-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPPA_hosting_how_to
170 lines (137 loc) · 6.1 KB
/
PPA_hosting_how_to
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
This is the link where the PPA hosting is explained: https://assafmo.github.io/2019/05/02/ppa-repo-hosted-on-github.html
Copy and Paste just in case:
Assaf Morami
Hosting your own PPA repository on GitHub
May 2, 2019 • Assaf Morami
Publishing your own Debian packages and hosting it on a GitHub repo is pretty easy. This is a quick HowTo.
A PPA repo can be as simple as one directory
.
└── my_ppa
├── my_list_file.list
├── InRelease
├── KEY.gpg
├── Packages
├── Packages.gz
├── Release
├── Release.gpg
├── package-a_0.0.1_amd64.deb
├── package-a_0.0.2_amd64.deb
├── package-b_0.1.0_amd64.deb
├── package-b_0.1.1_amd64.deb
├── ...
└── package-z_1.0.0_amd64.deb
A working example can be found in https://github.com/assafmo/ppa.
You can name my_ppa and my_list_file.list whatever you like. I used those names because it’s hard to name things.
Also don’t forget to replace ${GITHUB_USERNAME} with your GitHub user name and ${EMAIL} with your email address.
0. Creating a GitHub repo with your deb packages
Create a GitHub repo. We’ll call it my_ppa. Then go to https://github.com/${GITHUB_USERNAME}/my_ppa/settings, and under GitHub Pages select Source to be master branch.
Any HTTP server will work just fine, but GitHub pages is free, easy and fast.
Now clone the repo and put all of your debian packages inside:
git clone "[email protected]:${GITHUB_USERNAME}/my_ppa.git"
cd my_ppa
cp /path/to/my/package-a_0.0.1_amd64.deb .
1. Creating a GPG key
Install gpg and create a new key:
sudo apt install gnupg
gpg --full-gen-key
Use RSA:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA with 4096 bits:
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Key should be valid forever:
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Enter your name and email:
Real name: My Name
Email address: ${EMAIL}
Comment:
You selected this USER-ID:
"My Name <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
At this point the gpg command will start to create your key and will ask for a passphrase for extra protection. I like to leave it blank so when I sign things with my key it won’t promp for the passphrase each time.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B58FBB4C23247554 marked as ultimately trusted
gpg: directory '/home/assafmo/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/assafmo/.gnupg/openpgp-revocs.d/31EE74534094184D9964EF82B58FBB4C23247554.rev'
public and secret key created and signed.
pub rsa4096 2019-05-01 [SC]
31EE74534094184D9964EF82B58FBB4C23247554
uid My Name <[email protected]>
sub rsa4096 2019-05-01 [E]
You can backup your private key using:
gpg --export-secret-keys "${EMAIL}" > my-private-key.asc
And import it using:
gpg --import my-private-key.asc
2. Creating the KEY.gpg file
Create the ASCII public key file KEY.gpg inside the git repo my_ppa:
gpg --armor --export "${EMAIL}" > /path/to/my_ppa/KEY.gpg
Note: The private key is referenced by the email address you entered in the previous step.
3. Creating the Packages and Packages.gz files
Inside the git repo my_ppa:
dpkg-scanpackages --multiversion . > Packages
gzip -k -f Packages
4. Creating the Release, Release.gpg and InRelease files
Inside the git repo my_ppa:
apt-ftparchive release . > Release
gpg --default-key "${EMAIL}" -abs -o - Release > Release.gpg
gpg --default-key "${EMAIL}" --clearsign -o - Release > InRelease
5. Creating the my_list_file.list file
Inside the git repo my_ppa:
echo "deb [signed-by=/etc/apt/trusted.gpg.d/my_ppa.gpg] https://${GITHUB_USERNAME}.github.io/my_ppa ./" > my_list_file.list
This file will be installed later on in the user’s /etc/apt/sources.list.d/ directory. This tells apt to look for updates from your PPA in https://${GITHUB_USERNAME}.github.io/my_ppa.
That’s it!
Commit and push to GitHub and your PPA is ready to go:
git add -A
git commit -m "my ppa repo is now hosted on github"
git push -u origin master
Now you can tell all your friends and users to install your PPA this way:
curl -s --compressed "https://${GITHUB_USERNAME}.github.io/my_ppa/KEY.gpg" | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/my_ppa.gpg >/dev/null
sudo curl -s --compressed -o /etc/apt/sources.list.d/my_list_file.list "https://${GITHUB_USERNAME}.github.io/my_ppa/my_list_file.list"
sudo apt update
Then they can install your packages:
sudo apt install package-a package-b package-z
Whenever you publish a new version for an existing package your users will get it just like any other update.
How to add new packages
Just put your new .deb files inside the git repo my_ppa and execute:
# Packages & Packages.gz
dpkg-scanpackages --multiversion . > Packages
gzip -k -f Packages
# Release, Release.gpg & InRelease
apt-ftparchive release . > Release
gpg --default-key "${EMAIL}" -abs -o - Release > Release.gpg
gpg --default-key "${EMAIL}" --clearsign -o - Release > InRelease
# Commit & push
git add -A
git commit -m update
git push
Sources
Export and import a GPG key
Creating your own Signed APT Repository and Debian Packages
Create your own custom and authenticated APT repository
A vscode ppa example by @tagplus5
What is the simplest Debian Packaging Guide?
Assaf Morami
Assaf Morami
assafmo
Things I have learned over time. :-)