Home 零对冲(ZeroHedge)每日HackerNews

Show HN:Attune——几秒钟内构建和发布APT仓库
Show HN: Attune - Build and publish APT repositories in seconds

原始链接: https://github.com/attunehq/attune

Attune 简化了 Linux 软件包的安全发布和托管。它提供灵活的部署选项:自托管仓库或 Attune 的托管云基础设施。安全性至关重要,它采用本地仓库索引签名,确保密钥控制。Attune 的增量索引重建保证了添加或删除软件包时的速度。目前,它支持 APT(Debian 和 Ubuntu)仓库。 设置过程包括使用 Docker Compose 配置 Attune 后端,包括设置环境变量,例如 `ATTUNE_SECRET`。接下来,安装 Attune 命令行界面 (CLI) 并创建一个仓库,指定 URL 和 Debian 发行版。将 `.deb` 软件包添加到仓库,指定通道,例如“stable/v17”。最后,生成或导出 GPG 密钥,然后使用它通过 `attune repo sync` 命令对仓库进行签名和部署。此过程可确保您的软件包仓库安全,确保您的用户获得软件包的完整性和真实性。

Eliza和Xin共同创建了Attune,这是一个新的开源工具,用于简化将Linux软件包发布到APT仓库的过程。 他们对现有工具感到沮丧,因为这些工具要么过时,要么难以在CI/CD管道中使用,要么存在不可接受的安全风险(需要云供应商持有签名密钥)。因此,他们创建了一个优先考虑简洁性、速度和本地签名的解决方案。Attune允许用户只需几个命令即可创建、向其中添加软件包以及同步仓库。 Attune在GitHub上以Apache 2许可证发布,旨在简化开发人员的软件包发布流程。团队正在积极改进Attune,并考虑一些企业级功能,例如审计日志记录、RBAC、HSM集成和托管云托管选项。他们正在寻求社区的反馈以指导未来的开发,尤其是在改进更广泛的发布、构件注册表和软件包仓库领域方面。用户可以通过[email protected]联系他们。
相关文章
  • Show HN:Lapdev,一款新的开源远程开发环境管理软件 2024-03-25
  • Pyinfra:使用 Python 自动化基础设施 2024-05-01
  • Show HN:WireHole 将 WireGuard、Pi-hole 和 Unbound 与简单的 UI 结合在一起 2023-10-30
  • Show HN:NPM-Audit-to-Report 2025-03-23
  • Show HN:memEx,一款受 Zettelkasten 和 org-mode 启发的个人知识库 2025-04-12
    • 原文

    GitHub license

    Attune is a tool for securely publishing and hosting Linux packages.

    • Flexible deployment: Deploy a self-hosted package repository, or use our managed cloud infrastructure.
    • Secure by design: Attune's CLI does repository index signing locally, so you can own your signing keys without ever exposing them.
    • Really, really fast: Attune does incremental repository index rebuilds, so adding and removing packages is really fast.

    We currently support publishing APT (Debian and Ubuntu) repositories, with more coming soon.

    Here's how to set up an APT repository in about 5 minutes.

    • Docker (docker)
    • GnuPG (gpg)
    ############## First, we need to set up the Attune backend.

# 1. Clone the repository.
git clone [email protected]:attunehq/attune.git && cd attune

# 2. Set up environment variables by copying from .env.example. You should
#    modify these values as needed to suit your deployment, especially
#    ATTUNE_SECRET.
cp .env.example .env

# 3. Start the control plane and supporting services.
docker compose up -d

############## Now, we'll install the CLI and set up a repository.

# 4. Install the Attune CLI by downloading it from GitHub Releases.

# 5. Create a repository.
attune repo create -u 'http://localhost:9000/debian' -d bookworm

# 6. Prepare a `.deb` package to host. One way you can do this is by downloading
#    a sample package e.g. `https://cdn.teleport.dev/teleport_17.4.4_arm64.deb`.

# 7. Add the package to the repository
attune repo pkg -r 1 add -c stable/v17 ~/Downloads/teleport_17.4.4_arm64.deb

############## Lastly, we'll use a GPG key to sign and deploy the repository.

# 8. If needed, generate a GPG key.
gpg --generate-key

# 9. Get the key ID of the secret key you'd like to use to sign.
gpg --list-secret-keys

# 10. Export your signing key (replace $KEYID with your key ID, which is the 40
#     character string next to the `sec` entries in each key).
gpg --armor --export-secret-keys --output demo-key.asc $KEYID

# 11. Sign and deploy the repository.
attune repo -r 1 sync -k demo-key.asc

############## Congratulations, you're done!

    For more detailed setup instructions and configuration options, refer to the user guide.

    Attune is Apache 2 licensed.

    联系我们 contact @ memedata.com