Setting Up An APT Repository With reprepro And nginx On Debian Wheezy

This tutorial explains how to set up an apt repository with the tool reprepro and a Debian Wheezy system. The repository will be served by an nginx server.

1 Preliminary Note

In this tutorial I want to set up a small apt repository for the nginx packages that I built in the tutorial Using ngx_pagespeed With nginx On Debian Jessie/testing. Therefore my repository will be fpr Debian testing, not stable, so you have to adjust this tutorial where appropriate.

2 Generating A Key For Signing Packages

We will have to create a key for signing packages. This key can be generated with gnupg which we install as follows:

apt-get install gnupg

On servers, when generating a key, you might see this common error:

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

To avoid this, we install rng-tools:

apt-get install rng-tools

Open /etc/default/rng-tools...

vi /etc/default/rng-tools

... and make sure you have the following line in it:

[...]
HRNGDEVICE=/dev/urandom
[...]

Then start rng-tools...

/etc/init.d/rng-tools start

... and generate your key:

gpg --gen-key

3 Configuring Your Repository

Install reprepro:

apt-get install reprepro

Let's use the directory /var/packages as the root directory for our repository. Create the directory /var/packages/debian/conf:

mkdir -p /var/packages/debian/conf

Let's find out about the key we have created in chapter 1:

gpg --list-keys

root@server1:~# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/434433F2 2014-02-05
uid                  Falko Timme (Falko Timme) <[email protected]>
sub   2048R/C7C1365D 2014-02-05

root@server1:~#

Our public key is C7C1365D. We have to use this from now on.

Create the file /var/packages/debian/conf/distributions as follows:

vi /var/packages/debian/conf/distributions

The address of our apt repository will be apt.example.com, so we use this in the Origin and Label lines. In the SignWith line, we add our public key (C7C1365D):

Origin: apt.example.com
Label: apt.example.com
Codename: testing
Architectures: amd64
Components: main
Description: Example APT Repository
SignWith: C7C1365D
DebOverride: override.testing
DscOverride: override.testing

Create the (empty) file /var/packages/debian/conf/override.testing:

touch /var/packages/debian/conf/override.testing

Then create the file /var/packages/debian/conf/options:

vi /var/packages/debian/conf/options

verbose
ask-passphrase
basedir /var/packages/debian

To sign our deb packages with our public key, we need the package dpkg-sig:

apt-get install dpkg-sig

My nginx deb packages that I want to import into the apt repository are located in the /usr/src/pagespeed directory. Let's sign those packages as follows (again, make sure you use the correct public key):

dpkg-sig -k C7C1365D --sign builder /usr/src/pagespeed/*.deb

Now we import the deb packages into our apt repository:

cd /var/packages/debian
reprepro includedeb testing /usr/src/pagespeed/*.deb

4 Configuring nginx

We need a webserver to serve our apt repository. In this example I'm using an nginx webserver.

apt-get install nginx

Configure a vhost for apt.example.com:

vi /etc/nginx/sites-available/apt.example.com.vhost

server {
  listen 80;
  server_name apt.example.com;

  access_log /var/log/nginx/packages-error.log;
  error_log /var/log/nginx/packages-error.log;

  location / {
    root /var/packages;
    index index.html;
    autoindex on;
  }

  location ~ /(.*)/conf {
    deny all;
  }

  location ~ /(.*)/db {
    deny all;
  }
}

Enable the vhost and reload nginx:

cd /etc/nginx/sites-enabled
ln -s ../sites-available/apt.example.com.vhost .
/etc/init.d/nginx reload

Let's create a GPG key for the repository:

gpg --armor --output /var/packages/apt.example.com.gpg.key --export C7C1365D

5 Using The Repository

To use the repository, place the following line in your /etc/apt/sources.list:

vi /etc/apt/sources.list

[...]
deb http://apt.example.com/debian/ testing main
[...]

If you want this repository to always have precedence over other repositories, you should have this line right at the beginning of your /etc/apt/sources.list and add the following entry to /etc/apt/preferences (check out our A Short Introduction To Apt-Pinning tutorial):

vi /etc/apt/preferences

Package: *
Pin: origin apt.example.com
Pin-Priority: 1001

Before we can use the repository, we must import its key:

wget -O - -q http://apt.example.com/apt.example.com.gpg.key | apt-key add -

Then update your package database:

apt-get update

Now you can start using the repository and install packages from it, e.g. like this:

apt-get install nginx

6 Links

Debian: http://www.debian.org/

Log in or Sign up

On this page