Skip to content

ðŸ“Ķ reprepro

reprepro is used as a local repository for deb packages.

Some apps, like SOPS, release deb files, but are not a part of the normal repository. Hosting them locally, allows me to download the package once and then easily update on all other containers.

🍓 Raspberry Pi Support

The raspi repository is used to support ARMv6 devices, such as the Raspberry Pi 1 and Raspberry Pi Zero W.

🛠 Installation

apt install reprepro apache2 gpg

⚙ Config

ðŸŠķ Apache

/etc/apache2/apache2.conf

echo "ServerName localhost" | tee -a /etc/apache2/apache2.conf

ServerName localhost

/etc/apache2/conf-availabe/repos.conf

cat <<EOF > /etc/apache2/conf-availabe/repos.conf 
--8<-- "reprepro/apache2/conf-available/repos.conf"
EOF

curl -Lo /etc/apache2/conf-availabe/repos.conf https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/apache2/conf-available/repos.conf

--8<-- "reprepro/apache2/conf-available/repos.conf"

Enable and test

(
    a2enconf repos && \
    apache2ctl configtest && \
    service apache2 restart
)

⚙ Config

ðŸ“Ķ Repository

Make directories

shell ( [ -d /srv/reprepro/debian/conf ] || mkdir -p /srv/reprepro/debian/conf [ -d /srv/reprepro/ubuntu/conf ] || mkdir -p /srv/reprepro/ubuntu/conf )

Generate new gpg keys

gpg --full-generate-key

gpg --list-keys  
 pub  2048R/489CD644 2014-07-15  
 uid         Your Name <[email protected]>  
 sub  2048R/870B8E2D 2014-07-15

Get short fingerprint

gpg -k [email protected] | sed -n '2p'| sed 's/ //g' | tail -c 9

short fingerprint

089C9FAF

Export public gpg key

gpg --export-options export-minimal -a --export 089C9FAF | sudo tee /srv/reprepro/public.gpg.key

/srv/reprepo/<dist>/conf/distributions

(
  cat <<EOF > /srv/reprepo/debian/conf/distributions
  --8<-- "reprepro/debian/conf/distributions"
  EOF
  cat <<EOF > /srv/reprepo/ubuntu/conf/distributions
  --8<-- "reprepro/ubuntu/conf/distributions"
  EOF
  cat <<EOF > /srv/reprepo/raspi/conf/distributions
  --8<-- "reprepro/raspi/conf/distributions"
  EOF

)

(
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/distributions /srv/reprepro/debian/conf/distributions
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/distributions /srv/reprepro/ubuntu/conf/distributions
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/raspi/conf/distributions /srv/reprepro/raspi/conf/distributions
)

(
  curl -Lo /srv/reprepro/debian/conf/distributions https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/distributions
  curl -Lo /srv/reprepro/ubuntu/conf/distributions https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/distributions
  curl -Lo /srv/reprepro/raspi/conf/distributions https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/raspi/conf/distributions
)

--8<-- "reprepro/debian/conf/distributions"

--8<-- "reprepro/ubuntu/conf/distributions"

--8<-- "reprepro/raspi/conf/distributions"

/srv/reprepo/<dist>/conf/options

cat <<EOF > /srv/reprepo/debian/conf/options
--8<-- "reprepro/debian/conf/options::3"
EOF
cat <<EOF > /srv/reprepo/ubuntu/conf/options
--8<-- "reprepro/ubuntu/conf/options::3"
EOF
cat <<EOF > /srv/reprepo/ubuntu/conf/options
--8<-- "reprepro/raspi/conf/options::3"
EOF

(
  curl -Lo /srv/reprepro/debian/conf/options https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/options
  curl -Lo /srv/reprepro/ubuntu/conf/options https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/options
  curl -Lo /srv/reprepro/raspi/conf/options https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/raspi/conf/options
)

(
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/options /srv/reprepro/debian/conf/options
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/options /srv/reprepro/ubuntu/conf/options
  ln -s /root/git/nicholaswilde/homelab/pve/reprepro/raspi/conf/options /srv/reprepro/raspi/conf/options
)

--8<-- "reprepro/debian/conf/options"

--8<-- "reprepro/ubuntu/conf/options"

--8<-- "reprepro/raspi/conf/options"

/srv/reprepo/<dist>/conf/override.<codename>

task symlinks

(
  sudo curl -Lo /srv/reprepro/debian/conf/override.bullseye https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/override.bullseye
  sudo curl -Lo /srv/reprepro/debian/conf/override.bookworm https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/override.bookworm
  sudo curl -Lo /srv/reprepro/debian/conf/override.trixie https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/override.trixie
  sudo curl -Lo /srv/reprepro/debian/conf/override.raspi https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/debian/conf/override.raspi
  sudo curl -Lo /srv/reprepro/ubuntu/conf/override.questing https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/override.questing
  sudo curl -Lo /srv/reprepro/ubuntu/conf/override.plucky https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/override.plucky
  sudo curl -Lo /srv/reprepro/ubuntu/conf/override.oracular https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/override.oracular
  sudo curl -Lo /srv/reprepro/ubuntu/conf/override.noble https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/override.noble
  sudo curl -Lo /srv/reprepro/ubuntu/conf/override.jammy https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/ubuntu/conf/override.jammy
  sudo curl -Lo /srv/reprepro/raspi/conf/override.bookworm https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepr/raspi/conf/override.bookworm
  sudo curl -Lo /srv/reprepro/raspi/conf/override.trixie https://github.com/nicholaswilde/homelab/raw/refs/heads/main/pve/reprepro/raspi/conf/override.trixie

