Dealing with personal repositories with debian
debian, gpg ·Every not so often I have/want to create/update my own debian package and I can’t quite remember to do the whole thing especially if it involves not only building but also
creating the right folders structure so that apt-get would work.
And earlier this week was no different, I was trying to resign ufw because my gpg key had expired.
This is basically a recipe for a bad experience and tools for debian/ubuntu seems to change every time, last time I used apt-ftp and it was working fine (aka creating me whole folders structure)
but this time it refused to work properly, so I ended up creating a Docker file to pack things and hopefully not have to figure out one more time in 2 years or so.
Side note on GPG
gpg now support an agent that deals with the secret key so even if you have everything working gpg -k will not show the key, you will need still to import the key manually (after obviously exporting it).
And a way to test that everything is working is to do echo "test" | gpg --clearsign if it works congrats everything is working with gpg.
Also it supports channeling connections over SSH so that if you do the builds on a different machine from where your keys are you can still make it work without needing to copy them over, just run something like ssh -R /path/on/the/remote/S.gpg-agent:/path/on/the/local/machine/S.gpg-agent.
The dockerfile
FROM debian:bookworm
RUN echo >/etc/apt/sources.list.d/debian.src.sources <<EOF
Types: deb-src
# http://snapshot.debian.org/archive/debian/20241223T000000Z
URIs: http://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
RUN apt-get update && apt-get install dpkg-dev quilt vim apt-utils strace aptly python3-distutils -y
RUN apt-get build-dep ufw -y
RUN mkdir /build && cd /build && apt-get source ufw
COPY newchangelog /
COPY control /
COPY entrypoint.sh /
RUN chmod a+x entrypoint.sh
ENV VERSION=stable
ENV DISTRIBUTION=debian
CMD /entrypoint.sh
I have the following for Ubuntu:
FROM ubuntu:noble
RUN echo "deb-src http://us.archive.ubuntu.com/ubuntu/ noble main restricted" >>/etc/apt/sources.list
RUN apt-get update && apt-get install dpkg-dev quilt vim apt-utils strace aptly -y
RUN apt-get build-dep ufw -y
RUN mkdir /build && cd /build && apt-get source ufw
COPY newchangelog /
COPY control /
COPY entrypoint.sh /
RUN chmod a+x entrypoint.sh
ENV VERSION=noble
ENV DISTRIBUTION=ubuntu
This is mostly geared toward ufw tweaking it for other packages should be straightforward.
I also have this entrypoint script:
#!/bin/bash
# simplify things when debugging
cat>/root/.bash_profile <<EOF
set -o vi
alias ls='ls --color'
EOF
gpg --import /exchange/public-key.asc
cd /exchange
ls -1 *.patch >> /build/ufw-*/debian/patches/series
cp /exchange/*.patch /build/ufw-*/debian/patches
cd /build/ufw-*
# Create new changelog
cat debian/changelog >>/newchangelog
mv /newchangelog debian/changelog
pushd ..
cp ufw_0.36.*.orig.tar.gz ufw_0.36.3.orig.tar.gz
popd
cp /control debian/control
# Actually create one source only package because that's what ubuntu/ppa requires and one for binary
# for debian
if [ ${DISTRIBUTION:-meh} == "debian" ]; then
DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage
else
DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -S -sa
fi
if [ ${DISTRIBUTION:-meh} == "debian" ]; then
mkdir -p /exchange/debs
mv ../ufw_0.36.3* /exchange/debs
aptly repo create -distribution=stable -component=main ufw-release
aptly repo add ufw-release /exchange/debs
aptly publish repo -architectures="amd64,source" ufw-release
mkdir -p /exchange/repo
cp -a /root/.aptly/public/* /exchange/repo
else
mv ../ufw_0.36.3* /exchange/debs-${DISTRIBUTION}
fi
One more time very much geared toward my needs for UFW but there is good chunk in it like how to deal with aptly and make it work when you don’t have real binaries (ie. _all files).
Finally I run the image with something like:
docker buildx build . -t debian:bookworm-custom && docker run -it -v /path_to_gpg/S.gpg-agent:/root/.gnupg/S.gpg-agent -v /root/exchange:/exchange debian:bookworm-custom
For the good measure I also added building ubuntu packages, at the end in the exchange folder in the root user directory in my docker VM I have what I need: