{"id":13904772,"url":"https://github.com/forward3d/alpinist","last_synced_at":"2025-07-18T02:31:59.691Z","repository":{"id":52452632,"uuid":"121776109","full_name":"forward3d/alpinist","owner":"forward3d","description":"Automatic Alpine Linux Package (apk) Repository Generation using AWS Lambda, S3 \u0026 SSM Parameter Store","archived":true,"fork":false,"pushed_at":"2021-04-28T21:51:33.000Z","size":866,"stargazers_count":45,"open_issues_count":0,"forks_count":5,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-08-07T23:40:02.071Z","etag":null,"topics":["alpine","alpine-linux","alpine-package","alpine-package-repository","aws-lambda","aws-parameter-store","aws-s3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/forward3d.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-16T16:55:51.000Z","updated_at":"2024-02-18T22:00:48.000Z","dependencies_parsed_at":"2022-09-17T12:41:58.159Z","dependency_job_id":null,"html_url":"https://github.com/forward3d/alpinist","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forward3d%2Falpinist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forward3d%2Falpinist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forward3d%2Falpinist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forward3d%2Falpinist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/forward3d","download_url":"https://codeload.github.com/forward3d/alpinist/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226336378,"owners_count":17608821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine","alpine-linux","alpine-package","alpine-package-repository","aws-lambda","aws-parameter-store","aws-s3"],"created_at":"2024-08-06T23:01:02.995Z","updated_at":"2024-11-25T13:30:36.549Z","avatar_url":"https://github.com/forward3d.png","language":"Python","readme":"# Alpinist\n\nAutomatic Alpine Linux Package (apk) Repository Generation using AWS Lambda, S3 \u0026 SSM Parameter Store\n\n## Summary\n\nThis project provides you with an python [AWS Lambda](https://aws.amazon.com/lambda/) function that is capable of automatically creating a signed Alpine Repository whenever a new Alpine Package is uploaded into an S3 bucket.\n\n## Table of Contents\n\n\u003c!-- toc --\u003e\n\n- [Installation](#installation)\n  * [Prerequisites](#prerequisites)\n  * [Steps](#steps)\n    + [1. Uploading the Lambda function code](#1-uploading-the-lambda-function-code)\n    + [2. Running CloudFormation](#2-running-cloudformation)\n- [Alpine Repository](#alpine-repository)\n  * [Layout](#layout)\n    + [`.index` files](#index-files)\n  * [Adding a Package](#adding-a-package)\n  * [Using the Repository within Alpine](#using-the-repository-within-alpine)\n    + [Adding your Public Key](#adding-your-public-key)\n    + [Adding the Repository](#adding-the-repository)\n  * [Index Signing](#index-signing)\n    + [Keys](#keys)\n      - [Pair Generation](#pair-generation)\n      - [Public Key](#public-key)\n      - [Storing in AWS SSM Parameter Store](#storing-in-aws-ssm-parameter-store)\n- [Included Binary blobs (`abuild-tar` \u0026 `apk`)](#included-binary-blobs-abuild-tar--apk)\n  * [Re-building the binaries from source](#re-building-the-binaries-from-source)\n- [Authors](#authors)\n- [Code of Conduct](#code-of-conduct)\n- [License](#license)\n- [Acknowledgments](#acknowledgments)\n\n\u003c!-- tocstop --\u003e\n\n## Installation\n\nThis project uses [AWS SAM](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) for storing all the CloudFormation infrastructure, which is basically an optimized version of CloudFormation. You can see what objects will be created in the `template.yaml` file.\n\n### Prerequisites\n\n* An existing S3 bucket to use for storing the lambda code\n* [AWS CLI](https://aws.amazon.com/cli/) installed and configured with credentials\n* Public/Private keypair used for signing packages and the repository (See [Keys](#keys))\n  * Private key must exist within AWS SSM Parameter Store (See [Index Signing](#index-signing))\n\n### Steps\n\n#### 1. Uploading the Lambda function code\n\nOnce you have created the S3 bucket that you will store the lambda code within, you will need to run this command to deploy it. Remember to put in the name of your bucket.\n\n    aws cloudformation package \\\n      --template-file template.yaml \\\n      --output-template-file serverless-output.yaml \\\n      --s3-bucket BUCKETNAME\n\n#### 2. Running CloudFormation\n\nYou need to decide on the name of the bucket you want to use as your repository, don't create this S3 bucket, as the template will do that for you. You also need to pick a name for the CloudFormation stack.\n\nSo now we have our generated template from the previous command, you now need to deploy it...\n\n    aws cloudformation deploy \\\n      --parameter-overrides BucketName=BUCKETNAMEFORTHEREPO \\\n      --template-file serverless-output.yaml \\\n      --stack-name NAMEOFTHECLOUDFORMATIONSTACK \\\n      --capabilities CAPABILITY_IAM\n\nIf that completes successfully, then you all all deployed.