How to create a private apt package

How to create a private apt package?

Create a private apt package 

Private apt package management system used by Ubuntu and other Linux distributions based on Debian is called APT (Advanced Package Tool). Users may easily install, update, and delete software packages from their devices because of its user-friendly design. APT is a command-line utility that manages software packages through repositories.

A repository is a group of software applications that have been examined and found to be compatible with the distribution. The packages in the repository are arranged so that APT can easily discover and install them. New packages and modifications to old packages are often added to the repository.

Now start to create a private apt package. Follow the setups given below.

Create a pair of GPG keys

Software packages must be signed using a GPG private key, and the GPG public key must also be distributed so that users may validate the authenticity of the packages.

Build Your Own*.Deb Package

The default file extension for software packages created for Debian and Ubuntu distributions is .deb. For the sake of this tutorial, if the package is offered under an open-source license, you can download an existing .deb file. If you want to develop your software, I’ll walk you through the fundamental stages of creating a.deb file.

I provide Firefox as an illustration. Firefox no longer comes with Ubuntu in deb format. For Firefox, it just offers the Snap package. I occasionally use the Snap package since it’s a straightforward program, like the Let’s Encrypt client certbot. I use it to get a TLS certificate, after which I am free from concern. The web browser is a piece of software that I use constantly, but I prefer to use the traditional Debian package format because the Snap version of Firefox doesn’t work well with the file system.

A.deb file is simply an ar archive, identical to a.tar achive, on the inside. To convert a Firefox binary tarball into a.deb file, follow these steps. The procedures are slightly different if you wish to package using a source code tarball.

Type the CD command to your home directory

cd ~

Get the Firefox tarball from the Mozilla website.

wget https://download-installer.cdn.mozilla.net/pub/firefox/releases/107.0.1/linux-x86_64/en-US/firefox-107.0.1.tar.bz2

Take the archive out.

tar xvf firefox-107.0.1.tar.bz2

There is now a directory for Firefox. Because we want people to install the package to the /opt/firefox-deb/ directory on their machine, we need to build the opt/firefox-deb/ sub-directory under this directory.

mkdir -p ~/firefox/opt/firefox-deb

Open your file manager and transfer all additional files and directories to the /firefox/opt/firefox-deb/ directory.

Next, Make a DEBIAN directory.

mkdir ~/firefox/DEBIAN

a control file should be created in the DEBIAN directory.

nano ~/firefox/DEBIAN/control

The lines after are added to this file. The package name will be chosen by the Package argument.

Source: firefox

Maintainer: Xiao Guoan <xiao@linuxiron.com>

Section: misc

Priority: optional

Standards-Version: 3.9.2

Build-Depends: debhelper (>= 9)

Package: firefox-deb

Architecture: amd64

Description: Firefox web browser without the Snaps

Version: 107

Save the document, then exit. The next step is to build a.desktop file so the user may launch Firefox with ease. To create the usr/share/applications/ subdirectory, use the following command.

mkdir -p ~/firefox/usr/share/applications/

Create the .desktop file.

nano ~/firefox/usr/share/applications/firefox-deb.desktop

Then execute the subsequent command to create the.deb package.

dpkg-deb –build ~/firefox

Ubuntu compresses.deb files using zstd. Use other compression techniques, such as gzip, which are compatible with both Debian and Ubuntu, when creating.deb packages for Debian on an Ubuntu machine.

dpkg-deb -Zgzip –build ~/firefox

Put Your GPG Private Key to Use to Sign the Package

put the dpkg-sig utility in place.

sudo apt install dpkg-sig

The.deb package may then be signed by running the following command. You will have to input your key passphrase to unlock it, which will utilize your default GPG private key.

dpkg-sig –sign builder firefox.deb

Establish the APT Repository

Install the creator of the Debian package repository.

sudo apt install reprepro

The repository’s base directory should then be created.

sudo mkdir -p /var/www/repository/

The owner should be changed to your username.

sudo chown username:username /var/www/repository/

Make a subdirectory called “conf.

mkdir -p /var/www/repository/conf/

Make a text document called “distributions.”

nano /var/www/repository/conf/distributions

In this file, insert the following lines.

