Table of Contents
List of Examples
Table of Contents
The Advanced Package Tool (APT) has been available for some time now. Debian based Linux distributions used it for several years, but the RedHat Package Manager (rpm) based version is still mostly unknown. It was done by Conectiva S.A., a Brasilian linux distributor. Though developed for their own distribution it works with minor/no modifications with most other distributions (currently tested with SuSE and RedHat).
To be able to use apt, an apt repository is needed. Conectiva users are lucky in this respect as Conectiva provides a public apt repository which can be reached via the internet. Users of other rpm based distributions are less lucky, as they need to provide an apt repository themselves. Here is were apt4rpm jumps in. The apt4rpm package creates an apt repository of an ordinary rpm repository. With other words the apt client software is provided by the apt-rpm project of Conectiva, the server side software is being streamlined by the apt4rpm package. The main application in the latter is aptate which is a contamination of the words apt and update.
A list of public apt repositories can be found at the apt4rpm website.
Make sure you have the rpm packages apt, and it's dependend packages (perl-)XML-LibXML, (perl-)XML-LibXML-Common, (perl-)XML-NamespaceSupport, (perl-)XML-SAX. Depending on the package distributor you may need apt-server. If you do not have these packages you can download them from the download page of the apt4rpm website or just create them by using the .spec files (see the comments at the top of the .spec files for more information).
rpmbuild -ba apt.spec
rpm -Uvh apt apt-libs apt-server apt4rpm
(short form here - use the created filenames with version number). Repeat the same command sequence for the XML perl modules, if needed.
Change the configuration file aptate.conf to your needs. It can be stored in the directories: /etc/apt/ or $HOME/.aptate/.
Aptate.conf, or any other name in which case the argument --config-file must be used, holds the configuration information needed to run aptate. The configuration file is xml formatted and it follows the rules layed down in file aptate.dtd. The information ranges from defining the top directory up to describing a linux distribution.
The configuration file defines a list of sources where RPM packages can be found. Currently only local directories and FTP servers can be used. Two example configuration files, Example 1 and Example 2 are included in this manual,
If you configured everything to your needs you can start creating the needed databases by running aptate. Quite some effort have been spend to add error messages - so you should get hints if something goes wrong. Aptate will also create example configuration files for the client machine (sources.list and vendors.list) that need to be copied to the clients config directory /etc/apt/. Example 3 shows a sources.list file and an example of the vendors.list file is shown in Example 4.
The Client requires the package apt and depending on the distributor apt-libs as well.
Get the configuration files (sources.list and eventually vendors.list) and install them in /etc/apt. If you want to use authentication with apt - make sure you have all needed GPG/PGP keys installed on the server/client.
To check if your setup is correct, try: apt-get update
This will copy the databases to your local harddisk (if everything is ok) or complain (mainly if sources.list is not correct).
You should check your currently installed packages status with: apt-get check
This will make sure that you have no unresolved dependencies between installed packages. If it complains, that this is not the case try: apt-get -f install
which will install all packages, that are needed by already installed packages.
If all this went ok, try: apt-get -s upgrade
to see if there are any new packages available. The -s argument tells apt-get to simulate the command (nothing will be installed).
There is a second mode for upgrade called dist-upgrade In contrast to upgrade this will also install newer packages that require the removal or installation of extra packages.
There is much to tell about apt, how it can be used and how apt can be tuned according your desires. However, this is beyond the scope of this manual. At the apt4rpm website a link called related matrial can be found. The page behind that link holds many references to apt howto's, manuals, etc. This page is worth to be visited, especially when you're having questions, are stuck and the like! Or start reading the apt man pages (man apt-get or apropos apt).
Just a very few words about public key cryptography (for indepth information you should read the GPG-HOWTO).
Public key crypto systems are based on a key pair consisting of a secret and a public key. The secret key can be used by its owner to sign or encrypt files, while the public key can be used to prove the origin of files.
This section is a short introduction in the GnuPG features you might need with apt4rpm.
This is especially true if you use the signed-pkgs-only which means only signed packages are used for updates. You need to have the corresponding public key on your key ring to validate those packages.
Most distributions have the vendor key attached by default to root's key ring. However aptate supports all operations to be done by a non-root user (for security reasons), and this one is likely to start with an empty key ring (which might cause all packages to be marked "insecure" and to be dropped).
