Your own Debian repository

Posted on Fri 23 August 2013 in Linux

The latter steps of this guide assumes you have a webserver set up to serve the repo directory you will be creating in this guide.

GPG key for signing

Run the following command as the user you intend to sign stuff with:

gpg --gen-key

Select option 4 to create a RSA key. Default keysize of 2048 is alright. Enter your name and email when prompted.

Public GPG key

Replace the email below with your own:

gpg --armor --export yourname@email.com > pubkey.gpg

Signing packages

Packages you build from now on should be automatically signed with the key you have generated if the email match the one in the changelog file.

To resign existing packages run:

dpkg-sig --sign builder package.deb

Builder is a Debian convention, no need to change that. Only replace package.deb with the file name of your package.

Setting up the repository

Create a new directory for the repo, containing another directory called conf:

mkdir -p repo/conf

Then create a file called "distributions" in the conf directory:

Origin: apt.example.com
Label: apt repository
Codename: wheezy
Architectures: amd64
Components: main
Description: Description of your fabulous repo
SignWith: yes
Pull: wheezy

Adding packages to the repository

For this we use a great tool called "reprepro":

apt-get install reprepro

Add packages with the below command, note that you need to be in your repo directory:

reprepro --ask-passphrase -Vb . includedeb wheezy /path/to/your/package.deb

Make the public key available

I suggest you put the public key we created earlier, "pubkey.gpg" in the root of the repo or somewhere else where it can be downloaded like this:

wget -q -O - http://example.com/repo/repokey.gpg | sudo apt-key add -