-at_1.8.x-1_amd64.deb — it'll ask you for key password

5. add to /opt/repository/ubuntu/conf/distributions new option SignWith: yes

On the client side import public key which we exported in step 2:
curl http://packages.localdomain/public.key | apt-key add —
apt-get update

Ubuntu: Create own repository

mkdir -p /opt/repository/ubuntu/
mkdir -p /opt/repository/ubuntu/{conf,dists,incoming,indices,logs,pool,project,tmp}
cd /opt/repository/ubuntu/
vim conf/distributions

1
2
3
4
5
6
7
Origin: packages.localdomain                                                                                                                                      
Label: My Own Repository                                                                                                                                          
Codename: precise                                                                                                                                            
Architectures: amd64                                                                                                                                          
Components: main
Description: Allods Team repository
Version: 12.04

Codename should contain name of OS branch.

First initializing of repository:
Continue reading Ubuntu: Create own repository

Ubuntu: Create own deb package

I'll show you how to create own deb package using modified nginx
1) we download nginx sources
2) we download some external nginx modules
3) we run

1
2
3
4
5
6
7
./configure --with-cc-opt="-static -static-libgcc" --with-ld-opt="-Bstatic" --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid \
    --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx \
    --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' \
    --add-module=./modules/naxsi/naxsi_src \
    --add-module=./modules/nginx-goodies-nginx-sticky-module-ng-bd312d586752 \
    --add-module=./modules/headers-more-nginx-module-0.25

4) make
after make we have out/nginx file so we could create own package using it

$ mkdir -p /opt/nginx/deb/nginx-ng
$ cd /opt/nginx/deb/nginx-ng
$ ls -1

1
2
3
4
DEBIAN
etc
usr
var

I downloaded original nginx deb and unpack it, after that I took DEBIAN, usr, var and etc folders from it
Continue reading Ubuntu: Create own deb package

Mongo: select data

1
2
> db.communities.find({name: "CZ CHAT"}, {"name":1, "_id":0, "communityId":1}).sort({"communityId":1}).pretty().limit(5)
{ "communityId" : NumberLong("468374361246531951"), "name" : "CZ CHAT" }

in sql it looks like:

1
select name, "communityId" from communities where name like 'CZ CHAT' order by "communityId" limit 5;

pretty () — just a formatted output.

Mongo: export data

1
mongoexport -h localhost -d portal -c communities --csv --fields name -q '{"communityId": { "$gte": 216172782113783808 } }' --out /tmp/guild_member.csv

— h host
— d database
— c collection (aka table)
— csv — format of export
— fields — comma separated list of fields
— q — query (aka select)
— out — out file

HAProxy: tcp + http on the same port

haparoxy.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
  maxconn 2000

frontend mixed_frontend
    bind :8080
    mode tcp
    option tcplog
    tcp-request inspect-delay 5s
    tcp-request content accept if HTTP
    # here is magic: check for that string "SSH 2.0"
    acl client_attempts_ssh payload(0,7) -m bin 5353482d322e30
    use_backend tcp_backend if client_attempts_ssh
    use_backend tcp_backend if !HTTP
    use_backend http_backend if HTTP
    default_backend tcp_backend

   backend tcp_backend
     mode tcp
     server ssh :22

   backend http_backend
     mode http
     server s1_http 127.0.0.1:80 send-proxy

nginx.conf:

1
2
3
4
5
6
7
8
9
10
server {
  listen 80 default_server proxy_protocol;

  set_real_ip_from 127.0.0.1;
  real_ip_header proxy_protocol;
    location / {
      root /var/www/html;
      index index.html index.htm;
    }
}

ssh 127.0.0.1 -p8080
user@127.0.0.1's password:

curl 127.0.0.1:8080


HELLO WORLD!