If you get this behaviour, make sure to check your key ring!
A signed repository is required if your apt repository is being mirrored and you want to prevent that others are sneaking in faulty packages.
Create a key: gpg --gen-key
You are asked a lot of questions - if unsure simply press return. If you get some messages about "missing entropy" and the program seems to hang - simply do something on your system -> gpg is still alive! But it may take some time.
After you finished you can check for your new key by typing: gpg --list-keys
If you want to use encrypted repositories you need to export the corresponding key to your client machines. To do so type (replace EMAIL with the e-mail address you entered when creating your key pair): gpg --armour --export EMAIL > /tmp/public.key
Before creating the repository databases by calling aptate, make sure to change the following values in your aptate.conf file: (MYKEY is shorthand for the key)
<security> <hashfile_signature>yes</hashfile_signature> <gpg_key> <name>MYKEY</name> <email>EMAIL</email> </gpg_key> </security>
Or use the corresponding arguments options, which are respectively: --gpg-key and --gpg-key-email.
To sign RPM packages you need to tell rpm what key to use. This can be done by entries in your $HOME/.rpmmacros file. Replace EMAIL in the following example with your GPG key pair e-mail adress.
%_signature gpg %_gpg_name EMAIL
After you did this you can use rpm --addsign *.rpm to add your signature to existing RPM files. If you build new ones make sure to add option --sign.
A short word about the configuration file of aptate, as the details of the config file are explained in a seperate manual that can be found here.... The configuration file is xml formatted. Nothing to worry about as xml formatted files can still be editted with good old editors like vi, emacs, jed, etc. However, it's strongly recommended to edit the config file with xemacs in psgml mode. Xemacs in this mode will be a great help for you to navigate you through the dire straits of the defining the configuration file. Xemacs will be like a GUI, showing you the the values that are available and it will show you the default values. To get Xemacs in psgml mode you need the pgsml module for xemacs and the configuration file should have the suffix ".xml". Other modern xml editors are kxmleditor and mlview.
Some usage examples:
aptate --update-rpms --config my-apt4rpm.xml
In case you updated your local repository (after copying rpms from CD e.g.), the following command will update your apt repository, but will not download/mirror rpm packages
The configuration file can be checked on correctness by calling aptate with the --check.
aptate --check --config-file /usr/tmp/apt4rpm.xml
If you're interested in ways to keep your system or systems up to date automatically have a look at the scripts in the client directory.
When you encounter a problem with apt, determine whether the problem is in the client - or in the server software. In case the problem is in the server software (aptate) you may find assistance at the apt4rpm mailinglists: <firstname.lastname@example.org> or <email@example.com>. If the problem is in the client software (apt-get/apt-cache) you may find support at the apt-rpm mailinglist: <firstname.lastname@example.org>.
We hope that you enjoy using apt and are looking forward to your contributions. Being patches or promoting the use of apt with your fellow linux users and towards your distributor!
Example 1. Minimal aptate configuration file
<?xml version='1.0' encoding="iso-8859-1"?> <!DOCTYPE opt SYSTEM "file:///usr/share/apt4rpm/aptate.dtd"> <opt> <!-- all files are relative to this path --> <topdir>/dist/</topdir> <!-- structure 3 uses the language tag --> <distribution id="redhat80" structure="3"> <name>redhat</name> <version>8.0</version> <architecture>i586</architecture> <language>en</language> <component> <name>base</name> <!-- imagine the full path to be /dist/rh80 in combination with a topdir = /dist the url becomes --> <url>../rh80</url> </component> </distribution> </opt>
Example 2. A possible aptate configuration file
