本文档详细介绍了如何在Ubuntu 22.04.1 LTS环境中配置局域网内部网络源,包括安装Apache2服务器,创建GPG签名,设置本地软件仓库元数据,导出并分发公钥,以及在内网主机上配置使用此源。通过这些步骤,即使在不允许连网的内网环境下,也能便捷地管理和更新软件包。
1 简介
由于很多企业内网环境都是不允许连网,无法使用网上的各种源,在安装软件包时来回拷贝软件包安装也比较麻烦,而且还得解决依赖问题。所以就需要搭建个本地/局域网源,配置需要用一台主机当服务器存放deb软件包,局域网内的其他主机可以通过这台主机下载安装包。
在Ubuntu22版本搭建本局域网源时,APT要求所有软件源都要经过数字签名,以确保软件包的完整性和安全性,为此要为本地源创建GPG签名。
2 系统环境
| 系统版本 |
IP |
用途 |
| Ubuntu 22.04.1 LTS |
192.168.20.125 |
客户端(ub-client) |
| Ubuntu 22.04.1 LTS |
192.168.20.128 |
软件包源服务器(ub-server) |
6.2 服务器端修改主机名并安装web服务
(1)修改主机名称
| root@ubuntn:~# hostnamectl --static set-hostname ub-server |
(2)安装提供http服务的软件包
如果软件仓库要为内网其他ubuntu服务器提供服务,就需要安装能提供网络服务的软件包,这样的软件有很多种,如ftp,nginx、apache等,这里使用apache2软件包来提供网络应用服务,下面进行apache2软件的安装。
| root@ub-server:~# apt install -y apache2 |
在ubuntu 22.04中安装apaches2后,服务将自动启动,查看如下:
6.3 生成GPG密钥
在Ubuntu22版本中搭建网络源时,APT要求所有软件源都要经过数字签名,以确保软件包的完整性和安全性,现在来先安装gnupg软件包,为本地源创建GPG签名。
| root@ub-server:~# apt-get install gnupg rng-tools -y |
安装gnupg是用来生成GPG密钥,安装rng-tools加快gpg密钥的生成速度。
生成GPG密钥
生成密钥需要输入名称,邮箱,以及密码,下面生成密钥,按照提示输入相关信息。
| root@ub-server:~# gpg --full-generate-key gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (14) Existing key from card Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 2048 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: repokey Email address: 601111801@qq.com Comment: You selected this USER-ID: "repokey <601111801@qq.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o +------------------------------------------------------+ | Please enter the passphrase to | | protect your new key | | | | Passphrase: *_______________________________________ | | | | <OK> <Cancel> | +------------------------------------------------------+ +--------------------------------------------------------------------+ | Warning: You have entered an insecure passphrase. | | | | A passphrase should be at least 8 characters long. | | | | <Take this one anyway> <Enter new passphrase> | +--------------------------------------------------------------------+ +------------------------------------------------------+ | Please re-enter this passphrase | | | | Passphrase: *_______________________________________ | | | | <OK> <Cancel> | +------------------------------------------------------+ |
最低0.47元/天 解锁文章
扫一扫
511
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
