aptly┬Â

aptly is described on its website like this:
aptly is a swiss army knife for Debian repository management: it allows you to mirror remote repositories, manage local package repositories, take snapshots, pull new versions of packages along with dependencies, publish as Debian repository.

License┬Â

License information can be found here

Installation┬Â

To install aptly, you first need to download the latest binary distribution of aptly for 64-bit Linux. You can find the download link at https://www.aptly.info/download/.

Warning

This example shows the download for version 1.4.0. Make sure to use the latest version!

[isabell@stardust ~]$ wget https://github.com/aptly-dev/aptly/releases/download/v1.4.0/aptly_1.4.0_linux_amd64.tar.gz

[...]

[isabell@stardust ~]$

Then, you need to unpack the files to ~/bin.

Warning

This example shows the file name for version 1.4.0. Make sure to use the file name of the file you downloaded!

[isabell@stardust ~]$ tar xzf aptly_1.4.0_linux_amd64.tar.gz -C ~/bin
[isabell@stardust ~]$

Finally, you have to create a symlink, so that you can use aptly without specifying to full path. Again, make sure to use the correct filename according to the version you use.

[isabell@stardust ~]$ ln -s ~/bin/aptly_1.4.0_linux_amd64/aptly ~/bin/aptly
[isabell@stardust ~]$

Basic Configuration and Usage┬Â

This guide only shows a basic configuration and a very simple example of how aptly can be used. For more advanced use cases please consult the official documentation of aptly.

Create default config file┬Â

Aptly automatically generates ~/.aptly.conf with default contents as soon as you tell aptly to show the default configuration:

[isabell@stardust ~]$ aptly config show
Config file not found, creating default config at /home/isabell/.aptly.conf

{
    "rootDir": "/home/isabell/.aptly",
    "downloadConcurrency": 4,
    "downloadSpeedLimit": 0,
    "architectures": [],
    "dependencyFollowSuggests": false,
    "dependencyFollowRecommends": false,
    "dependencyFollowAllVariants": false,
    "dependencyFollowSource": false,
    "dependencyVerboseResolve": false,
    "gpgDisableSign": false,
    "gpgDisableVerify": false,
    "gpgProvider": "gpg",
    "downloadSourcePackages": false,
    "skipLegacyPool": true,
    "ppaDistributorID": "ubuntu",
    "ppaCodename": "",
    "skipContentsPublishing": false,
    "FileSystemPublishEndpoints": {},
    "S3PublishEndpoints": {},
    "SwiftPublishEndpoints": {}
}
[isabell@stardust ~]$

Configure Filesystem Endpoint┬Â

To configure a filesystem endpoint for publishing the packets, you can add the following entry to ~/.aptly.conf:

Warning

Replace isabell with your username!

{
  ...,
  "FileSystemPublishEndpoints": {
    "public": {
      "rootDir": "/var/www/virtual/isabell/html/repo",
      "linkMethod": "copy",
      "verifyMethod": "md5"
    }
  }
}

Configure Repository┬Â

You can create a new repository with the following command:

[isabell@stardust ~]$ aptly -distribution="stable" -architectures=amd64 repo create IsabellsRepo

Local repo [IsabellsRepo] successfully added.
You can run 'aptly repo add IsabellsRepo ...' to add packages to repository.
[isabell@stardust ~]$

Now you need to generate a GPG key. This can be achieved with the following commands:

[isabell@stardust ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: Verzeichnis `/home/isabell/.gnupg' erzeugt
gpg: Neue Konfigurationsdatei `/home/isabell/.gnupg/gpg.conf' erstellt
gpg: WARNUNG: Optionen in `/home/isabell/.gnupg/gpg.conf' sind w├Ąhrend dieses Laufes noch nicht wirksam
gpg: Schl├╝sselbund `/home/isabell/.gnupg/secring.gpg' erstellt
gpg: Schl├╝sselbund `/home/isabell/.gnupg/pubring.gpg' erstellt
Bitte w├Ąhlen Sie, welche Art von Schl├╝ssel Sie m├Âchten:
   (1) RSA und RSA (voreingestellt)
   (2) DSA und Elgamal
   (3) DSA (nur signieren/beglaubigen)
   (4) RSA (nur signieren/beglaubigen)
Ihre Auswahl? 1
RSA-Schl├╝ssel k├Ânnen zwischen 1024 und 4096 Bit lang sein.
Welche Schl├╝ssell├Ąnge w├╝nschen Sie? (2048) 4096
Die verlangte Schl├╝ssell├Ąnge betr├Ągt 4096 Bit
Bitte w├Ąhlen Sie, wie lange der Schl├╝ssel g├╝ltig bleiben soll.
         0 = Schl├╝ssel verf├Ąllt nie
      <n>  = Schl├╝ssel verf├Ąllt nach n Tagen
      <n>w = Schl├╝ssel verf├Ąllt nach n Wochen
      <n>m = Schl├╝ssel verf├Ąllt nach n Monaten
      <n>y = Schl├╝ssel verf├Ąllt nach n Jahren
Wie lange bleibt der Schl├╝ssel g├╝ltig? (0)
Schl├╝ssel verf├Ąllt nie
Ist dies richtig? (j/N) j

GnuPG erstellt eine User-ID um Ihren Schl├╝ssel identifizierbar zu machen.

Ihr Name ("Vorname Nachname"): Isabell Stardust
Email-Adresse: isabell@uber.space
Kommentar:
Sie haben diese User-ID gew├Ąhlt:
    "Isabell Stardust <isabell@uber.space>"

Ändern: (N)ame, (K)ommentar, (E)-Mail oder (F)ertig/(A)bbrechen? f
Sie ben├Âtigen eine Passphrase, um den geheimen Schl├╝ssel zu sch├╝tzen.

Wir m├╝ssen eine ganze Menge Zufallswerte erzeugen.  Sie k├Ânnen dies
unterst├╝tzen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas
tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.
Wir m├╝ssen eine ganze Menge Zufallswerte erzeugen.  Sie k├Ânnen dies
unterst├╝tzen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas
tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.
gpg: /home/isabell/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schl├╝ssel 807C769E ist als uneingeschr├Ąnkt vertrauensw├╝rdig gekennzeichnet
├ľffentlichen und geheimen Schl├╝ssel erzeugt und signiert.

gpg: "Trust-DB" wird ├╝berpr├╝ft
gpg: 3 marginal-needed, 1 complete-needed, PGP Vertrauensmodell
gpg: Tiefe: 0  g├╝ltig:   1  signiert:   0  Vertrauen: 0-, 0q, 0n, 0m, 0f, 1u
pub   4096R/A01A2680 2020-01-09
  Schl.-Fingerabdruck = AB2B 5151 5041 48D7 104F  8A9C 9414 BE64 A01A 2680
uid                  Isabell Stardust <isabell@uber.space>
sub   4096R/B748CEA8 2020-01-09

[isabell@stardust ~]$

Upload the package┬Â

You can now put the .deb package you want to publish in the home directory, for example via SFTP. For the rest of this guide, example-1.deb will be assumed as file name.

Add the package to the repository┬Â

[isabell@stardust ~]$ aptly repo add IsabellsRepo example-1.deb
Loading packages...
[+] example_1.0-1_all added
[isabell@stardust ~]$

Create a snapshot┬Â

[isabell@stardust ~]$ aptly snapshot create IsabellsRepo2020-01-09 from repo IsabellsRepo

Snapshot IsabellsRepo2020-01-09 successfully created.
You can run 'aptly publish snapshot IsabellsRepo2020-01-09' to publish snapshot as Debian repository.
[isabell@stardust ~]$

Publish the snapshot┬Â

[isabell@stardust ~]$ aptly -architectures=all publish snapshot IsabellsRepo2020-01-09 filesystem:public:
Loading packages...
Generating metadata files and linking package files...
Finalizing metadata files...
Signing file 'Release' with gpg, please enter your passphrase when prompted:

Sie ben├Âtigen eine Passphrase, um den geheimen Schl├╝ssel zu entsperren.
Benutzer: "Isabell Stardust <isabell@uber.space>"
4096-Bit RSA Schl├╝ssel, ID A01A2680, erzeugt 2020-01-09

Geben Sie die Passphrase ein:

Clearsigning file 'Release' with gpg, please enter your passphrase when prompted:

Sie ben├Âtigen eine Passphrase, um den geheimen Schl├╝ssel zu entsperren.
Benutzer: "Isabell Stardust <isabell@uber.space>"
4096-Bit RSA Schl├╝ssel, ID A01A2680, erzeugt 2020-01-09

Geben Sie die Passphrase ein:


Snapshot IsabellsRepo2020-01-09 has been successfully published.
Please setup your webserver to serve directory '/var/www/virtual/isabell/html/repo' with autoindexing.
Now you can add following line to apt sources:
  deb http://your-server/ stable main
Don't forget to add your GPG key to apt with apt-key.

You can also use `aptly serve` to publish your repositories over HTTP quickly.
[isabell@stardust ~]$

Publish GPG Key┬Â

Warning

Replace isabell with your username and A01A2680 with your public key ID!

[isabell@stardust ~]$ mkdir /var/www/virtual/isabell/html/key
[isabell@stardust ~]$ gpg --output /var/www/virtual/isabell/html/key/key.gpg --armor --export A01A2680
[isabell@stardust ~]$

Using the repository┬Â

On your local Debian-based system you can now add the repository by adding the following line to your local sources.list:

deb https://isabell.uber.space/repo stable main

You can add the key to your local system with:

[john@doe ~]$ curl -sSL https://isabell.uber.space/key/key.gpg | sudo apt-key add -

Updates┬Â

Note

Check the update feed regularly to stay informed about the newest version.

To update aptly, follow the installation procedure described above.


Tested with aptly 1.4.0, Uberspace 7.4

Written by: Thomas S. <https://github.com/Thomas--S/>