- Authorized push
- Free pull
- File server without directory indexing vulnerability
- RPM rewrite protection
POST /api/packages
Authorization: Bearer qwe123
Content-Type: multipart/form-data; ...
...
Content-Disposition: form-data; name="package"; filename="test.rpm"
...
Sample: curl -X POST http://host:port/api/packages --form '[email protected]' -H "Authorization: Bearer qwe123"
GET /repos
Sample: curl http://host:port/repos/7/updates/x86_64/test.rpm
- createrepo tool should be installed
- LISTEN_ADDR - listening interface and port in format interface:port
LISTEN_ADDR=:8080- listen 8080 port on all interfaces
LISTEN_ADDR=127.0.0.1:8888- listen 8888 port on localhost only (useful with reverse proxy) - ACCESS_TOKEN - auth token for push access, any string
ACCESS_TOKEN=qwe123- push requests should contains headerAuthorization: Bearer qwe123 - PUSH_PATH - target repo folder path
PUSH_PATH=/opt/repos/7/updates/x86_64- pushed RPMs will be saved into /opt/repos/7/updates/x86_64 folder - REPOS_ROOT - root folder for file server
/repospath
REPOS_ROOT=/opt/repos- RPM pushed to /opt/repos/7/updates/x86_64/test.rpm will be accessible byhttp://host:port/repos/7/updates/x86_64/test.rpm
- Build:
docker build -f docker/Dockerfile -t local/rpm-server:dev . - Run:
docker run --rm -p "8080:8080" -e "ACCESS_TOKEN=123" --name rpm-server local/rpm-server:dev
- Push support for multiple repos inside REPOS_ROOT
- Improve access control