Hosting a Debian Repository

Last week, I came across an old post by Drew DeVault (I highly recommend his blog, BTW) and it resonated with me quite a lot. I immediately saw the light and wanted a proper way to effortlessly install the new versions of the little pieces of software I need on all my machines that need them. This has become quite a pain in the behind recently: the need to manually copy the binaries onto both my Raspberry Pi “home server” and the VPS that runs my site resulted in me using older versions of that I myself wrote, and manually downloading and installing new versions of Hugo onto the VPS, my laptop, and my desktop at home became quite a chore. Now that my own repository is up and running, most of these things will happen automatically. Isn’t it good to have computers do things for you instead of the other way around?!

You can use my repository, too, if you feel so inclined. The APT sources.list line is

deb [signed-by=/usr/share/keyrings/nekr0z.asc] stable main

(assuming that you saved the key to /usr/share/keyrings/nekr0z.asc, of course).

The proper Debian way of doing things is quite a hassle, but there are nice workarounds available. I use aptly to manage my repository, and it was really easy to set up:

aptly repo create myrepo

was enough to create a repository named “myrepo”. I then created a PGP key to sign the repository, added some packages:

aptly repo add myrepo <filename>.deb

and had aptly create the repository in the local filesystem:

aptly publish repo -distribution="stable" -gpg-key="A9C8BD9C3A5754D4" myrepo

After that, the repository was ready to use in ~/.aptly/public/, so I could serve it over HTTP right away, or, in my case, rsync it to my VPS and serve it from there.

Now, if I want I can add new packages or make changes to the “myrepo” repository, and then

aptly publish update -gpg-key="A9C8BD9C3A5754D4" stable

Of course, doing everything manually is not fun, so I wrote a couple of little scripts to do the adding, the publishing and the rsyncing all in one go. I used the little trick I learned from the same blog to have Github automatically trigger the repository update once I release a new version of my own software; the function itself looks something like:

cd /tmp/
mkdir debs
cd debs
for arch in amd64 arm64; do
    lnk=$(curl -s$1/releases/latest | grep browser_download_url | grep $deb | head -n 1 | cut -d '"' -f 4 | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
    wget -c $lnk
aptly repo add myrepo *.deb
rm -rf /tmp/debs/
aptly publish update -gpg-key="A9C8BD9C3A5754D4" stable
rsync <...>

(here $1, of course, is the case-supplied argument like nekr0z/

Comments can be sent as webmentions or by email.