Personal DEB package repository

Date: 2022/08/20 (initial publish), 2024/01/10 (last update)

Source: en/note-00033.md

Previous Post Top Next Post

TOC

See Debian Workstation (usability) (v2023-10) for how I use personal DEB package repository.

Since my initial write in 2022, I have changed my GPG key in 2024 and used it for signing repository.

My github page

It’s source is at:

It’s generated content is stored at:

Personal DEB-package repo on my github page

Since Githubs offer nice web site hosting service, I decided to host my private build results there at http://osamuaoki.github.io/debian (Files on this URL aren’t browsable. This is for APT-line.)

This let me skip running the web server as described in Local private package repo.

Since Debian Salsa runs Gitlab and Gitlab also offers equivalent web site hosting service, one should be able to do the same there. But considering tight resource constaints there, it may not be a good idea to do this on Salsa.

Let me go step-by-step.

GNU PG

Since I will use sub-key for this purpose, let me check:

$ gpg --list-secret-keys  --with-subkey-fingerprint
/home/osamu/.gnupg/pubring.gpg
------------------------------
sec   rsa4096 2010-09-23 [SC]
      3133724D6207881579E95D621E1356881DD8D791
uid           [ultimate] Osamu Aoki <osamu@debian.org>
ssb   rsa4096 2010-09-23 [E]
      FDCAD8AB29E281A0E004B510A04CBCEEF08BEFAD

sec   ed25519 2024-01-07 [SC]
      D89E6B09B42098CEAF081AB16D6D3809215F720D
uid           [ultimate] Osamu Aoki <osamu@debian.org>
uid           [ultimate] Osamu Aoki <osamu.aoki@gmail.com>
ssb   cv25519 2024-01-07 [E]
      F2B600DA9D34FA48B346EFED15021D9E0E61D985

sec   dsa1024 2002-05-07 [SC]
      253A40766A3BCCE2A426DEF5E80FC4C1A8061F32
uid           [ unknown] Osamu Aoki <osamu@debian.org>
uid           [ unknown] Osamu Aoki <debian@aokiconsulting.com>
ssb   elg1024 2002-05-07 [E]
      A811884929A5E4011B4D07A77DD3826901A117C2

There are 3 keys. (2002, 2010, 2024)

Now we know keyid (Let me use 2024 one).

For getting a compact public key:

$ gpg --export -a --export-options export-minimal \
  D89E6B09B42098CEAF081AB16D6D3809215F720D
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZZpSFhYJKwYBBAHaRw8BAQdA9T6mXRx7Zc64kQC+dKB2RgxNHK0+KFlCT8b/
JtFAWRu0HU9zYW11IEFva2kgPG9zYW11QGRlYmlhbi5vcmc+iJIEExYIADsCGwMF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUC
ZZpXMAIZAQAKCRBtbTgJIV9yDc+YAQDhuq/q76qobfHKi8C2MT83u1qZkg2eCpEF
UkyvrE59fwD4+d+IbCls19F3MCRuEmyvYQr+sghC82lnUiFOxUq/DbQhT3NhbXUg
QW9raSA8b3NhbXUuYW9raUBnbWFpbC5jb20+iJAEExYIADgWIQTYnmsJtCCYzq8I
GrFtbTgJIV9yDQUCZZpVVQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBt
bTgJIV9yDehWAP9lG8DUBwUPl0kCTezQItOxQfDXgJ0Lyhv8dv4B1iWxjgEA8YBv
gCgDGby+pQmRX/STM7fu5LG62785oIj17HuMaQG4OARlmlIWEgorBgEEAZdVAQUB
AQdA+q2tgbmHC7MQv5bTHyawYrITRw7Gdg7M0p0+oSRtzS8DAQgHiHgEGBYIACAC
GwwWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUCZZpU3QAKCRBtbTgJIV9yDdz6AQC8
yC8mQnwkj9D2x84oSdEpAckJ/e47kLDN3y/HIOwXbAD/ZCv2Ek1Exh/7SrxNL65J
ipPuCsH1vTsxbEE14mEs2Ag=
=IDSM
-----END PGP PUBLIC KEY BLOCK-----

Thanks to the new algo, key is much smaller.

Setting up secure-APT cliant

Let’s use DEB822-STYLE FORMAT as explained in sources.list(5) and avoid using deprecated apt-key mechanism.

I add /etc/apt/sources.d/osamuaoki.sources to the client as follows:

$ cat >/etc/apt/sources.list.d/osamuaoki.sources  <<"EOF"
Types: deb
URIs: https://osamuaoki.github.io/debian/
Suites: sid
Components: main
Signed-By:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 .
 mDMEZZpSFhYJKwYBBAHaRw8BAQdA9T6mXRx7Zc64kQC+dKB2RgxNHK0+KFlCT8b/
 JtFAWRu0HU9zYW11IEFva2kgPG9zYW11QGRlYmlhbi5vcmc+iJIEExYIADsCGwMF
 CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUC
 ZZpXMAIZAQAKCRBtbTgJIV9yDc+YAQDhuq/q76qobfHKi8C2MT83u1qZkg2eCpEF
 UkyvrE59fwD4+d+IbCls19F3MCRuEmyvYQr+sghC82lnUiFOxUq/DbQhT3NhbXUg
 QW9raSA8b3NhbXUuYW9raUBnbWFpbC5jb20+iJAEExYIADgWIQTYnmsJtCCYzq8I
 GrFtbTgJIV9yDQUCZZpVVQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBt
 bTgJIV9yDehWAP9lG8DUBwUPl0kCTezQItOxQfDXgJ0Lyhv8dv4B1iWxjgEA8YBv
 gCgDGby+pQmRX/STM7fu5LG62785oIj17HuMaQG4OARlmlIWEgorBgEEAZdVAQUB
 AQdA+q2tgbmHC7MQv5bTHyawYrITRw7Gdg7M0p0+oSRtzS8DAQgHiHgEGBYIACAC
 GwwWIQTYnmsJtCCYzq8IGrFtbTgJIV9yDQUCZZpU3QAKCRBtbTgJIV9yDdz6AQC8
 yC8mQnwkj9D2x84oSdEpAckJ/e47kLDN3y/HIOwXbAD/ZCv2Ek1Exh/7SrxNL65J
 ipPuCsH1vTsxbEE14mEs2Ag=
 =IDSM
 -----END PGP PUBLIC KEY BLOCK-----
EOF

Please note a leading space added to each line and for the blank line, it became " ." to follow Debian configuration file syntax.

Setting up package repository

Let’s suppose I have this hugo repo checked out at /path/to/osamuaoki-hugo/

$ cd /path/to/osamuaoki-hugo/static
$ mkdir -p debian/conf

In debian/conf add distributions as:

Origin: Osamu
Label: Osamu
Codename: sid
Architectures: amd64 source
Components: main
Description: APT repository for Osamu's infrastructure
SignWith: D89E6B09B42098CEAF081AB16D6D3809215F720D

And options as:

verbose
basedir /path/to/osamuaoki-hugo/static/debian/
ask-passphrase

Adding personal binary package repository

You create Debian package source trees in ../packages/ relative to my github page source

The binary package repository build script is repository.sh in my gihub page source.

Then publish this binary package repository as a part of static web pages with hugo as usual with ./update.sh.

Previous Post Top Next Post