Skip to content

Latest commit

 

History

History
90 lines (63 loc) · 3.7 KB

README.md

File metadata and controls

90 lines (63 loc) · 3.7 KB
Raw

apt-transport-blob

A transport which allows installation of Debian packages from Azure Blob Storage.

Implements the APT method interface as documented here.

Building

Executable

To build the blob executable, use cargo:

cargo build --release

This creates the blob executable in your standard Cargo output directory, usually target/release.

Debian package

To create a Debian package, use cargo deb:

$ cargo deb
    Finished release [optimized] target(s) in 0.43s
/code/apt-transport-blob/target/debian/apt-transport-blob_<version>_amd64.deb

This creates a Debian package in target/debian. It contains the blob executable which installs to /usr/lib/apt/methods/blob.

Usage

To use this tool, it needs to be installed in /usr/lib/apt/methods as blob. This allows apt to resolve data sources with the blob:// prefix.

Authentication

This tool allows several forms of authentication. The user must ensure that the credential they use is authorised to access the blob container with the Storage Blob Data Reader role.

Credentials are prioritised as follows:

  • Storage bearer token: a bearer token created with the storage.azure.com scope set as the environment variable AZURE_STORAGE_BEARER_TOKEN.

    This bearer token can be obtained programmatically in Azure CLI by running

    az account get-access-token --output tsv --query accessToken --resource https://storage.azure.com

  • Environment variables: allows authentication via the mechanisms described in environment_credentials.rs - i.e. setting the environment variables:

    • AZURE_TENANT_ID: The Azure Active Directory tenant/directory ID
    • AZURE_CLIENT_ID: The client/application ID of an App Registration in the tenant.
    • AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.
    • or AZURE_FEDERATED_TOKEN_FILE: Path to an federated token file.

  • Azure CLI credentials: allows authentication via Azure CLI. Log in with

    az login

  • Managed Identity: can be used with Azure VMs, App Service and Azure Functions applications.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.