| Previous Post | Top | Next Post |
TOC
See Debian Workstation (usability) (v2023-10) for how I use personal DEB package repository.
Since my initial write in 2022, I have changed my GPG key in 2024 and used it for signing repository.
My github page
It’s source is at:
- https://github.com/osamuaoki/osamuaoki-hugo (source repo)
It’s generated content is stored at:
- https://github.com/osamuaoki/osamuaoki.github.io (published page repo)
Personal DEB-package repo on my github page
Since Githubs offer nice web site hosting service, I decided to host my private
build results there at http://osamuaoki.github.io/debian (Files on this URL
aren’t browsable. This is for APT-line.)
This let me skip running the web server as described in Local private package repo.
Since Debian Salsa runs Gitlab and Gitlab also offers equivalent web site hosting service, one should be able to do the same there. But considering tight resource constaints there, it may not be a good idea to do this on Salsa.
Let me go step-by-step.
GNU PG
Since I will use sub-key for this purpose, let me check:
$ gpg --list-secret-keys --with-subkey-fingerprint
/home/osamu/.gnupg/pubring.gpg
------------------------------
sec rsa4096 2010-09-23 [SC]
3133724D6207881579E95D621E1356881DD8D791
uid [ultimate] Osamu Aoki <osamu@debian.org>
ssb rsa4096 2010-09-23 [E]
FDCAD8AB29E281A0E004B510A04CBCEEF08BEFAD
sec ed25519 2024-01-07 [SC]
D89E6B09B42098CEAF081AB16D6D3809215F720D
uid [ultimate] Osamu Aoki <osamu@debian.org>
uid [ultimate] Osamu Aoki <osamu.aoki@gmail.com>
ssb cv25519 2024-01-07 [E]
F2B600DA9D34FA48B346EFED15021D9E0E61D985
sec dsa1024 2002-05-07 [SC]
253A40766A3BCCE2A426DEF5E80FC4C1A8061F32
uid [ unknown] Osamu Aoki <osamu@debian.org>
uid [ unknown] Osamu Aoki <debian@aokiconsulting.com>
ssb elg1024 2002-05-07 [E]
A811884929A5E4011B4D07A77DD3826901A117C2
There are 3 keys. (2002, 2010, 2024)
Now we know keyid (Let me use 2024 one).
For getting a compact public key:
$ gpg --export -a --export-options export-minimal \
D89E6B09B42098CEAF081AB16D6D3809215F720D
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZZpSFhYJKwYBBAHaRw8BAQdA9T6mXRx7Zc64kQC+dKB2RgxNHK0+KFlCT8b/
JtFAWRu0HU9zYW11IEFva2kgPG9zYW11QGRlYmlhbi5vcmc+iJIEExYIADsCGwMF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUC
ZZpXMAIZAQAKCRBtbTgJIV9yDc+YAQDhuq/q76qobfHKi8C2MT83u1qZkg2eCpEF
UkyvrE59fwD4+d+IbCls19F3MCRuEmyvYQr+sghC82lnUiFOxUq/DbQhT3NhbXUg
QW9raSA8b3NhbXUuYW9raUBnbWFpbC5jb20+iJAEExYIADgWIQTYnmsJtCCYzq8I
GrFtbTgJIV9yDQUCZZpVVQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBt
bTgJIV9yDehWAP9lG8DUBwUPl0kCTezQItOxQfDXgJ0Lyhv8dv4B1iWxjgEA8YBv
gCgDGby+pQmRX/STM7fu5LG62785oIj17HuMaQG4OARlmlIWEgorBgEEAZdVAQUB
AQdA+q2tgbmHC7MQv5bTHyawYrITRw7Gdg7M0p0+oSRtzS8DAQgHiHgEGBYIACAC
GwwWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUCZZpU3QAKCRBtbTgJIV9yDdz6AQC8
yC8mQnwkj9D2x84oSdEpAckJ/e47kLDN3y/HIOwXbAD/ZCv2Ek1Exh/7SrxNL65J
ipPuCsH1vTsxbEE14mEs2Ag=
=IDSM
-----END PGP PUBLIC KEY BLOCK-----
Thanks to the new algo, key is much smaller.
Setting up secure-APT cliant
Let’s use DEB822-STYLE FORMAT as explained in sources.list(5) and avoid using deprecated apt-key mechanism.
I add /etc/apt/sources.d/osamuaoki.sources to the client as follows:
$ cat >/etc/apt/sources.list.d/osamuaoki.sources <<"EOF"
Types: deb
URIs: https://osamuaoki.github.io/debian/
Suites: sid
Components: main
Signed-By:
-----BEGIN PGP PUBLIC KEY BLOCK-----
.
mDMEZZpSFhYJKwYBBAHaRw8BAQdA9T6mXRx7Zc64kQC+dKB2RgxNHK0+KFlCT8b/
JtFAWRu0HU9zYW11IEFva2kgPG9zYW11QGRlYmlhbi5vcmc+iJIEExYIADsCGwMF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUC
ZZpXMAIZAQAKCRBtbTgJIV9yDc+YAQDhuq/q76qobfHKi8C2MT83u1qZkg2eCpEF
UkyvrE59fwD4+d+IbCls19F3MCRuEmyvYQr+sghC82lnUiFOxUq/DbQhT3NhbXUg
QW9raSA8b3NhbXUuYW9raUBnbWFpbC5jb20+iJAEExYIADgWIQTYnmsJtCCYzq8I
GrFtbTgJIV9yDQUCZZpVVQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBt
bTgJIV9yDehWAP9lG8DUBwUPl0kCTezQItOxQfDXgJ0Lyhv8dv4B1iWxjgEA8YBv
gCgDGby+pQmRX/STM7fu5LG62785oIj17HuMaQG4OARlmlIWEgorBgEEAZdVAQUB
AQdA+q2tgbmHC7MQv5bTHyawYrITRw7Gdg7M0p0+oSRtzS8DAQgHiHgEGBYIACAC
GwwWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUCZZpU3QAKCRBtbTgJIV9yDdz6AQC8
yC8mQnwkj9D2x84oSdEpAckJ/e47kLDN3y/HIOwXbAD/ZCv2Ek1Exh/7SrxNL65J
ipPuCsH1vTsxbEE14mEs2Ag=
=IDSM
-----END PGP PUBLIC KEY BLOCK-----
EOF
Please note a leading space added to each line and for the blank line, it became " ." to follow Debian configuration file syntax.
Setting up package repository
Let’s suppose I have this hugo repo checked out at /path/to/osamuaoki-hugo/
$ cd /path/to/osamuaoki-hugo/static
$ mkdir -p debian/conf
In debian/conf add distributions as:
Origin: Osamu
Label: Osamu
Codename: sid
Architectures: amd64 source
Components: main
Description: APT repository for Osamu's infrastructure
SignWith: D89E6B09B42098CEAF081AB16D6D3809215F720D
And options as:
verbose
basedir /path/to/osamuaoki-hugo/static/debian/
ask-passphrase
Adding personal binary package repository
You create Debian package source trees in ../packages/ relative to
my github page source
The binary package repository build script is repository.sh in my gihub page source.
- Source is cloned first.
- Native packages are build with
debuild - Non-native packages use gbp-style repo and
gbp extract-origis run beforedebuild. repropropublishes build packages to github web pages.
Then publish this binary package repository as a part of static web pages with hugo as usual with ./update.sh.
| Previous Post | Top | Next Post |