Hi all,
That was long, but here is my signed debian repository !
Investigations:
- Debian Repository HOWTO mostly describes trivial repository setup.
After some trial it appeared to me that trivial repositories cannot be signed (well at least will not be verified by atp)
- mini-dinstall does basically only trivial repository to.
- This article about Unofficial Debian repository describe a setup with debarchiver however this has special user, cronjob… it seamed quite complex to me
- Basically what I wanted was like a trivial repository but secured, and the solution was on the debian wiki, it first confirm that trivial repository are not compatible with apt-secure. And it give the solution:
Even with an “official archive”, you can create a much simpler archive than the real official one. This is explained in Debian Reference (lenny) using apt-ftparchive in apt-utils and dupload. All uploaded packages are located in a directory and no database server is needed. This may be good enough for people hosting a few packages.
Well this was good enough for me, also I’m currently not using dupload but I put the commands suggested as postupload in a script.
The update script, apt-ftparchive configuration and pgp public keys are on the root of the repository.
to use it:
#add in source.list
deb http://silicone.homelinux.org/repository/ unstable main
deb-src http://silicone.homelinux.org/repository/ unstable main
#for gpg signature verification get siliconerepositorykey.asc
# sudo apt-key add siliconerepositorykey.asc
The actual content of the repository is currently just one program: a hacked xrootconsole with ANSI color support, but this will be the subject of a next post 😉