-
Notifications
You must be signed in to change notification settings - Fork 0
Hosting a Github Repo
Original Author - Assaf Morami
Modifier - Sourav Das
Publishing your own Debian packages and hosting it on a GitHub repo is pretty easy. This is a quick HowTo.
.
└── my_ppa
├── my_list_file.list
├── InRelease
├── KEY.gpg
├── Packages
├── Packages.gz
├── Release
├── Release.gpg
├── package-a_0.0.1_amd64.deb
├── package-a_0.0.2_amd64.deb
├── package-b_0.1.0_amd64.deb
├── package-b_0.1.1_amd64.deb
├── ...
└── package-z_1.0.0_amd64.deb
A working example can be found in Here and Here
You can name my_ppa
and my_list_file.list
whatever you like. I used those names because it's hard to name things.
Also don't forget to replace ${GITHUB_USERNAME}
with your GitHub user name and ${EMAIL}
with your email address.
Create a GitHub repo. We'll call it my_ppa
. Then go to https://github.com/${GITHUB_USERNAME}/my_ppa/settings
, and under GitHub Pages
select Source
to be master branch
.
Any HTTP server will work just fine, but GitHub pages is free, easy and fast.
Now clone the repo and put all of your debian packages inside:
git clone "[email protected]:${GITHUB_USERNAME}/my_ppa.git"
cd my_ppa
cp /path/to/my/package-a_0.0.1_amd64.deb .
Install gpg
and create a new key:
sudo apt install gnupg
gpg --full-gen-key
Use RSA:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA with 4096 bits:
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Key should be valid forever:
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Enter your name and email:
Real name: My Name
Email address: ${EMAIL}
Comment:
You selected this USER-ID:
"My Name <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
At this point the gpg
command will start to create your key and will ask for a passphrase for extra protection. I like to leave it blank so when I sign things with my key it won't promp for the passphrase each time.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B58FBB4C23247554 marked as ultimately trusted
gpg: directory '/home/assafmo/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/assafmo/.gnupg/openpgp-revocs.d/31EE74534094184D9964EF82B58FBB4C23247554.rev'
public and secret key created and signed.
pub rsa4096 2019-05-01 [SC]
31EE74534094184D9964EF82B58FBB4C23247554
uid My Name <[email protected]>
sub rsa4096 2019-05-01 [E]
B58FBB4C23247554
- This is your KEYID, If you want you can Asign it in a Variable DEBSIGN_KEYID=${YOUR_16CHAR_GPG_KEY_ID}" under ~/.devscripts
for fast sign your packages.
Note - Its a suffix string of long KEYID.
Finger print - The whole string is 40 chars long. Grouping 4 chars and add a space between each group make the whole string a finger print signature.
You can backup your private key using:
gpg --export-secret-keys [--armor] "${EMAIL}" > my-private-key.asc
And import it using:
gpg --import my-private-key.asc
Create the ASCII public key file KEY.gpg
inside the git repo my_ppa
:
gpg --armor --export "${EMAIL}" > /path/to/my_ppa/KEY.gpg
Note: The private key is referenced by the email address you entered in the previous step.
Inside the git repo my_ppa
:
dpkg-scanpackages --multiversion . > Packages
gzip -k -f Packages
Inside the git repo my_ppa
:
apt-ftparchive release . > Release
gpg --default-key "${EMAIL}" -abs -o - Release > Release.gpg
gpg --default-key "${EMAIL}" --clearsign -o - Release > InRelease
Inside the git repo my_ppa
:
echo "deb https://${GITHUB_USERNAME}.github.io/my_ppa ./" > my_list_file.list
This file will be installed later on in the user's /etc/apt/sources.list.d/
directory. This tells apt
to look for updates from your PPA in https://${GITHUB_USERNAME}.github.io/my_ppa
.
Commit and push to GitHub and your PPA is ready to go:
git add -A
git commit -m "my ppa repo is now hosted on github"
git push -u origin master
Now you can tell all your friends and users to install your PPA this way:
curl -s --compressed "https://${GITHUB_USERNAME}.github.io/my_ppa/KEY.gpg" | sudo apt-key add -
sudo curl -s --compressed -o /etc/apt/sources.list.d/my_list_file.list "https://${GITHUB_USERNAME}.github.io/my_ppa/my_list_file.list"
sudo apt update
Then they can install your packages:
sudo apt install package-a package-b package-z
Whenever you publish a new version for an existing package your users will get it just like any other update.
Just put your new .deb
files inside the git repo my_ppa
and execute:
# Packages & Packages.gz
dpkg-scanpackages --multiversion . > Packages
gzip -k -f Packages
# Release, Release.gpg & InRelease
apt-ftparchive release . > Release
gpg --default-key "${EMAIL}" -abs -o - Release > Release.gpg
gpg --default-key "${EMAIL}" --clearsign -o - Release > InRelease
# Commit & push
git add -A
git commit -m update
git push
- 🏠 Home
- ⚙️ Compiling
- 📃 Describing Project Tree
- 🔥 Creating Repo
- 🐧 All about GPG
- 💡 Multiple SSH Keys Tricks
- 🛠️ Troubleshooting