<?xml version='1.0' encoding="iso-8859-1"?> <!DOCTYPE opt SYSTEM "file:///usr/share/apt4rpm/aptate.dtd"> <!-- This is an example aptate configuration file. It shows most of aptate's elements and element attributes. A nice way to create this file is by using xemacs in pgsml mode. Xemacs in this mode will be of great help, as it gives you a gui to make this configuration file. Make sure though that the filename ends at ".xml"! All possibilities are described in the manual, that can be found at: file:///usr/share/doc/packages/apt4rpm/dtd-manual/dtd-manual.book.home.html --> <opt security-component="yes" update-rpms='yes' > <!-- all files are relative to this path --> <topdir>/dist/okna2002</topdir> <!-- Information used to sign the apt repository --> <authorization> <name>joe</name> <email>email@example.com</email> </authorization> <!-- It's not required to specify the protocol --> <sources-list-file>/dist/okna2002/apt</sources-list-file> <sources-list-ftp>/gw/suse/suse-8.1/apt/</sources-list-ftp> <sources-list-http>http://www.okna.rm/apt</sources-list-http> <distribution id="man90"> <name>Mandrake</name> <version>9.0</version> <architecture>i386</architecture> <component> <name>extra</name> <url method='file'>mandrex</url> </component> </distribution> <distribution id='suse73'> <name>SuSE</name> <version>7.3</version> <architecture>i386</architecture> <component> <name>extra</name> <url method='file'>extra</url> <accept>i386</accept> <reject>src</reject> </component> <component update-rpms="yes"> <name>kde</name> <url method='ftp'>ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/</url> <!-- remove the hostname and directories: pub/.....supplementary/ --> <wget cutdirs='7'> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/applications</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/development</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/experimental</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/internationalization</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/supplementary/KDE/update_for_7.3/source</excludedir> </wget> </component> <!-- The rpms won't be updated from this server as the attribute update-rpms is missing. This server can be used as back up server for the before mentioned kde download server (ftp.gwdg.de). --> <component> <name>kde</name> <url method='ftp'>ftp.suse.com/pub/suse/i386/supplementary/KDE/update_for_7.3/base</url> <!-- remove the hostname and directories pub/suse/i386/supplementary --> <wget continue="no" cutdirs='4' /> </component> <component update-rpms="yes"> <name>update</name> <url method='ftp'>ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/7.3</url> <wget cutdirs='7'> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/beo1</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/doc2</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/emu1</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/k2de1</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/k2de2</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/k2de3</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/k2de9</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/kernel/2.2.19-20011026</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/kernel/2.4.10-20011026</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/kernel/2.4.16-20011220</excludedir> <excludedir>pub/linux/suse/ftp.suse.com/suse/i386/update/7.3/zq1</excludedir> </wget> </component> <component update-rpms="yes" list-most-recent="yes"> <name>ximian</name> <url method='ftp'>ftp.ximian.com/pub/ximian-gnome/suse-73-i386</url> <wget cutdirs='1'> <excludedir>pub/ximian-gnome/suse-73-i386/source</excludedir> <add-arg>--proxy=off --reject *-devel-*</add-arg> </wget> </component> <component update-rpms="yes"> <name>mozilla</name> <url method='file'>/dist/okna2002/download</url> <!-- Make sure that the script stores the downloaded rpms in the location that is specified in the url. The script can be any arbitrary script, taking $topdir as 1st argument and $urldir as 2nd argument (handed over to the script by aptate). It can be wrapper around wget, rsync, etc. --> <script>/usr/bin/local/mirrorit</script> </component> <component update-rpms="yes"> <name>opera</name> <url method='ftp'>sunsite.cnlab-switch.ch/mirror/opera/linux/600/</url> <wget cutdirs='1'> <add-arg>--proxy=off --reject *.deb --reject *.bz2 --reject *.gz --reject *shared*</add-arg> <excludedir>mirror/opera/linux/600/tp3</excludedir> </wget> </component> <component update-rpms="yes"> <name>nvidia</name> <url method='ftp'>ftp://188.8.131.52/XFree86_40</url> <wget> <excludedir>XFree86_40/0.9-*</excludedir> <excludedir>XFree86_40/1.0-1*</excludedir> <excludedir>XFree86_40/1.0-2313</excludedir> <excludedir>XFree86_40/nforce</excludedir> <add-arg>--accept *suse73*</add-arg> </wget> </component> </distribution> </opt>
Example 3. sources.list
# created by aptate rpm [MR] file:/dist/apt okna/wow-i586 localrpms rpm [MR] ftp://ftp.gwdg.de/pub/apt okna/wow-i586 extra kde update x base kde3 security rpm-src [MR] ftp://ftp.gwdg.de/pub/apt okna/wow-i586 extra kde update x base kde3 security
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You may obtain a copy of the GNU General Public License from the Free Software Foundation by visiting their web site or by writing to
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston, MA 02111-1307