Pacman repository manager with REST for management https://maze.io/packages/
maze 5fa9ce1999 Also builds on armv6h and i686 8 months ago
static Adapt to smaller screen sizes 8 months ago
testdata Added -rm which will remove obsolete package files 8 months ago
.gitignore Initial commit 8 months ago
LICENSE Initial commit 8 months ago
Makefile Bugfix 8 months ago
PKGBUILD Also builds on armv6h and i686 8 months ago
README.md Added demo 8 months ago
acl.go Split out middlewares 8 months ago
bindata.go Adapt to smaller screen sizes 8 months ago
command.go Use pacman style coloring 8 months ago
command_delete.go Use pacman style coloring 8 months ago
command_serve.go Added -rm which will remove obsolete package files 8 months ago
command_upload.go Use pacman style coloring 8 months ago
main.go Split into subcommands so we can also be client 8 months ago
package.go Remove debug prints 8 months ago
pacman.go Fix arch detection to map to Arch Linux arch names 8 months ago
pacman_test.go Split into subcommands so we can also be client 8 months ago
pgp.go Pacman uses old format packets, always 8 months ago
repository.go Added -rm which will remove obsolete package files 8 months ago
server.go Make sure there is sufficient channel space 8 months ago
tty.gif Added demo 8 months ago
util.go Report upload rate 8 months ago
util_bsd.go Use pacman style coloring 8 months ago
util_linux.go Use pacman style coloring 8 months ago
util_windows.go Use pacman style coloring 8 months ago

README.md

pkgrepo

Pacman repository manager with REST for management.

About pkgrepo

pkgrepo creates a pacman compatible repository from any directory, automatically signing package files (without signatures) if enabled. If the configured keyring is unavailable, a new keyring will be created with a 2048-bit RSA private key.

Running

You can configure pkgrepo using either command line arguments, or with environment variables (or mixed).

Demo

tty recording of pkgrepo in action

Command line arguments

Usage of pkgrepo:
  -access-log string
    	Server access log (empty for standard output)
  -addr string
    	Server address (default ":8042")
  -keyring string
    	Secret keyring file
  -name string
    	Repository name
  -passphrase string
    	Secret keyring passphrase
  -real-ip-header string
    	HTTP header that sets the real IP (if behind proxy) (default "X-Forwarded-For")
  -real-protocol-header string
    	HTTP header that sets the real protocol (if behind proxy) (default "X-Forwarded-Protocol")
  -root string
    	Repository root (default "/home/wijnand/go/src/git.maze.io/maze/pkgrepo")
  -secret string
    	API secret
  -trusted string
    	Trusted networks (comma separated CIDR) (default "127.0.0.0/8,::1/128")
  -version
    	Show version and exit
  -workers int
    	Repository worker count (default 8)

Environment variables

PKGREPO_NAME                Repository name
PKGREPO_ROOT                Repository root path
PKGREPO_WORKERS             Repository workers
PKGREPO_KEYRING             Secret keyring file
PKGREPO_KEYRING_PASSPHRASE  Secret keyring passphrase
PKGREPO_SECRET              Server API key
PKGREPO_ADDR                Server listen address
PKGREPO_ACCESS_LOG          Server access log
PKGREPO_REAL_IP             Server HTTP header for the real IP
PKGINFO_REAL_PROTOCOL       Server HTTP header for the real protocol
PKGREPO_TRUSTED             Trusted networks

API

There is a simple REST API available to add/remove packages.

Adding a package

Method:

HTTP PUT /

Status code:

204 Upload was OK
305 Upload was a duplicate or a newer version of the package exists
400 Bad package metadata
500 Server error

Example:

$ curl -XPUT -H "X-Pkgrepo-Key: secret" \
  --upload-file my-pkg-1.2-3.any.pkg.tar.xz \
  http://example.org/

Removing a package

Method:

HTTP DELETE /<package>

Status code:

204 Delete was OK
400 Bad package name
404 Package not found
500 Server error

Example:

$ curl -XDELETE -H "X-Pkgrepo-Key: secret" \
  http://example.org/my-pkg-1.2-3.any.tar.xz

Example deployment

Systemd

An example systemd configuration may look like:

$ cat << EOF | sudo tee /lib/systemd/system/pkgrepo.service
[Unit]
Description=pkgrepo
After=network.target

[Service]
User=pkgrepo
Group=pkgrepo
ExecStart=/usr/local/bin/pkgrepo -root /var/www/packages -keyring /etc/pkgrepo/secring.gpg
Environment=PKGREPO_PGP_PASSPHRASE=changeme
Environment=PKGREPO_SECRET=changeme
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target
EOF
$ sudo systemctl enable pkgrepo.service
$ sudo systemctl start pkgrepo.service

Using your GnuPG keyring

Grab the keyring from $HOME/.gnupg/secring.gpg.

Nginx as frontend

An example configration may look like:

upstream pkgrepo {
  server 127.0.0.1:8042;
}

server {
  server_name packages.example.org;
  root /var/www/packages;

  location / {
    proxy_set_header Host $host;
    proxy_pass http://pkgrepo;
  }

  location ~ ^/(.+) {
    try_files $uri @pkgrepo;
  }

  location @pkgrepo {
    proxy_set_header Host $host;
    proxy_pass http://pkgrepo;
  }
}