Setting up an APT repository with Reprepro and Apache

This post can be considered a continuation of my previous ones:

• How to create a Debian package
• Debian packaging with Pbuilder

Following next steps we will set up a signed Debian repository, using Reprepro and Apache2.

1.- Installing the tools

 root@server:~# apt-get install apache2 dpkg-sig reprepro  

2.- Configuring Apache2 with reprepro

 root@server:~# mkdir -p /var/www/repos/apt/debian  

Then we need to edit /etc/apache2/apache2.conf file, adding the following line:

 ServerName localhost  

Now we need to create /etc/apache2/conf-availabe/repos.conf with this content:

 <Directory /var/www/repos/ >  
     # We want the user to be able to browse the directory manually  
     Options Indexes FollowSymLinks Multiviews  
     Order allow,deny  
     Allow from all  
 </Directory>  
 # This syntax supports several repositories, e.g. one for Debian, one for Ubuntu.  
 # Replace * with debian, if you intend to support one distribution only.  
 <Directory "/var/www/repos/apt/*/db/">  
     Order allow,deny  
     Deny from all  
 </Directory>  
 <Directory "/var/www/repos/apt/*/conf/">  
     Order allow,deny  
     Deny from all  
 </Directory>  
 <Directory "/var/www/repos/apt/*/incoming/">  
     Order allow,deny  
     Deny from all  
 </Directory>  

At last, we need to enable repos site configuration in Apache:

 root@server:/etc/apache2/conf-available# a2enconf repos  
 root@server:/etc/apache2/conf-enabled# apache2ctl configtest  
 Syntax OK  
 root@server:/etc/apache2/conf-enabled# service apache2 restart  

3.- Configuring Reprepro

 root@server:~# mkdir -p /var/www/repos/apt/debian/conf  

Now we create the file /var/www/repos/apt/debian/conf/distributions, with the following content:

 Origin: Debian  
 Label: Sid apt repository  
 Codename: sid  
 Architectures: i386 amd64  
 Components: main  
 Description: Apt repository for Debian unstable - Sid  
 DebOverride: override.sid  
 DscOverride: override.sid  
 SignWith: 870B8E2D  

 Origin: Debian  
 Label: Jessie apt repository  
 Codename: jessie  
 Architectures: i386 amd64  
 Components: main  
 Description: Apt repository for Debian testing - Jessie  
 DebOverride: override.jessie  
 DscOverride: override.jessie  
 SignWith: 870B8E2D  

 Origin: Debian  
 Label: Wheezy apt repository  
 Codename: wheezy  
 Architectures: i386 amd64  
 Components: main  
 Description: Apt repository for Debian stable - Wheezy  
 DebOverride: override.wheezy  
 DscOverride: override.wheezy  
 SignWith: 870B8E2D  

SingWith value, included above, needs to be taken from gpg --list-keys. This will be the key used to sign our packages.

 root@server:~# gpg --list-keys  
 pub  2048R/489CD644 2014-07-15  
 uid         Your Name <your_email_address@domain.com>  
 sub  2048R/870B8E2D 2014-07-15  

At last, we create the options file at /var/www/repos/apt/debian/conf/options:

 verbose  
 basedir /var/www/repos/apt/debian  
 ask-passphrase  

Note: We can also override Debian packages control file fields, by creating override files. In our case, for example, we could create /var/www/repos/apt/debian/conf/override.jessie with this content (used for our package named hello):

 hello         Priority     extra  
 hello         Section      admin  

4.- Adding a package to the repository

 root@server:/var/www/repos/apt/debian# reprepro includedeb jessie /opt/hello_0.1-1_i386.deb  

This will add our package hello_0.1-1_i386.deb to the APT repository. The command above will ask to insert a password, which is the same we used to sign the package. And, in case we want to remove the package from the repository we can use the following command:

 root@server:/var/www/repos/apt/debian# reprepro remove jessie hello  

5.- Providing the public key to repository users

We need to export our public GPG key to a file, and make it available at the web server so users can download it:

 root@server:~# gpg --armor --output public.gpg.key --export Your Name  
 root@server:~# mkdir /var/www/repos/apt/conf  
 root@server:~# cp public.gpg.key /var/www/repos/apt/conf/  

6.- Installing packages using the repository

 wget -O - http://YOUR_REPO_SERVER/repos/apt/conf/public.gpg.key | apt-key add -  
 echo "deb http://YOUR_REPO_SERVER/repos/apt/debian jessie main" >> /etc/apt/sources.list  
 apt-get update && apt-get install YOUR_PACKAGE  

7.- Useful commands

• List packages of a specific distribution: reprepro list DISTRIBUTION_CODENAME
• List packages matching a specific name: reprepro ls PACKAGE_NAME

As well, in case we want to remove a distribution from the repository, we need to:

• Remove it from /var/www/repos/apt/debian/conf/distributions
• Run reprepro delete clearvanished

References

https://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro

http://www.debian-administration.org/articles/286

https://wikitech.wikimedia.org/wiki/Reprepro

http://blog.jonliv.es/2011/04/26/creating-your-own-signed-apt-repository-and-debian-packages/