initial commit

Dockerfile

@@ -0,0 +1,16 @@
+FROM ubuntu:jammy
+
+RUN apt-get update && \
+    apt-get install -y rsync vim debmirror gpg nginx moreutils cron sudo && \
+    apt-get clean && \
+    find /etc/cron* -type f -delete
+
+ADD retry.sh /usr/local/bin/
+ADD vars.sh /usr/local/bin/
+ADD mirror.sh /usr/local/bin/
+ADD mirror-once.sh /usr/local/bin/
+ADD run-debmirror.sh /usr/local/bin/
+ADD start /start
+ADD crontab /etc/cron.d/crontab
+
+ENTRYPOINT ["/start"]

Jenkinsfile

@@ -0,0 +1,68 @@
+def image_name = "dpedu/debmirror"
+
+pipeline {
+    agent {
+        kubernetes {
+            yaml """
+apiVersion: v1
+kind: Pod
+spec:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:  # avoid nodes already running a jenkins job
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: jenkins
+            operator: In
+            values:
+            - slave
+        topologyKey: node
+  containers:
+  - name: docker
+    image: docker:20-dind
+    args:
+      - "--insecure-registry"
+      - "dockermirror:5000"
+    securityContext:
+      privileged: true
+"""
+        }
+    }
+    stages {
+        stage("Build image") {
+            steps {
+                container("docker") {
+                    script {
+                        try {
+                            docker.withRegistry('http://dockermirror:5000') {
+                                docker.image("ubuntu:jammy").pull()
+                                docker.image(image_name).pull() // Pull a recent version to share base layers with (?)
+                            }
+                        } catch (exc) {
+                            echo "couldn't pull image, assuming we're building it for the first time"
+                        }
+                        docker.build(image_name)
+                    }
+                }
+            }
+        }
+        stage("Push image") {
+            steps {
+                container("docker") {
+                    script {
+                        docker.withRegistry('http://dockermirror:5000') {
+                            docker.image(image_name).push("latest")
+                        }
+                    }
+                }
+            }
+        }
+        stage("Show images") {
+            steps {
+                container("docker") {
+                    sh 'docker images'
+                }
+            }
+        }
+    }
+}

crontab

@@ -0,0 +1,4 @@
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+8 4 * * * aptmirror /bin/bash -c ". /tmp/mirror-vars.sh; /usr/local/bin/mirror.sh"

mirror-once.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eux
+
+. /usr/local/bin/vars.sh
+
+exec sudo --preserve-env -Hu aptmirror mirror.sh

mirror.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -eux
+
+/usr/local/bin/retry.sh /usr/local/bin/run-debmirror.sh 2>&1 | ts | tee -a /data/mirror.log

retry.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# try a command up to 5 times
+# 15 minute sleep between tries
+# exit after the first success
+for i in 1 2 3 4 5; do $@ && break || sleep 900; done

run-debmirror.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+set -eux
+
+if [ "$UID" != "1000" ]; then echo "run this script as uid 1000"; exit 1; fi
+
+BASEDIR=/data
+#
+# Don't touch the user's keyring, have our own instead
+#
+
+export GNUPGHOME=$BASEDIR/keyring
+
+mkdir -p $GNUPGHOME
+#gpg --no-default-keyring --keyring /media/realm/debmirror/keyring/trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+# Arch=         -a      # Architecture. For Ubuntu can be i386, powerpc or amd64.
+# sparc, only starts in dapper, it is only the later models of sparc.
+#
+arch=$MIRROR_ARCH
+# amd64,i386
+
+# Minimum Ubuntu system requires main, restricted
+# Section=      -s      # Section (One of the following - main/restricted/universe/multiverse).
+# You can add extra file with $Section/debian-installer. ex: main/debian-installer,universe/debian-installer,multiverse/debian-installer,restricted/debian-installer
+#
+section=$MIRROR_SECTION
+#main,restricted,universe,multiverse
+
+# Release=      -d      # Release of the system (...Hardy, Intrepid... Lucid, Precise, Quantal, Saucy, Trusty ), and the -updates and -security ( -backports can be added if desired)
+# List of updated releases in: https://wiki.ubuntu.com/Releases
+#
+release=$MIRROR_RELEASE
+
+# Server=       -h      # Server name, minus the protocol and the path at the end
+# CHANGE "*" to equal the mirror you want to create your mirror from. au. in Australia  ca. in Canada.
+# This can be found in your own /etc/apt/sources.list file, assuming you have Ubuntu installed.
+#
+server=$MIRROR_SERVER
+#server=archive.ubuntu.com
+#server=mirror.pnl.gov
+#server=mirrors.digitalocean.com
+
+# Dir=          -r      # Path from the main server, so http://my.web.server/$dir, Server dependant
+#
+inPath=/ubuntu
+
+# Proto=        --method=       # Protocol to use for transfer (http, ftp, hftp, rsync)
+# Choose one - http is most usual the service, and the service must be avaialbe on the server you point at.
+#
+proto=$MIRROR_PROTO
+
+# Outpath=              # Directory to store the mirror in
+# Make this a full path to where you want to mirror the material.
+#
+outPath=$BASEDIR/files
+
+mkdir -p $outPath
+
+# The --nosource option only downloads debs and not deb-src's
+# The --progress option shows files as they are downloaded
+# --source \ in the place of --no-source \ if you want sources also.
+# --nocleanup  Do not clean up the local mirror after mirroring is complete. Use this option to keep older repository
+# Start script
+#
+debmirror \
+    -a $arch \
+    --no-source \
+    -s $section \
+    -h $server \
+    -d $release \
+    -r $inPath \
+    --getcontents \
+    --progress \
+    --method=$proto \
+    $outPath
+
+touch $BASEDIR/complete
+
+date

start

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -eux
+
+. /usr/local/bin/vars.sh
+
+env | grep -e ^MIRROR_ | while read line ; do echo "export $line" | tee -a /tmp/mirror-vars.sh ; done
+
+exec cron -f

vars.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -eux
+
+export MIRROR_UID="${MIRROR_UID:-1000}"
+export MIRROR_GID="${MIRROR_GID:-1000}"
+export MIRROR_ARCH="${MIRROR_ARCH:-amd64}"
+export MIRROR_SECTION="${MIRROR_SECTION:-main,restricted,universe,multiverse}"
+export MIRROR_RELEASE="${MIRROR_RELEASE:-jammy,jammy-security,jammy-updates,jammy-backports}"
+export MIRROR_SERVER="${MIRROR_SERVER:-archive.ubuntu.com}"
+export MIRROR_PROTO="${MIRROR_PROTO:-http}"
+
+groupadd --gid $MIRROR_UID aptmirror
+useradd --no-user-group --gid aptmirror --uid $MIRROR_UID aptmirror
+
+chown aptmirror:aptmirror /data
+chown aptmirror:aptmirror /data/* || true
+
+if [ ! -f /data/keyring/trustedkeys.gpg ]; then
+    install -d -g aptmirror -o aptmirror /data/keyring
+    sudo -Hu aptmirror GNUPGHOME=/data/keyring gpg --no-default-keyring --keyring /data/keyring/trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg
+fi