To the extent possible under law, Andreas Hurka has waived all copyright and related or neighboring rights to Debian packaging - cheatsheet. This work is published from: Germany.
A metapackage is a package that does not contain software but depends on any number of other packages. A metapackage can be used to easily install a large number of packages or curate a list of packages to be installed on a larger number of systems. When a newer version of a metapackage gets installed, so will new dependencies, while old dependencies that aren't used anymore will (usually) stay until they are manually removed.
Here is one way of creating metapackages for Debian 10:
First create a new directory named after the metapackage. In this directory create another directory with the name of the metapackage followed by "-" and the version number. The name of this second directory should look something like this: testrepo-1.0 . Replace "testrepo" with the name of your package.
Inside this directory create a last directory called DEBIAN .
Here create a plain text file called control . This file describes the properties of the package. Fill it with information as follows:
Source: testrepo
Maintainer: Your Name <your@email.address>
Priority: optional
Build-Depends: debhelper (>=9)
Package: testrepo
Architecture: all
Version: 1.0-1
Depends: audacity, krita
Section: misc
Description: A short description
A longer description over multiple lines
The Source and Package fields can just be set to the name of the metapackage.
You are the package maintainer, therefore the Maintainer field should feature your name and e-mail address. Mind the angle brackets.
Priority and Section should be set to optional and misc respectively, as your metapackage probably isn't vital to the computers core functionality.
The Build-Depends filed specifies what packages are required to build this package. The end user will not need these, as they get the already compiled package. A metapackage doesn't require code to be compiled, so that the only build dependency is debhelper (>=9) .
The Architecture refers to the CPU-Architecture. Common ones are amd64, arm64 or riscv64 . A metapackage doesn't come with compiled programs and is therefore independent from the systems architecture. all tells the package manager, that this package can be installed on any system.
You might notice that the Version is different from the one in the directory name. This is due to the fact that in addition to the Version of the packaged software Debian also asks for the build version. This is relevant when an error in building the package results in a bug for the end user and a new version has to be released without a new version of the packaged software being available.
The Depends field contains the functionality of a metapackage. It defines, which other packages need to be installed to be able to use this package. List the packages you want to automatically be installed when installing this package here.
There are two values associated with Description , one short description following in the same line and a longer description which should be in the next line and indented using tab. Those two descriptions will appear in different places.
You should also consider adding a changelog file. A changelog contains the changes since the previous release:
testrepo (1.0-1) UNRELEASED; urgency=medium
* Initial release.
-- Your Name <your@email.address> Wed, 12 May 2021 19:44:22 +0200
To build this package, open a terminal and navigate to the first directory we created (the one without a version number) and run the following command:
dpkg-deb -b ./testrepo-1.0
(Replace "testrepo" with the name of your package).
Running ls or opening the directory in a file browser will reveal a new file called testrepo-1.0.deb . This is already a complete metapackage and can be installed on any Debian 10 system. (Technically packages should be signed to ensure authenticity, we will get to this later.)
A package repository is a machine readable directory with packages and various support files. A repository is used to publish software packages for a linux distribution. Package managing software can then detect when a new version is available and download the new package from the repository, without the user having to go to some website and finding the download button.
Luckily there are many tools that set up a repository. Most of them are pretty old or appear to lack in documentation or features, some require changes files for pushing updates etc.
We will be using reprepro as it does all we need and is relatively easy to work with.
nginx)
gnupg installed on the server
reprepro installed on the server
dpkg-sig installed on the server
Packages in Debian repositories should be digitally signed to ensure authenticity, for this a gpg key is needed. Some recommend creating a master key which then trusts another key to increase security. For more information see this Digital Ocean guide. We will take the easy route and just create a single key. For this rungpg --full-generate-key
and select the first option (RSA and RSA) as well as the key size, longer keys should be more secure. Then enter your name and e-mail address. This will create the key we need.
To allow others to use that key to verify the authenticity of our packages they need the public key. To export the key rungpg --armor --output ./your@email.address.gpg.key --export your@email.address
this will create an ASCII formatted text file with the public key in it. Save this file somewhere in the directory exposed to the internet.
To sign our package, first upload it to the server (if it isn't already there). If you are connected to the server via ssh this can be done with scp (While not logged in to the server):scp /path/to/package.deb username@server.ip:/path/to/where/you/want/the/package.deb
Make sure to keep the name of the file the same.
Then sign the package with this command(on the server again):dpkg-sig --sign builder /path/to/package/on/server.deb
For the repository create a directory inside the directory exposed to the internet. This will be the repository. Here create another directory called conf . In there create a plain text file called distributions with the following contents:Codename: buster
Components: main
Architectures: all
SignWith: yes
The SignWith filed says that we want to sign the repository, if you have multiple keys you should specify which one to use here, otherwise yes will do just fine. buster is the code name for Debian 10, if you are packaging for another Debian based distro using the fitting code name.
reprepro -V -b /path/to/your/repository includedeb buster /path/to/the/package.debTo be able to use this repository users will first have to import the key:wget -O - https://server.ip/path/to/public/key.gpg.key | sudo apt-key add -
There commands will add the repository to apt and refresh apt so that it can be used right away:sudo apt-add-repository https://server.ip/path/to/repository/Now the packages (like the metapackage from above) in your repository can be installed and upgraded just like the ones in the official repositories of your distro.
sudo apt-get update
I do not guarantee these instructions to be safe, best-practice or even working at all or the information given to be true. I just tried to backtrack the steps I took to get to a working setup.
If you find something that doesn't work, have an idea on how to improve this cheatsheet, or just need further help (although I am not an expert), feel free to let me know:
e-mail: ah@qvxb.de
Matrix: @gaboversta:matrix2.andressing.eu
This work is published under the CC0 1.0 license:
To the extent possible under law, Andreas Hurka has waived all copyright and related or neighboring rights to Debian packaging - cheatsheet. This work is published from: Germany.