Create a Basic APT Repository

Set Environment Variables
SERVERADDRESS=192.168.1.16 REPOSITORYDIRECTORY=/var/www/html ORGANISATION=pirho KEYNAME=repo-key DOMAINNAME=pirho.net EMAIL=${KEYNAME}@${DOMAINNAME}
Install Nginx (Apache2 works too but has a larger footprint)
sudo apt-get update && sudo apt-get install -y nginx
Cleanup APT Repository Root
sudo rm -rf ${REPOSITORYDIRECTORY}/*
Create APT Binary Directory
sudo mkdir -p ${REPOSITORYDIRECTORY}/pool/main
Create APT Key Directory
sudo mkdir ${REPOSITORYDIRECTORY}/project
Create APT Metadata Directory
sudo mkdir -p ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64
*** Copy binaries now (${REPOSITORYDIRECTORY}/pool/main/) ***
Install Debian Package Development Tools
sudo apt-get update && sudo apt-get install -y dpkg-dev
Create Repository Metadata Directory
sudo mkdir -p /var/www/html/dists/stable/main/binary-amd64
Generate 'Packages' File
cd $REPOSITORYDIRECTORY # Alternative: apt-ftparchive --arch amd64 packages amd64 > ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages dpkg-scanpackages --arch amd64 pool/ | sudo tee -a ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages
Compress 'Packages' File
sudo gzip -9 -k ${REPOSITORYDIRECTORY}/dists/stable/main/binary-amd64/Packages
Deploy 'generate-release.sh' Script
echo '#!/bin/sh set -e do_hash() { HASH_NAME=$1 HASH_CMD=$2 echo "${HASH_NAME}:" for f in $(find -type f); do f=$(echo $f | cut -c3-) # remove ./ prefix if [ "$f" = "Release" ]; then continue fi echo " $(${HASH_CMD} ${f} | cut -d" " -f1) $(wc -c $f)" done } cat << EOF Origin: Example Repository Label: Example Suite: stable Codename: stable Version: 1.0 Architectures: amd64 Components: main Description: An example software repository Date: $(date -Ru) EOF do_hash "MD5Sum" "md5sum" do_hash "SHA1" "sha1sum" do_hash "SHA256" "sha256sum" ' > ~/generate-release.sh && chmod +x ~/generate-release.sh
Generate Release File
cd ${REPOSITORYDIRECTORY}/dists/stable # Alternative: apt-ftparchive release . > Release ~/generate-release.sh | sudo tee -a Release
Install GPG
sudo apt-get update && sudo apt-get install -y gpg
Create GPG Batch File
cat > ~/$KEYNAME.batch << EOF %echo Generating PGP key... Key-Type: RSA Key-Length: 4096 Name-Real: ${KEYNAME} Name-Email: ${EMAIL} Expire-Date: 0 %no-ask-passphrase %no-protection %commit %echo Done EOF
# Create Working Directory
mkdir ~/$KEYNAME
Set 'GNUPGHOME' to a Temporary Directory
export GNUPGHOME="$(mkdir -p ~/$KEYNAME/gpg)"
Generate PGP Keys
gpg --no-tty --batch --gen-key ~/$KEYNAME.batch
Export Public Key
gpg --armor --export $KEYNAME > ~/$KEYNAME/pgpkey.public
Export Private Key
gpg --armor --export-secret-keys $KEYNAME > ~/$KEYNAME/pgpkey.private
Import PGP Keys
cat ~/${KEYNAME}/pgpkey.private | sudo gpg --import
Create 'Release.gpg' File from 'Release' File
sudo gpg --armor --output ${REPOSITORYDIRECTORY}/dists/stable/Release.gpg --detach-sign ${REPOSITORYDIRECTORY}/dists/stable/Release
Create 'InRelease' File
sudo gpg --digest-algo SHA256 --clearsign --output ${REPOSITORYDIRECTORY}/dists/stable/InRelease ${REPOSITORYDIRECTORY}/dists/stable/Release
Copy Public Key to APT Key Directory
cat ~/${KEYNAME}/pgpkey.public | sudo tee -a ${REPOSITORYDIRECTORY}/project/${ORGANISATION}-archive-keyring.gpg
Create index.html
cat > /var/www/html/index.html << EOF <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Custom APT Repository</title> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <style type="text/css"> body { font-family: Calibri, Verdana, Helvetica, sans-serif; } main > section > code { display: block; white-space: pre; font-family: "Lucida Console", "Courier New", monospace; } </style> </head> <body> <main> <h1>Custom APT Repository</h1> <section> <header>Set Environment Variables</header> <code lang="sh"> SERVERADDRESS=192.168.1.12 ORGANISATION=pirho PACKAGE=hello-world </code> </section> <section> <header>Get Public Key</header> <code lang="sh"> wget -q -O - http://$SERVERADDRESS/project/$ORGANISATION-archive-keyring.gpg | sudo gpg --dearmor --output /usr/share/keyrings/$ORGANISATION-archive-keyring.gpg </code> </section> <section> <header>Add Repository to APT Sources List</header> <code lang="sh"> echo "deb [arch=amd64 signed-by=/usr/share/keyrings/$ORGANISATION-archive-keyring.gpg] http://$SERVERADDRESS stable main" | sudo tee /etc/apt/sources.list.d/$ORGANISATION.list </code> </section> <section> <header>Install Package</header> <code lang="sh"> sudo apt-get update sudo apt-get install $PACKAGE </code> </section> </main> </body> </html> EOF