Nexus configuration

We use a self hosted Nexus repository to distribute .deb, .nupkg and .rpm. It's available at https://nexus.clever-cloud.com/.

Repositories

We have a repository for .deb packages, available here.

The repository is signed with the PGP key Clever Cloud Nexus (deb). The public key is published on the Cellar at https://clever-tools.clever-cloud.com/gpg/cc-nexus-deb.public.gpg.key. The private key, public key and passphrase are stored in our vault.

We have a repository for .nupkg packages, available here

We have a repository for .rpm packages, available here.

The repository is not signed, but the .rpm packages are.

The repo description is maintained in this git repo at templates/rpm/cc-nexus-rpm.repo. It's published on the Cellar at https://clever-tools.clever-cloud.com/repos/cc-nexus-rpm.repo. The public key is published on the Cellar at https://clever-tools.clever-cloud.com/gpg/cc-nexus-rpm.public.gpg.key. The private key, public key and passphrase are stored in our vault.

Steps to follow to generate a new pair of GnuPG keys:

Prepare a random string for the passphrase (30+ chars is good)
Run gpg --gen-key
Name: Clever Cloud Nexus (deb)
Email: ci@clever-cloud.com
Get the ID of the new generated key with gpg --list-keys
Export the public key in a file
- gpg --armor --output cc-nexus-deb.public.gpg.key --export <KEY_ID>
Publish the public key on the Cellar
- s3cmd -c .s3cfg put --acl-public cc-nexus-deb.public.gpg.key s3://clever-tools.clever-cloud.com/gpg/
Export the private key in a file
- gpg --armor --output cc-nexus-deb.private.gpg.key --export-secret-key <KEY_ID>
Update the private key where it's needed
- The deb private key and passphrase need to be set in both deb and deb-stable repo in Nexus.
- The rpm private key and passphrase need to be set in Jenkins.
Combine both keys into one file
- cat cc-nexus-deb.*.gpg.key cc-nexus-deb.combined.gpg.key
Add the combined key to the vault along with the random passphrase.

This is an example for deb but the same goes for rpm.