Skip to content

Instantly share code, notes, and snippets.

@stvhay

stvhay/freight.md

Last active December 7, 2022 13:28
Show Gist options
  • Save stvhay/6df8d7a5b2df010e0fe56a2d3fd9136f to your computer and use it in GitHub Desktop.
Save stvhay/6df8d7a5b2df010e0fe56a2d3fd9136f to your computer and use it in GitHub Desktop.
Download ZIP
Using Freight
Raw
freight.md

Configuring and Using GPG+Freight

gpg_email="[email protected]"
reponame="aptrepo"
apt_manager="apt"
apt_distro="sid"
apt_archs="arm64"
apt_origin="stvhay"
apt_label="stvhay"
apt_key="F06332423E4AD8A83FE448D72A6717AEB1CA258F"

export GPG_TTY=$(tty)
gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key "$gpg_email"
freight-init -g "$gpg_email" --archs="$apt_archs" --origin="$apt_origin" --label="$apt_label" "$reponame"
freight add -c "$reponame/etc/freight.conf" *.deb "$apt_manager/$apt_distro"
freight cache -c "$reponame/etc/freight.conf"

Use deb tools (reprepro)

# Configure gpg
cat > ~/.gnupg/gpg.conf <<EOF
# Prioritize stronger algorithms for new keys.
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
# Use a stronger digest than the default SHA1 for certifications.
cert-digest-algo SHA512
EOF

# Create key
gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key "$gpg_email"

# Nginx
cat > /etc/nginx/sites-available/myrepo.example.com <<EOF
server {
  listen 80;

  access_log /srv/nginx/myrepo.example.com/access.log;
  error_log  /srv/nginx/myrepo.example.com/error.log;

  location / {
    root /srv/nginx/myrepo.example.com/root/;
    autoindex on;
  }

  location ~ /(.*)/conf {
    deny all;
  }

  location ~ /(.*)/db {
    deny all;
  }
}
EOF

# If you don't feel like running webserver yourself for the repository, you may be able to 
# use free webservers if the repository is small enough to meet their acceptable use policy.
#
# Many free source code hosting services such as Github and Gitlab comes with web site hosting 
# service with https://<username>.github.io like URL. They can be used to host a package 
# repository. The repository content transfer is as easy as committing them to 
# the <username>.github.io repository. 

# Configure the distribution
mkdir -p /srv/nginx/myrepo.example.com/root/conf
cat > /srv/nginx/myrepo.example.com/root/conf/distributions <<EOF
Origin: $apt_origin
Label: $apt_label
Codename: $apt_distro
Architectures: $apt_archs
Components: main
Description: Apt repository for project x
SignWith: $apt_key
EOF

# Configure options
cat > /srv/nginx/myrepo.example.com/root/conf/options <<EOF
verbose
basedir /srv/nginx/myrepo.example.com/root
ask-passphrase
EOF

reprepro includedeb $apt_distro *.deb

FPM

https://fpm.readthedocs.io/en/latest/getting-started.html

export GEM_HOME="$HOME/.local"
gem install fpm

# example
fpm \
  -s dir \
  -t deb \
  -p hello-world-0.1.0-1-any.deb \
  --name hello-world \
  --license agpl3 \
  --version 0.1.0 \
  --architecture all \
  --depends bash --depends lolcat \
  --description "Say hi!" \
  --url "https://example.com/hello-world" \
  --maintainer "You The Amazing Person <you are an amazing person at example dot com>" \
  hello-world=/usr/bin/hello-world \
  hello-world.1=/usr/share/man/man1/hello-world.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment