tactycal · jjustin · Jul 26, 2017 · Aug 1, 2017 · Aug 1, 2017 · Aug 2, 2017
diff --git a/.travis.yml_example b/.travis.yml_example
@@ -0,0 +1,39 @@
+language: go
+
+go:
+- 1.8.3
+
+env:
+  matrix:
+  - PACKAGE_TYPE=deb
+  - PACKAGE_TYPE=rpm
+
+#install files needed for deployment
+before_install:
+- sudo apt-get -q update
+- sudo apt-get install -y make rpm ruby-dev build-essential
+
+#install fpm used for building packages
+install:
+- gem install fpm --no-document
+
+#test the code
+script:
+- make test
+
+#build the packages
+after_success:
+- make pkg/$PACKAGE_TYPE
+
+deploy:
+  provider: s3
+  access_key_id:
+    secure: <travis encrypted id key>
+  secret_access_key:
+    secure: <travis encrypted access key>
+  bucket: <bucket name>
+  local-dir: ./pkg/$PACKAGE_TYPE
+  upload-dir: $PACKAGE_TYPE
+  acl: public_read
+  skip_cleanup: true
+  region: eu-central-1
diff --git a/Makefile_example b/Makefile_example
@@ -0,0 +1,47 @@
+NAME			:= pkgname
+URL 			:= https://InsertUrl.here
+DESC 			:= "description"
+MAINTAINER 		:= "Maintainer name"
+LICENSE 		:= "License here"
+DEPENDENCIES	:= "" #Add dependencies here and add '-d $(DEPENDENCIES)' to fpm in pkg/% block
+
+PKGDIR          := ./pkg
+VERSION         ?= $(shell cat ./VERSION)
+PACKAGE_TYPE    := deb rpm
+
+PATH_BIN ?= /usr/bin
+
+test: vet ## runs unit tests
+	go test -v ./...
+
+vet: ## examines the go code with `go vet`
+	go vet ./...
+
+$(PKGDIR): $(addprefix $(PKGDIR)/,$(PACKAGE_TYPE)) ## creates artifacts for all distributions
+
+# PACKAGING
+$(PKGDIR)/rpm: TARGET_ARTIFACT=rpm
+$(PKGDIR)/rpm: FPM_DEPENDENCIES=rpm
+$(PKGDIR)/rpm: TARGET_FILE=$(NAME)-$(VERSION)-x86_64.rpm
+$(PKGDIR)/deb: TARGET_ARTIFACT=deb
+$(PKGDIR)/deb: FPM_DEPENDENCIES=apt
+$(PKGDIR)/deb: TARGET_FILE=$(NAME)_$(VERSION)_amd64.deb
+$(PKGDIR)/%: build ## creates the artifact for a specific distribution
+	mkdir -p $(PKGDIR)/$*
+	fpm -s dir -t $(TARGET_ARTIFACT) \
+		--name $(NAME) \
+		--package ./pkg/$*/$(TARGET_FILE) \
+		--category admin \
+		--deb-compression bzip2 \
+		--url $(URL) \
+		--description $(DESC) \
+		--maintainer $(MAINTAINER) \
+		--license $(LICENSE) \
+		--version $(VERSION) \
+		--architecture amd64 \
+				./usr
+
+# BUILD
+build: ## builds the code
+	mkdir -p .$(PATH_BIN)
+	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a -o .$(PATH_BIN)/$(NAME)
diff --git a/README.md b/README.md
@@ -1,2 +1,15 @@
 # lambdaRepos
 POC for managing RPM and DEB repositories using aws' S3 and λ
+
+# Info
+Code for managing `yum`(rpm) repository is located in [rpm folder](https://github.com/tactycal/lambdaRepos/tree/master/rpm)
+
+Code for managing `apt`(deb) repository is located in [deb folder](https://github.com/tactycal/lambdaRepos/tree/master/deb)
+
+Both folders contain more detailed info on setting up S3 bucket and lambda function, that keeps your repo in sync with provided packages
+
+## Combining with TravisCI
+
+It is possible to automate deployment of packages by combining this repository with Travis CI.
