Create a Basic APT Repository
Set Environment Variables
SERVERADDRESS=192.168.1.16
REPOSITORYDIRECTORY=/var/www/html
ORGANISATION=pirho
KEYNAME=repo-key
DOMAINNAME=pirho.net
EMAIL=${KEYNAME}@${DOMAINNAME}
Install Nginx (Apache2 works too but has a larger footprint)
sudo apt-get update && sudo apt-get install -y nginx
Cleanup APT Repository Root
sudo rm -rf ${REPOSITORYDIRECTORY}/*
Create APT Binary Directory
sudo mkdir -p ${REPOSITORYDIRECTORY}/pool/main
sudo mkdir ${REPOSITORYDIRECTORY}/project
Create APT Metadata Directory
sudo mkdir -p ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64
*** Copy binaries now (${REPOSITORYDIRECTORY}/pool/main/) ***
Install Debian Package Development Tools
sudo apt-get update && sudo apt-get install -y dpkg-dev
Create Repository Metadata Directory
sudo mkdir -p /var/www/html/dists/stable/main/binary-amd64
cd $REPOSITORYDIRECTORY
# Alternative: apt-ftparchive --arch amd64 packages amd64 > ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages
dpkg-scanpackages --arch amd64 pool/ | sudo tee -a ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages
sudo gzip -9 -k ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages
Deploy 'generate-release.sh' Script
echo '#!/bin/sh
set -e
do_hash() {
HASH_NAME=$1
HASH_CMD=$2
echo "${HASH_NAME}:"
for f in $(find -type f); do
f=$(echo $f | cut -c3-) # remove ./ prefix
if [ "$f" = "Release" ]; then
continue
fi
echo " $(${HASH_CMD} ${f} | cut -d" " -f1) $(wc -c $f)"
done
}
cat << EOF
Origin: Example Repository
Label: Example
Suite: stable
Codename: stable
Version: 1.0
Architectures: amd64
Components: main
Description: An example software repository
Date: $(date -Ru)
EOF
do_hash "MD5Sum" "md5sum"
do_hash "SHA1" "sha1sum"
do_hash "SHA256" "sha256sum"
' > ~/generate-release.sh && chmod +x ~/generate-release.sh
cd ${REPOSITORYDIRECTORY}/dists/stable
# Alternative: apt-ftparchive release . > Release
~/generate-release.sh | sudo tee -a Release
sudo apt-get update && sudo apt-get install -y gpg
cat > ~/$KEYNAME.batch << EOF
%echo Generating PGP key...
Key-Type: RSA
Key-Length: 4096
Name-Real: ${KEYNAME}
Name-Email: ${EMAIL}
Expire-Date: 0
%no-ask-passphrase
%no-protection
%commit
%echo Done
EOF
# Create Working Directory
mkdir ~/$KEYNAME
Set 'GNUPGHOME' to a Temporary Directory
export GNUPGHOME="$(mkdir -p ~/$KEYNAME/gpg)"
gpg --no-tty --batch --gen-key ~/$KEYNAME.batch
gpg --armor --export $KEYNAME > ~/$KEYNAME/pgpkey.public
gpg --armor --export-secret-keys $KEYNAME > ~/$KEYNAME/pgpkey.private
cat ~/${KEYNAME}/pgpkey.private | sudo gpg --import
Create 'Release.gpg' File from 'Release' File
sudo gpg --armor --output ${REPOSITORYDIRECTORY}/dists/stable/Release.gpg --detach-sign ${REPOSITORYDIRECTORY}/dists/stable/Release
sudo gpg --digest-algo SHA256 --clearsign --output ${REPOSITORYDIRECTORY}/dists/stable/InRelease ${REPOSITORYDIRECTORY}/dists/stable/Release
Copy Public Key to APT Key Directory
cat ~/${KEYNAME}/pgpkey.public | sudo tee -a ${REPOSITORYDIRECTORY}/project/${ORGANISATION}-archive-keyring.gpg
cat > /var/www/html/index.html << EOF
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Custom APT Repository</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<style type="text/css">
body {
font-family: Calibri, Verdana, Helvetica, sans-serif;
}
main > section > code {
display: block;
white-space: pre;
font-family: "Lucida Console", "Courier New", monospace;
}
</style>
</head>
<body>
<main>
<h1>Custom APT Repository</h1>
<section>
<header>Set Environment Variables</header>
<code lang="sh">
SERVERADDRESS=192.168.1.12
ORGANISATION=pirho
PACKAGE=hello-world
</code>
</section>
<section>
<header>Get Public Key</header>
<code lang="sh">
wget -q -O - http://$SERVERADDRESS/project/$ORGANISATION-archive-keyring.gpg | sudo gpg --dearmor --output /usr/share/keyrings/$ORGANISATION-archive-keyring.gpg
</code>
</section>
<section>
<header>Add Repository to APT Sources List</header>
<code lang="sh">
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/$ORGANISATION-archive-keyring.gpg] http://$SERVERADDRESS stable main" | sudo tee /etc/apt/sources.list.d/$ORGANISATION.list
</code>
</section>
<section>
<header>Install Package</header>
<code lang="sh">
sudo apt-get update
sudo apt-get install $PACKAGE
</code>
</section>
</main>
</body>
</html>
EOF