Skip to content

Instantly share code, notes, and snippets.

@blalor

blalor/00README.md

Last active January 1, 2016 16:19
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save blalor/8169891 to your computer and use it in GitHub Desktop.
Save blalor/8169891 to your computer and use it in GitHub Desktop.
Download ZIP
Public Yum repository in S3
Raw
00README.md

serving a public yum repo via s3

Steps for creating one or more public Yum repositories served via S3 with write access for the owner only. Don't put the repository in the root of the bucket; you won't be able to serve multiple repositories, and if you choose to enable logging you'll expose those publicly, as well.

The only magic here is the S3 bucket policy.

GPG-signed packages and repo metadata are left as an exercise to the reader.

how to do it

  1. create the bucket via the AWS S3 console
  2. use the included bucket policy, replacing @@BUCKET_NAME@@ and @@REPO@@ as appropriate
  3. put some RPMs into a directory and run createrepo /path/to/dir
  4. sync repo to S3: s3cmd sync --delete /path/to/dir/ s3://@@BUCKET_NAME@@/@@REPO@@/
  5. use the included repo template to create /etc/yum.repos.d/@@BUCKET_NAME@@.repo
  6. install your packages!
Raw
s3-policy.json
{
"Version": "2008-10-17",
"Id": "public-yum",
"Statement": [
{
"Sid": "@@REPO@@-anon-get",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::@@BUCKET_NAME@@/@@REPO@@/*"
}
]
}
Raw
yum.repo
[@@BUCKET_NAME@@-@@REPO@@]
name=My S3 repo
baseurl=https://@@BUCKET_NAME@@.s3.amazonaws.com/@@REPO@@/
enabled=1
gpgcheck=0
## additional repositories can be specified, as well, obviously
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment