操作系统版本：16.04

1 缓存离线安装包

为保证要缓存的安装包，以及依赖包的完整性，建议在一个比较干净的，最好是安装完操作系统之后，没有安装其它软件的环境下进行。

1.1 清空缓存目录

执行命令如下命令，清空apt的缓存

rm -rf /var/cache/apt/archives/

1.2 缓存安装包

使用apt-get -d 的方式，可以将安装包以及它的依赖包缓存到/var/cache/apt/archives/目录下。这里以缓存python-mininal为例，执行如下命令：

apt-get -d install python-minimal

查看/var/cache/apt/archives/目录

root@ubuntu:/opt/Ubuntu# ll /var/cache/apt/archives/
total 3812
drwxr-xr-x 3 root root    4096 Mar 31 23:32 ./
drwxr-xr-x 3 root root    4096 Mar 31 20:12 ../
-rw-r--r-- 1 root root  337788 Oct  9 05:13 libpython2.7-minimal_2.7.12-1ubuntu0~16.04.9_amd64.deb
-rw-r--r-- 1 root root 1884162 Oct  9 05:13 libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.9_amd64.deb
-rw-r--r-- 1 root root    7768 Nov 23  2017 libpython-stdlib_2.7.12-1~16.04_amd64.deb
-rw-r----- 1 root root       0 Mar 31 23:13 lock
drwx------ 2 _apt root    4096 Mar 31 23:32 partial/
-rw-r--r-- 1 root root  136856 Nov 23  2017 python_2.7.12-1~16.04_amd64.deb
-rw-r--r-- 1 root root  223598 Oct  9 05:13 python2.7_2.7.12-1ubuntu0~16.04.9_amd64.deb
-rw-r--r-- 1 root root 1261510 Oct  9 05:13 python2.7-minimal_2.7.12-1ubuntu0~16.04.9_amd64.deb
-rw-r--r-- 1 root root   28122 Nov 23  2017 python-minimal_2.7.12-1~16.04_amd64.deb

2 制作离线源

2.1 创建源目录

在/opt目录下创建一个名为Ubuntu的目录

mkdir /opt/Ubuntu

2.2 复制所有缓存的.deb文件到源目录

将1中缓存在/var/cache/archives下的所有deb文件复制到源目录。

cp /var/cache/apt/archives/*deb /opt/Ubuntu/

2.3 生成Packages.gz

生成Packages.gz有两种方式，一种是使用自带的软件命令apt-ftparchive，另一种是通过dpkg-dev软件包里的dpkg-scanpackages命令。前者好处是系统自带命令，不需要额外安装，但是不能检查并提示相同名称软件的不同版本。以下两种方式，选择一种即可。

方式一：使用apt-ftparchive生成Packages.gz

首先删除已有的Packages.gz以及Packages

cd /opt/
rm -rf Ubuntu/Packages.gz Ubuntu/Packages

生成Packages

apt-ftparchive packages Ubuntu > Ubuntu/Packages

将Packages打包为Packages.gz

cd Ubuntu
gzip -c Packages > Packages.gz

方式二：使用dpkg-scanpackages生成Packages.gz

安装dpkg-dev

apt-get install -y dpkg-dev

在/opt目录下执行如下命令生成packages.gz

cd /opt/
dpkg-scanpackages Ubuntu/ /dev/null | gzip -9c > Ubuntu/Packages.gz

2.4 生成Release文件

在/opt/Ubuntu目录下执行如下命令，生成Release文件

cd /opt/Ubuntu/
apt-ftparchive release ./ > Release

3 签名

3.1 安装gpg及其相关软件

apt-get install -y gnupg
apt-get install -y rng-tools

3.2 生成随机数

密钥创建过程中，需要使用到足够的随机数(random)，可先行安装rng-tools, 该工具可以常驻后台的方式, 生成随机数，避免gpg密钥创建过程中的长时间等待问题

rngd -r /dev/urandom

3.3 生成公钥和私钥

vi ~/.gnupg/gpg.conf

添加如下内容：

personal-digest-preferences SHA256

gpg --gen-key

根据提示输入信息

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: hollicube
Email address: hollicube@hollysys.com
Comment: For Local Reop
You selected this USER-ID:
    "hollicube (For Local Reop) <hollicube@hollysys.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
..........+++++
gpg: key 0A37E4E3 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   2048R/0A37E4E3 2020-04-01
      Key fingerprint = DDBB 3858 0BAB 45C2 16F7  E5EC 41AD 58A2 0A37 E4E3
uid                  hollicube (For Local Reop) <hollicube@hollysys.com>

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.

3.4 查看生成的Key

gpg --list-key

root@ubuntu:/opt# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/2F32BB3E 2020-04-01
uid                  hollicube (hollysys-offline-ubuntu-package) <hollicube@hollysys.com>

3.5 导出公钥和私钥

导出公钥

gpg -a --export-secret-keys 2F32BB3E > HolliCube_Repo_Key_2020.sec

导出私钥

gpg -a --export 2F32BB3E > HolliCube_Repo_Key_2020.pub

3.6 签名Release文件

cd /opt/Ubuntu/
gpg --clearsign --default-key 2F32BB3E -o InRelease Release
gpg -abs --default-key 2F32BB3E -o Release.gpg Release

4 配置离线源

首先将/opt/Ubuntu目录复制到 /var/www/html/下

cp -r /opt/Ubuntu /var/www/html/

在其它ubuntu的机器上添加公钥

wget http://xxxxx/Ubuntu/HolliCube_Repo_Key_2020.pub
apt-key add HolliCube_Repo_Key_2020.pub

修改源地址

vi /etc/apt/sources.list
deb [arch=amd64] http://xxxx/HolliCube-Repo-1.2.0 Ubuntu/

更新

apt-get update

测试安装

apt-get install -y python