Debian official package repositories is an excellent source for automatically downloading and installing packages. But the trouble starts when one needs to automatically install and distribute custom .deb packages. Easiest way to do that would be setting up a custom APT repository, but unfortunately the official Debian documentation seems to lack a nice small howto about that.
Therefore I dedicate this tutorial to my future self.
Debian packages are signed using GPG keys. So unless you already have one, let's create it:
$ gpg --gen-key
You'll be prompted to choose key type. For Debian packages you can select RSA (sign only). Next, select key size (go with the default) and then enter your name and email.
Next thing you need to do, is to convert your newly created key into text format (text is a lot easier to transport over internet) and for that purpose, the gpg utility has --armor option:
$ gpg --armor --export firstname.lastname@example.org --output email@example.com
If that command spewed some errors, then replace the email address with the one you used when you created the key in previous step.
Let's imagine you have already created a package and now want to add it to your new shiny repository. First, you need to sign the package. This is done via dpkg-sig tool which isn't usually installed by default:
$ apt-get install dpkg-sig
Signing process of the package is simple:
$ dpkg-sig --sign builder my_package.1.2_amd64.deb
Now, it's time to set up basic repository layout. For the sake of simplicity, we call it my-repo and also use the same name for the repository directory:
mkdir -p my-repo/conf
Inside the conf directory create file named distributions and fill it out. Here's mine:
Origin: apt.example.org Label: My example apt repository Codename: stretch Architectures: amd64 source Components: main Description: My debian package repo SignWith: yes Pull: stretch
Here, the most important part in this file is probably the
SignWith: yes line which states that we packages in our repository will be signed.
Now that we have our signed .deb, it's time for (almost) final push. First, make sure you that you can actually install package named reprepro:
$ apt-get install reprepro
And then add the package:
$ reprepro --ask-passphrase -V -b path-to/my-repo includedeb stretch /path/to/my_package.1.2_amd64.deb