How to setup a debrepo

My aim here is to setup a directory full of .deb files that can be installed with

apt-get install whatever

Not a full Debian repo, nor a "distribution", just a few of my own packages. Given how simple it is to create .deb packages its strange setting up a repo was so complicated. Reading Debian repo management docs complicated matters, I don't recommend it if you are setting up a simple repo.

N.B. google "Launchpad PPA" if you don't need to host the debs yourself and your code is open source. Save yourself some hassle.

I presume you do have a webserver setup to host the debs.

These are tools I needed to install on the server.

aptitude install dpkg-dev dpkg-sig gnupg apt-utils

I needed to generate a gpg key pair  gpg --gen-key is the command but its interactive so useless in a shell script.  It has a very weird syntax but here it is.

echo '
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: dpkg1
Expire-Date: 0
%commit
%echo done
' | gpg --gen-key --batch


dpgk1 is the name I've chosen for my package signing key, it can be any string e.g. your name.

It takes ages to run, on a quiet server/container with no disk activity it may never finish since its waiting for entropy from /dev/random.  Worst case run that command on a laptop/physical box, and export and move the keys back to the server.

Show the keys

gpg --list-keys

If you need to move the keys.

gpg -a --export-secret-key dpkg1 > secret.gpg
gpg -a --export dpkg1            > public.gpg
scp secret.gpg public.gpg root@wherever:
ssh root@wherever '
gpg --import -v -v ./secret.gpg
gpg --import -v -v ./public.gpg
'

The security conscious should delete secret.gpg now.


With the keys imported you need to copy debs to a folder that is being published by nginx/apache or similar.  And then create the repository indexes.
The index files I needed were all of Packages Packages.gz Release and Release.gpg, supposedly Packages is not needed but I could not get downloads to work without it.  That may be a bug in the tool versions I'm using.

cd /var/www/mydebrepo
gpg -a --export dpkg1 > public.gpg
rm -f Release Release.gpg Packages Packages.gz
dpkg-scanpackages . /dev/null > Packages
gzip -k Packages
apt-ftparchive release . > Release
gpg --yes -abs -u dpkg1 -o Release.gpg Release

Then sign all the debs.

dpkg-sig -k dpkg1 -s builder *.deb

That should be it for the serverside.

Setting up the client is a multi-step process

import the pgp public key
edit sources.list
apt-get update

I added a README.md file to the repo so I don't forget the process.

The syntax of sources.list is confusing, I don't understands why I have to put ./ and Ubuntu put wily release, it works but it looks different to all other lines in the file.



echo "

Add the following to your `/etc/apt/sources.list` to use this repository.

  deb http://download.tp23.org/download/deb/ ./

And run this to import the key

  wget -q http://download.tp23.org/download/deb/public.gpg -O - | sudo apt-key add -

If you still have problem try rebuilding the apt lists cache

  sudo rm -fr /var/lib/apt/lists/*
  sudo apt-get update

" > README.md

Seems deleting the indexes and rebuilding them is needed every time a file is added or removed. 

Doing that in such a way as not to interrupt clients use of the repo is left as an exercise for the reader.