\n\n## Alpine Repository\n\n### Layout\n\nIn S3 you __must__ use this specific directory layout...\n\n    /\u003calpine_version\u003e/\u003crepository_name\u003e/\u003carchitecture\u003e\n\nExample...\n\n    /3.7/main/x86_64/aspell-ar-1.2-r0.apk\n\nYou can have as many combinations of Alpine version, repository name and architecture as you like.\n\n#### `.index` files\n\nWhenever a package is processed by the Lambda function it will create an index file at the same path. These files contain some metadata about individual packages, and are used to to generate the overall `APKINDEX` for each repository.\n\nIt will be named exactly the same as the package, but instead of an `.apk` file extension it will be `.index`. These files are replaced whenever the individual package file is changed or touched.\n\n### Adding a Package\n\nSimply upload your `apk` file to the correct location within S3. When you upload an Alpine package the Lambda function will generate the `APKINDEX.tar.gz` automatically.\n\n\n### Using the Repository within Alpine\n\nWhen you have uploaded a package and it has successfully created the `APKINDEX.tar.gz` you will of course want to use the repository within Alpine. You must add the public key, and then configure the repositories you want.\n\n\n#### Adding your Public Key\n\nInstall the public key into Alpine by simply downloading it to the correct directory from S3...\n\n    cd /etc/apk/keys\n    wget https://s3-REGION.amazonaws.com/BUCKETNAME/KEYNAME.rsa.pub\n\nExample...\n\n    cd /etc/apk/keys\n    wget https://s3-eu-west-1.amazonaws.com/apks/developers@forward3d.com-5a7dfa17.rsa.pub\n\n#### Adding the Repository\n\nOnce you have the public key, you must also add the repositories you want to enable. You do this by simply adding a line to the `/etc/apk/repositories` file.\n\n    echo \"https://s3-REGION.amazonaws.com/BUCKETNAME/ALPINEVERSION/REPOSITORYNAME\" \u003e\u003e /etc/apk/repositories\n\nFor example...\n\n    echo \"https://s3-eu-west-1.amazonaws.com/apks/3.7/main\" \u003e\u003e /etc/apk/repositories\n\nAfter that, simply update...\n\n    apk update\n\n### Index Signing\n\nYou must provide a RSA private key for signing the repository, you must use the same key that generated the package, otherwise you will end up with `bad signatures` or `untrusted key`. This has to be stored in [AWS SSM Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html) as a `Secure String`.\n\n#### Keys\n\n##### Pair Generation\n\nIf you need to generate some keys to use, have a look at the instructions on this Github repo...\n\nhttps://github.com/andyshinn/docker-alpine-abuild#keys\n\n##### Public Key\n\nMake sure you make your public key available, as you will need to install it on any machine you want to use the repository from. We suggest putting it at the root of the S3 bucket.\n\n##### Storing in AWS SSM Parameter Store\n\nYou need to store the private half of your keypair in [AWS SSM Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html) in the region you want to deploy the Lambda function. Since you can't create `SecureString` parameters through CloudFormation you must go do this manually through the interface or using the AWS CLI.\n\n    aws ssm put-parameter --region 'eu-west-1' --name '/apk/rsa' --type 'SecureString' --value \"`cat developers@forward3d.com-5a7dfa17.rsa`\"\n    aws ssm put-parameter --region 'eu-west-1' --name '/apk/key' --type 'String' --value 'developers@forward3d.com-5a7dfa17.rsa.pub'\n\nNote: `/apk/key` does not contain the public key, it contains literally the __name__ of the public key.\n\n## Included Binary blobs (`abuild-tar` \u0026 `apk`)\n\nThese binaries are required to generate the index itself. These could be re-written in Python if someone is up for the challenge, however currently it was easier to compile them to run inside Amazon Linux.\n\n### Re-building the binaries from source\n\nIf you don't trust this repository and want to re-build these binaries yourself, you can do so easily with the `Dockerfile` in the `docker/apk-tools` directory. Simply build the image, and then copy out the files while the container is still running...\n\n    docker build -t apk-tools .\n    docker run -it --rm apk-tools\n\n    docker cp `docker ps | grep apk-tools | awk '{print $1}'`:/apk-tools/src/apk .\n    docker cp `docker ps | grep apk-tools | awk '{print $1}'`:/abuild/abuild-tar .\n\n## Authors\n\nSee the list of [contributors](https://github.com/forward3d/alpinist/contributors) who participated in this project.\n\n## Code of Conduct\n\nThis project is has a code of conduct - please see the [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) file for details.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Acknowledgments\n\n* [Andy Shinn](https://github.com/andyshinn) for his various Alpine packaging repos\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforward3d%2Falpinist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fforward3d%2Falpinist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforward3d%2Falpinist/lists"}