THE PRAGMATIC SYSADMIN

Providing an APT repo with aptly and Apache

To see an working example of this setup:

• http://packages.vaporup.de
• http://apt.vaporup.de

Install aptly

apt-get install aptly

Create an extra user

adduser dhl

Full Name []: User for APT repo using aptly

Make sure there is enough disk space for all the files
Eventually put the home of this user on a separate mount

Create a GPG Key

Creating a GPG key which signs the files in the APT repo
so apt clients do not complain

Using ed25519 as SSH Key type here, but other types (RSA), work as well

1. Switch to your new user

2. Create the key

   dhl@host: gpg --expert --full-generate-key
   

   (9) ECC and ECC
   
   (1) Curve 25519
   
   0 = key does not expire
   
   Real name: APT REPO
   Email address: dhl@your-domain.com
   
   skip password
   

3. Check the new GPG key

   gpg --list-secret-keys --keyid-format=long
   

4. Export the new GPG key

   gpg --armor --export dhl@your-domain.com > dhl-repo-keyring.asc
   gpg         --export dhl@your-domain.com > dhl-repo-keyring.gpg
   

Prepare aptly

Example for Ubuntu 20.04 (Focal)
Remember: Do everything as your new aptly user (here dhl)

1. Create repo

   aptly repo create -distribution=focal -component=main focal-main
   

2. Import some example package

   Can be a .deb (binary package) or .dsc (source package)

   aptly repo add focal-main example_1.14.1_amd64.deb
   aptly repo add focal-main example_1.14.1.dsc
   

3. Publish your packages

   Importing a package does not make it available for apt yet.
   It is available only after the repo was published.
   The following step is only done once to initialize the repo.

   For origin and label use some unique string which identifiers your repo

   aptly publish repo \
   -architectures=amd64,i386,source \
   -origin=some-string-which-identifies-your-repo \
   -label=some-string-which-identifies-your-repo
   focal-main
   

   If you import more packages, you do:

   aptly publish update focal