Origin: https://linuxiron.com

Label: apt repository

Codename: admin

Architectures: amd64

Components: main

Description: linuxiron package repository for Debian/Ubuntu

SignWith:  00000000000000

Pull: admin

Where

  • Origin: the hostname of your repository.
  • Label: Give it a name
  • Codename: Which operating systems your repository supports. For Ubuntu 22.04, use admin. Simply copy the aforementioned snippet, put it in the same file, and edit the codename if you wish to support various distros.
  • Architectures: could be amd64, i386, or source.
  • Components: Use main as the single Element if your repository doesn’t include many packages.
  • Description: Describe what this repository is for.
  • SignWith: A GPG key should be used to sign the repository. There will be a Release.gpg file created. Your GPG key ID must be entered here.

You may use the following command to discover your key ID. User-id should be changed to your GPG email address.

gpg –list-sigs user-id

How to create a private apt package

Save the document, then exit. The.deb file should then be added to the repository. Your GPG key passphrase will be required when prompted.

jammy /path/to/the/.deb_file reprepro -V –basedir /var/www/repository/ includedeb

-V: Verbose mode.

–basedir: Specify the base directory.

includedeb: Add deb package to the repository.

jammy :The distro’s code name. For users of Ubuntu 22.04, the deb package will be added in this instance.

How to create a private apt package

Keep in mind that running reprepro as root or using sudo will prevent it from locating your GPG key.

The GPG public key should now be added to the repository as well. To export your public key and put it in the repository base directory, issue the following command. Your GPG key’s email address is your user-id.

gpg –armor –export user-id | sudo tee /var/www/repository/gpg-pubkey.asc

apt

Upload the Repository to a Cloud Server

Build the repository on a cloud Linux server if you want other people to be able to utilise it. When you have one, use SSH to connect to the server and establish the same basic directory.

sudo mkdir -p /var/www/repository/

The two base folders are then synced using rsync. Put your cloud Linux server’s IP address in lieu of 12.34.56.78.

rsync -azP –delete /var/www/repository/ root@12.34.67.78:/var/www/repository/

(-a): Archive mode

-z : Compress file data when transferring

-P: Retain partly transferred files and indicate transfer progress

–delete: removes unused files from the target directory.

Install an HTTP server

To make the repository accessible to the whole Internet, we must now put up an HTTP server. Apache or Nginx are both options.

Nginx

On the cloud server, install Nginx.

sudo apt install nginx

A virtual host file should be created for the APT storage.

sudo nano /etc/nginx/conf.d/apt-repository.conf

The lines after are added to this file.

server {

listen 80;

server_name repo.linuxbabe.com;

access_log /var/log/nginx/apt-repository.access;

error_log /var/log/nginx/apt-repository.error;

location / {

root /var/www/repository/;

autoindex on;

}

location ~ /(.*)/conf {

deny all;

}

location ~ /(.*)/db {

deny all;

}

}

Save the document, then exit. Next, verify the Nginx settings.

sudo nginx -t

Reload Nginx if the test is successful.

sudo systemctl reload nginx

Apache

Install Apache on the cloud server if that’s what you wish.

sudo apt install apache2

A virtual host file should be made for the APT repository.

sudo nano /etc/apache2/sites-available/apt-repository.conf

The lines after are added to this file.

<VirtualHost *:80>

ServerName repo.example.com

ErrorDocument 404 /404.html

DocumentRoot /var/www/repository

<Directory /var/www/repository/ >

# We want the user to be able to browse the directory manually

Options Indexes FollowSymLinks Multiviews

Require all granted

</Directory>

# This syntax supports several repositories, e.g. one for Debian, one for Ubuntu.

# Replace * with debian, if you intend to support one distribution only.

<Directory “/var/www/repository/apt/*/db/”>

Require all denied

</Directory>

<Directory “/var/www/repository/apt/*/conf/”>

Require all denied

</Directory>

<Directory “var/www/repository/apt/*/incoming/”>

Require all denied

</Directory>

</VirtualHost>

Save the document, then exit. Next, make this virtual host active.

sudo a2ensite apt-repository.conf

Restart Apache.

sudo systemctl restart apache2

 

Enable HTTPS

We can activate HTTPS and encrypt HTTP traffic by installing a free TLS certificate from Let’s Encrypt. To install the Let’s Encrypt client (certbot) on Ubuntu 22.04/20.04, enter the following command.

