doc:guides:aptrepos

Setting up a APT repository

We're going to provide steps and samples with the following supposes:

  • You have the deb packages (here will not explain how to build deb packages)
  • The repository (packages) are under path /srv/software/packages/

Previous

Web server

Although APT repositories can be served also via FTP, we explain here a HTTP setup.

For FTP the tree structure and tools are exactly the same, changing only the access method.

Apache

Although not strictly necessary, I like to set the repository as a separate VirtualHost, to configure it you simply need to create the following configuration: 

<VirtualHost aptrepos.domain.com:80>
    ServerName aptrepos.domain.com
    ServerAdmin webmaster@domain.com

    DocumentRoot /srv/software/repos/
    Options Indexes FollowSymLinks MultiViews
</VirtualHost>

This is the most basic configuration, we recommend setup some autoindex features. As we are using a NamedVirtualhost (aptrepos.domain.com) you should set up DNS accordingly to point that name to you web server.

Nginx

server {
    listen       80;
    server_name  aptrepos.domain.com;

    location / {
        root   /srv/software/repos/;
        index  index.html index.htm;
    }
}

GPG Key

You need to generate a PGP key, there are no special requirements on the key, but be sure to keep it safe: 

gpg --gen-key
gpg --list-keys

You will need the public key in ASCII to be imported as a trusted key for destination systems, to get the armored format: 

gpg --armor --export <key-id/mail> --output apt-repos.gpg.key

Another way is to generate a new keyring containing the key and copy it to destination systems directly into /etc/apt/trusted.gpg.d/repos.gpg 

gpg --export <key-id/mail> > /etc/apt/trusted.gpg.d/repos.gpg

Build repository

All repository commands must be run inside the repository root directory

Prepare a directory to be the root of your repository, create conf subdirectory below it.

Inside the conf directory, create distributions file documenting the repository contents, i.e.: 

Origin: Lady 3Jane Factory software
Label: Factory Source
Codename: wheezy
Architectures: i386 amd64 armhf
Components: main
Description: Lady 3Jane Factory Source packaged software
SignWith: 04E79A7C

Note that you need to indicate the GPG key used for signing (use gpg –list-keys to know which one)

In options file, you can set various default options for reprepro in order to avoid etnering them on commandline: 

verbose
basedir /srv/software/package-repos/
ask-passphrase

Add packages to repository

As simple as running reprepo as follows: 

reprepro includedeb <distribution> <file.deb>

This will create the needed infrastructure, copy the deb(s) package(s) into it and prepare required files to build the pository

Use repository

You need to add the line in to the sources.list file or new file below sources.list.d directory: 

deb http://<url>/ <distribution> <components>

You will get an error on the repostiroy not being trusted: 

W: GPG error: http://factory.infra.l3jane.net jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B3957962DC307158

You can either add the key to the keyring using apt-key or directly copy the exported key below /etc/apt/trusted.gpg.d/

Problems

Starting on Debian 8, I found a bug libgpgme which avoid straight-forward use of GPG, you can workarround that

  • doc/guides/aptrepos.txt
  • Last modified: 2021/06/10 21:43
  • by 127.0.0.1