Custom Debian APT repository

Debian official package repositories is an excellent source for automatically downloading and installing packages. But the trouble starts when one needs to automatically install and distribute custom .deb packages. Easiest way to do that would be setting up a custom APT repository, but unfortunately the official Debian documentation seems to lack a nice small howto about that.

Therefore I dedicate this tutorial to my future self.

Setting up a GPG key for signing packages

Debian packages are signed using GPG keys. So unless you already have one, let's create it:

$ gpg --gen-key

You'll be prompted to choose key type. For Debian packages you can select RSA (sign only). Next, select key size (go with the default) and then enter your name and email.

Next thing you need to do, is to convert your newly created key into text format (text is a lot easier to transport over internet) and for that purpose, the gpg utility has --armor option:

$ gpg --armor --export plaes@example.org --output plaes@example.org.gpg.key

If that command spewed some errors, then replace the email address with the one you used when you created the key in previous step.

Package signing

Let's imagine you have already created a package and now want to add it to your new shiny repository. First, you need to sign the package. This is done via dpkg-sig tool which isn't usually installed by default:

$ apt-get install dpkg-sig

Signing process of the package is simple:

$ dpkg-sig --sign builder my_package.1.2_amd64.deb

Setting up a package repository

Now, it's time to set up basic repository layout. For the sake of simplicity, we call it my-repo and also use the same name for the repository directory:

mkdir -p my-repo/conf

Inside the conf directory create file named distributions and fill it out. Here's mine:

Origin: apt.example.org
Label: My example apt repository
Codename: stretch
Architectures: amd64 source
Components: main
Description: My debian package repo
SignWith: yes
Pull: stretch

Here, the most important part in this file is probably the SignWith: yes line which states that we packages in our repository will be signed.

Adding package to repository

Now that we have our signed .deb, it's time for (almost) final push. First, make sure you that you can actually install package named reprepro:

$ apt-get install reprepro

And then add the package:

$ reprepro --ask-passphrase -V -b path-to/my-repo includedeb stretch /path/to/my_package.1.2_amd64.deb

That's it!

Making repository available

...