/ Markus Amersdorfer:home / university / about:me /
\ Say NO to Software-Patents! \

WARNING:
This page has been moved here, please update your links!

How to set up a mirror for Debian Woody/Security

If you have a network full of Debian machines and are steadily installing new ones, it is great to have Debian "in house". This is what I wanted, so I set up my own in-house Debian mirror...
The work is based on already available script. Please read this information...
The local disk-space needed for a full Woody/i386 and a security.debian.org mirror is about 5 GB.
And remember: it's fine to set up a private mirror for security.debian.org, but keep it private! Do not advertise the mirrored security-branch.

1. I added a special user "mirrorer" in order not to run stuff as root as for example sync had a security-bug a few months ago...

2. /etc/crontab add-ons: 

  # Debian-Mirror
  0 3 * * *        mirrorer  /home/mirrorer/anonftpsync_security.debian.org
  0 5 8,15,22 * *  mirrorer  /home/mirrorer/absurd_debmirror_cron-1
  0 5 8,15,22 * *  mirrorer  /home/mirrorer/absurd_debmirror_cron-2
  0 5 1 * *        mirrorer  /home/mirrorer/absurd_debmirror_cron-1 --cleanup-full
  0 5 1 * *        mirrorer  /home/mirrorer/absurd_debmirror_cron-2 --cleanup-full

3. anonftpsync_security.debian.org:
I use this script to sync the security-archive: Most importantly I changed TO=, RSYNC_HOST= and EXCLUDE=.

4. absurd_debmirror_cron-1 and absurd_debmirror_cron-2:
The two cron-scripts call the actual absurd_debmirror-script, once a month with the parameter "--cleanup-full". The server and the branches to be mirrored are set in these cron-scripts. cron-1 sync's "debian", cron-2 sync's "debian-non-US".

5. absurd_debmirror:
absurd_debmirror is the script used for syncing the standard Debian Woody archive.

6. Apache:
I added the following content to /etc/apache/httpd.conf in order to have the Debian mirror being accessible from inside our subnet only: 

  [...]
  <Directory /debian-mirror>
   Order Deny,Allow
   deny from all
   Allow from 193.170.141.0/24
  </Directory>
  [...]
  <VirtualHost debian.subnet.at>
    DocumentRoot /debian-mirror
    ServerName debian.subnet.at
    ErrorLog /var/log/apache/debian.subnet.at-error.log
    TransferLog /var/log/apache/debian.subnet.at-access.log
  </VirtualHost>

7. /etc/apt/sources.list:

  deb http://debian.subnet.at/debian woody main contrib non-free
  deb http://debian.subnet.at/debian-non-US woody/non-US main contrib non-free
  deb http://debian.subnet.at/debian-security woody/updates main contrib non-free
back to index
Valid HTML 4.01! Valid CSS! Created with Vim [Blue Ribbon Campaign icon]
© Markus Amersdorfer (markus<dott>amersdorfer<att>subnet<dott>at)
last modified: 2010-02-23 15:42:22
665 hits