+
+Examples of `.travis.yml` and `Makefile` used for autamatic deployment of go project can be found in repository
diff --git a/deb/Makefile b/deb/Makefile
@@ -0,0 +1,10 @@
+ZIPPED			:= s3apt.py gnupg.py debian/*
+
+
+set: requires package
+
+requires:
+	pip install -t . -r requirements.txt
+
+package:
+	zip code.zip $(ZIPPED)
diff --git a/deb/README.md b/deb/README.md
@@ -0,0 +1,84 @@
+
+#  AWS Lambda APT repository manager for S3
+
+Rewrite of [szinck/s3apt](https://github.com/szinck/s3apt) with a few changes and extra features - Release file is being generated and is signed with GPG key provided
+
+## Setting up S3 and Lambda
+
+Clone the repo and get all other required files
+```
+git clone https://github.com/tactycal/lambdaRepos.git
+cd lambdaRepos/deb
+pip install -t . -r requirements.txt
+```
+
+Compress all needed files
+```
+zip code.zip s3apt.py gnupg.py debian/*
+```
+Or just use `make set` instead of `zip` and `pip` command
+
+Presuming you already have GPG key generated export secret key (you can skip this part if you don't want to GPG sign your repository)
+```
+gpg -a --export-secret-key > secret.key
+```
+
+Create new lambda function, set handler to **s3apt.lambda_handler**, runtime to **python 2.7** and triggers to:
+
+ * Object Created(All), suffix 'deb'
+ * Object Removed(All), suffix 'deb'
+ * If you are using certain directory as a repo, set it as prefix
+
+Upload `code.zip` to lambda function
+
+Set the environmental variables
+
+| Key | Value |
+| --- | ---|
+| PUBLIC | True/False |
+| GPG_KEY | File |
+| GPG_PASS | GPG key password |
+| BUCKET_NAME | Bucket Name |
+| CACHE_PREFIX | Directory |
+
+**PUBLIC** Set to `True` for the outputs to be publicly readable
+
+**GPG_KEY** Location of your GPG private key from root of the bucket (e.g. secret/private.key). Not providing this variable will cause lambda to skip GPG singing
+
+**GPG_PASS** Password of private key uploaded to GPG_KEY (Note: environmental variables are/can be encrypted using KMS keys)
+
+**BUCKET_NAME** Name of the bucket. Should be the same as the one selected in triggers and the one you're using for repository
+
+**CACHE_PREFIX** Path to folder for packages cache(e.g. deb/cache)
+
+Make folder in your S3 bucket with the same name as CACHE_PREFIX variable
+
+Upload secret key file to location you specified as GPG_KEY
+
+Upload .deb file to desired folder, lambda function should now keep your repository up to date
+
+## Setting up apt
+
+First time set up
+```
+sudo echo "deb https://s3.$AWS_SERVER.amazonaws.com/$BUCKET_NAME/$PATH_TO_FOLDER_WITH_DEBIAN_FILES /" >> /etc/apt/sources.list
+#an example of link "https://s3.eu-central-1.amazonaws.com/testbucket/repo"
+#add public key to trusted sources - you have to export public key or use key server
+apt-key add <path to key>
+sudo apt update
+sudo apt install <packages>
+```
+
+Upgrading package
+```
+sudo apt update
+sudo apt upgrade
+```
+
+## Notes
+
+.deb, Release and Package files are and should be publicly accessible for previously mentioned method of setting up apt's sources list to work, if you don't want them to be, then change PUBLIC in environment variables to False and refer to szinck's guide [here](http://webscale.plumbing/managing-apt-repos-in-s3-using-lambda)
+
+If somebody tries to inject a malicious deb file in your repo it will be automaticly added to repository. It is your job to make bucket secure enough for this not to happen.!!!
+
+**You should change lambda timeout to 10 seconds or more to make sure that function will work**
diff --git a/deb/requirements.txt b/deb/requirements.txt
@@ -0,0 +1,9 @@
+boto3==1.3.1
+botocore==1.4.41
+docutils==0.12
+futures==3.0.5
+jmespath==0.9.0
+python-dateutil==2.5.3
+python-debian==0.1.28
+six==1.10.0
+python-gnupg==0.4.1