aptly

From Mark Furneaux's Wiki
Jump to: navigation, search


aptly is a suite of tools for managing apt repositories. It provides a simple way to create repositories of custom packages without needing .changes files.

Installation

aptly can be installed by running:
# apt install aptly

Configuration

Begin by generating a gpg key for signing your releases. Start by defaulting gpg to not use SHA-1 keys by adding the following to ~/gnupg/gpg.conf:

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

Generate the key by running:
# gpg --gen-key
I recommend a 4096-bit RSA key.
Export this key somewhere on disk by running:
gpg --export --armor <keyname> > <my-key-file>.gpg
where <keyname> is the email used to create the key.

Create a config file in /etc/aptly.conf with the contents:

{
  "rootDir": "/tank/aptly",
  "downloadConcurrency": 4,
  "downloadSpeedLimit": 0,
  "architectures": ["i386", "amd64"],
  "dependencyFollowSuggests": false,
  "dependencyFollowRecommends": false,
  "dependencyFollowAllVariants": false,
  "dependencyFollowSource": false,
  "gpgDisableSign": false,
  "gpgDisableVerify": false,
  "downloadSourcePackages": false,
  "ppaDistributorID": "debian",
  "ppaCodename": "",
  "S3PublishEndpoints": {}
}

rootDir is where the database and pool will be stored.

Create a new repository by running:
$ aptly repo create -distribution=jessie -component=main <name>
where the distribution and name suit your needs.

Add your package files to the repository by running:
$ aptly repo add <name> <folder/of/packages>

Publish your repository by running:
$ aptly publish repo -gpg-key="keyname" <name>
This will create a /public folder in the rootDir specified in the config file. Link this directory to your webserver using any method of your choosing. The easiest is to create a symlink:
# ln -s /path/to/aptly/public /var/www/html/repo

Adding Packages

Run:
$ aptly repo add <name> <package_dir>
to add packages to the database.

Run:
$ aptly publish update <name>
to publish new the changes.

Setting Up Clients

Clients will need your public key which you exported earlier. It is advantageous to place the key on the same web server hosting the repository so it can be easily downloaded by running something like:
$ wget http://your-repo.com/<my-key-file>.gpg
and installed by running:
# apt-key add <my-key-file>.gpg

Add the requisite line in the system's /etc/apt/sources.list file:

deb http://your-repo.com/repo jessie <name>

Now all that's left is to update the apt cache:
# apt update