Trivial apt repositories use a simple flat file structure, but do not support "secure apt". Hence, in order to set up an apt repository that does not prompt for verification of package updates such as a Personal Package Archive (PPA) it is necessary to configure a non-trivial apt repository.
The non-trivial repository file structure must contain:
debian
+ dists
+ { archive, e.g. stable } /Release, Release.gpg(package release info)
+ { component, e.g. main }
+ { architecture, e.g binary-amd64 } /Packages, Packages.gz, Release(architecture release info)
+ source / (if empty, source packages will not be available)
+ pool /*.deb (Packages)
To set up crypto ability on the server install and run gpg. RSA key required, 4096 bytes recommended, if a blank password is used you will not be prompted for a password to sign the Release file.
Notes:
*The package Release file *must* contain a line for "Suite: "
**Create the Packages files *before* creating the package Release file.
To create a package list Release file use an application like apt-ftparchive. Note that the files listed in the Release file must be relative to the debian/dists/{archive} directory. E.g.:
cd /var/www/debian/dists/stable
echo "Suite: stable" > Release
apt-ftparchive release . >> Release
One example method of how to sign the Release file:
cd /var/www/debian/stable
gpg --default-key "My key name" -abs -o Release.gpg Release
To use the repository on a client add a line to /etc/apt/sources.list.d/custom.list:
deb http://{server}/debian/ {archive} {component}
To remove the verification prompt on the client export the key from the server, transfer to the client and install to apt:
Server: gpg --armor --export "My key name" > myserver.gpg.key
Client: apt-key add myserver.gpg.key
No comments:
Post a Comment