sudo apt install certbot

You must also install the Certbot Nginx plugin if you use Nginx.

sudo apt install python3-certbot-nginx

Run the below command to get and install a TLS certificate.

sudo certbot –webroot -w /var/www/repository -i nginx –agree-tos –redirect –hsts –staple-ocsp –email you@example.com -d repo.example.com

You must set up the Certbot Apache plugin if you use Apache.

sudo apt install python3-certbot-apache

Run the below command to get and install a TLS certificate.

sudo certbot –webroot -w /var/www/repository -i apache –agree-tos –redirect –hsts –staple-ocsp –email you@example.com -d repo.example.com

Where:

–webroot: You may get a TLS certificate by using the webroot plugin.

-w: Cite the webroot location.

-i nginx: Installing the certificate is done using the nginx plugin.

-i apache: Install the certificate using the Apache extension.

–agree-tos:  Acceptance of the terms of service.

–redirect: By using a 301 redirect, force HTTPS.

–hsts: Each HTTP response should include the Strict-Transport-Security header. forcing the domain to utilise TLS in all browser interactions. Against SSL/TLS Stripping defence.

–staple-ocsp: Allows for OCSP Stapling. The server’s TLS certificate is attached to a legitimate OCSP response.

Now should be the time to automatically get and install the certificate.

Additionally, you may use a web browser to access you’re APT repository.

Test

We may now add the repository to a different machine to see whether it will function.

To import the GPG public key so that APT can validate package integrity during installation, issue the following command.

wget –quiet -O – https://repo.linuxbabe.com/linuxbabe-pubkey.asc | sudo tee /etc/apt/keyrings/linuxbabe-pubkey.asc

Integrate the repository.

echo “deb [signed-by=/etc/apt/keyrings/linuxbabe-pubkey.asc arch=$( dpkg –print-architecture )] https://repo.linuxbabe.com $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/firefox-linuxbabe.list

Reindex the repository.

sudo apt update

Set up Firefox. Not to worry. It won’t replace the current Firefox installation you have.

sudo apt install firefox-deb

Check the installation location.

dpkg -L firefox-deb

The /opt/firefox-deb/ directory will show that Firefox Deb is installed.

How to create a private apt package

And you may launch it using the following command or the programme menu on your computer.

/opt/firefox-deb/firefox

How to create a private apt package

You may be perplexed as to why I have three Firefox icons. mostly because I installed my own Firefox deb package, Firefox ESR, and the Snap version of the browser.

Run the Snap Firefox removal programme if you wish to

sudo systemctl disable –now var-snap-firefox-common-host\\x2dhunspell.mount

sudo snap remove firefox

Using my Firefox deb package has the benefit of allowing you to update the browser as soon as a new version is made available by Firefox. You are not need to wait for me to use sudo apt update to push the update.

How to create a private apt package

For removing a Package from the Repository

reprepro -V –basedir /var/www/repository/ remove jammy firefox

Then sync the repository.

rsync -azP /var/www/repository/ root@12.34.67.78:/var/www/repository/

 

Wrap Up

That’s how you can create private apt package. There are several benefits to creating your own repository.  It could be that you just have a small number of locally modified packages that you want to make available, that you want to run a local mirror with many machines using the same packages to conserve bandwidth, or that you have written your own packages and want to test them out before making them public.  These steps may be able to help you find a solution.

You can learn about linux more deeply by clicking the link below

https://linuxiron.com/what-is-linux-a-whole-introduction/

Learn about the linux commands by clicking the links below

https://linuxiron.com/echo-command-in-linux/

https://linuxiron.com/how-to-use-nice-renice-commands-in-linux/

https://linuxiron.com/how-to-use-kill-commands-in-linux/

https://linuxiron.com/a-beginners-guide-to-htop-for-process-management/

https://linuxiron.com/15-useful-yum-commands-in-linux/

https://linuxiron.com/how-to-use-the-top-command-in-linux/

https://linuxiron.com/17-ps-command-to-monitor-linux-process-with-examples-linuxiron/

https://linuxiron.com/12-cat-commands-in-linux-with-examples/

https://linuxiron.com/archiving-and-compressing-files-and-directories-in-linux/

https://linuxiron.com/how-to-run-the-du-command-in-linux/

Leave a Comment

Your email address will not be published. Required fields are marked *