Setting up a APT repository
We're going to provide steps and samples with the following supposes:
- You have the deb packages (here will not explain how to build deb packages)
- The repository (packages) are under path
/srv/software/packages/
Previous
Web server
Although APT repositories can be served also via FTP, we explain here a HTTP setup.
For FTP the tree structure and tools are exactly the same, changing only the access method.
Apache
Although not strictly necessary, I like to set the repository as a separate VirtualHost, to configure it you simply need to create the following configuration:
<VirtualHost aptrepos.domain.com:80> ServerName aptrepos.domain.com ServerAdmin webmaster@domain.com DocumentRoot /srv/software/repos/ Options Indexes FollowSymLinks MultiViews </VirtualHost>
This is the most basic configuration, we recommend setup some autoindex features. As we are using a NamedVirtualhost (aptrepos.domain.com) you should set up DNS accordingly to point that name to you web server.
Nginx
server { listen 80; server_name aptrepos.domain.com; location / { root /srv/software/repos/; index index.html index.htm; } }
GPG Key
You need to generate a PGP key, there are no special requirements on the key, but be sure to keep it safe:
gpg --gen-key gpg --list-keys
You will need the public key in ASCII to be imported as a trusted key for destination systems, to get the armored format:
gpg --armor --export <key-id/mail> --output apt-repos.gpg.key
Another way is to generate a new keyring containing the key and copy it to destination systems directly into /etc/apt/trusted.gpg.d/repos.gpg
gpg --export <key-id/mail> > /etc/apt/trusted.gpg.d/repos.gpg
Build repository
Prepare a directory to be the root of your repository, create conf
subdirectory below it.
Inside the conf
directory, create distributions
file documenting the repository contents, i.e.:
Origin: Lady 3Jane Factory software Label: Factory Source Codename: wheezy Architectures: i386 amd64 armhf Components: main Description: Lady 3Jane Factory Source packaged software SignWith: 04E79A7C
Note that you need to indicate the GPG key used for signing (use gpg –list-keys
to know which one)
In options
file, you can set various default options for reprepro in order to avoid etnering them on commandline:
verbose basedir /srv/software/package-repos/ ask-passphrase
Add packages to repository
As simple as running reprepo as follows:
reprepro includedeb <distribution> <file.deb>
This will create the needed infrastructure, copy the deb(s) package(s) into it and prepare required files to build the pository
Use repository
You need to add the line in to the sources.list file or new file below sources.list.d directory:
deb http://<url>/ <distribution> <components>
You will get an error on the repostiroy not being trusted:
W: GPG error: http://factory.infra.l3jane.net jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B3957962DC307158
You can either add the key to the keyring using apt-key or directly copy the exported key below /etc/apt/trusted.gpg.d/
Problems
Starting on Debian 8, I found a bug libgpgme which avoid straight-forward use of GPG, you can workarround that