:: Re: [DNG] Devuan package repository
Top Page
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
Subject: Re: [DNG] Devuan package repository
On Thu, 30 May 2024 18:06:02 +0200
Antony Stone <Antony.Stone@???> wrote:

> Hi.
>
> Would anyone mind explaining to me how the Devuan package repository works?
>
> My understanding is that it actually contains only the packages which have
> been forked by Devuan, and any packages which are systemd-free in Debian are
> simply "linked-through" in some way so that accessing the repository at
> http://deb.devuan.org/merged gives the combined Devuan (if forked) and Debian
> (if not forked) packages.
>
> I assume this is the origin of the path "merged" in the URL.
>
> How has that been done, please?
>
> I have modified some Debian packages in ways nothing to do with systemd, and I
> currently assign them slightly different version numbers from Debian's, and
> then pin them on the machines I want to use them on so that they don't get
> "upgraded" to a newer version of the Debian package which doesn't have my
> modifications.
>
> However, if I could simply set up my own repository which contains my packages
> and passes through requests for anything else to the Devuan repository, this
> could make life quite a bit easier (and more consistent).
>
> So, assuming my basic understanding of how this works is correct, can anyone
> explain to me how it's been done please?

Hi,
you need to install apache to serve the packages to the other machines
and create a repo with this instructions (that need to be re-run
every time you add/remove packages):

#!/bin/sh
#mkdir -f /var/www/apt-repo
cd /var/www/apt-repo
rm -fr Release
rm -fr Packages
dpkg-scanpackages --hash sha256 --arch amd64 -m . > Packages
apt-ftparchive release . > Release
rm -fr Release.gpg
gpg --quiet --default-key YOURKEYXXXXXXXXXXXXXXXXXX --digest-algo SHA256 --armor --output Release.gpg --detach-sign Release
rm -fr InRelease
gpg --quiet --default-key YOURKEYXXXXXXXXXXXXXXXXXX --digest-algo SHA256 --clearsign --output InRelease Release
# To sign debs
#dpkg-sig -k YOURKEYXXXXXXXXXXXXXXXXXX --sign repo *.deb
# To check
#dpkg-sig -c *.deb
chown -R www-data.www-data .

------------------------------------------------------------
You can also sign the packages and run the transactions over https
for improved security.

On the client side:
1) add the key (apt-key add ?)
2) add the repo to /etc/apt/sources.list

deb http://yourserver.xyz:yourport/ ./

3) in  /etc/apt/preferences.d/ add a file giving higher priority to the
      packages from your server so they are installed instead of the
      packages from the main repos:


Package: *
Pin: origin "yourserver.xyz"
Pin-Priority: 97

Hope this helps.

Ciao,
Tito





>
> Antony.
>