)

(
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/override.bullseye /srv/reprepro/debian/conf/override.bullseye
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/override.bookworm /srv/reprepro/debian/conf/override.bookworm
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/override.trixie /srv/reprepro/debian/conf/override.trixie
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/debian/conf/override.raspi /srv/reprepro/debian/conf/override.raspi
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/override.questing /srv/reprepro/ubuntu/conf/override.questing
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/override.plucky /srv/reprepro/ubuntu/conf/override.plucky
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/override.oracular /srv/reprepro/ubuntu/conf/override.oracular
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/override.noble /srv/reprepro/ubuntu/conf/override.noble
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/ubuntu/conf/override.jammy /srv/reprepro/ubuntu/conf/override.jammy
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/raspi/conf/override.bookworm /srv/reprepro/raspi/conf/override.bookworm
  sudo ln -fs /root/git/nicholaswilde/homelab/pve/reprepro/raspi/conf/override.trixie /srv/reprepro/raspi/conf/override.trixie
)

(
  sudo touch /srv/reprepro/debian/conf/override.bookworm
  sudo touch /srv/reprepro/debian/conf/override.bullseye
  sudo touch /srv/reprepro/debian/conf/override.trixie
  sudo touch /srv/reprepro/debian/conf/override.raspi
  sudo touch /srv/reprepro/ubuntu/conf/override.questing
  sudo touch /srv/reprepro/ubuntu/conf/override.plucky
  sudo touch /srv/reprepro/ubuntu/conf/override.oracular
  sudo touch /srv/reprepro/ubuntu/conf/override.noble
  sudo touch /srv/reprepro/ubuntu/conf/override.jammy
  sudo touch /srv/reprepro/raspi/conf/override.bookworm
  sudo touch /srv/reprepro/raspi/conf/override.trixie
)

🔑 Environmental File

A .env file is used to set variables that are used with task and scripts.

homelab/pve/reprepro

task init

cp .env.tmpl .env

Edit the .env file with your preferred text editor.

.env 
--8<-- "reprepro/.env.tmpl"

🏷 Adding a New Release Codename

To add a new release codename to reprepro:

  1. Add a new override.<codename> file in /srv/reprepro/<dist>/conf.
  2. Add a new entry to /srv/reprepro/<dist>/conf/distributions file.

/srv/reprepro/<dist>/conf/distributions

Origin: Ubuntu
Label: Oracular apt repository
Codename: plucky
Architectures: amd64 arm64 armhf
Components: main
Description: Apt repository for Ubuntu stable - Plucky
DebOverride: override.plucky
DscOverride: override.plucky
SignWith: 089C9FAF

📝 Usage

ðŸ–Ĩ Server

Add deb file to reprepro.

(
  sudo reprepro -b /srv/reprepro/debian -C main includedeb trixie sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/debian -C main includedeb bullseye sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/debian -C main includedeb trixie sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/raspi -C main includedeb trixie sops_3.9.4_armhf.deb
  sudo reprepro -b /srv/reprepro/ubuntu -C main includedeb questing sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/ubuntu -C main includedeb plucky sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/ubuntu -C main includedeb oracular sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/ubuntu -C main includedeb noble sops_3.9.4_amd64.deb
  sudo reprepro -b /srv/reprepro/ubuntu -C main includedeb jammy sops_3.9.4_amd64.deb
)

ðŸ’ŧ Client

Download gpg key

curl -fsSL http://deb.l.nicholaswilde.io/public.gpg.key | gpg --dearmor -o /etc/apt/keyrings/reprepro.gpg

curl -fsSL http://deb.l.nicholaswilde.io/public.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/reprepro.gpg

Add repo and install.

/etc/apt/sources.list.d/reprepro.sources

(
  source /etc/os-release && \
  echo "Types: deb
URIs: http://deb.l.nicholaswilde.io/${ID}
Suites: ${VERSION_CODENAME}
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg" | tee /etc/apt/sources.list.d/reprepro.sources > /dev/null
  apt update && \
  apt install sops
)

(
  source /etc/os-release && \
  echo "Types: deb
URIs: http://deb.l.nicholaswilde.io/${ID}
Suites: ${VERSION_CODENAME}
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg" | sudo tee /etc/apt/sources.list.d/reprepro.sources > /dev/null
  sudo apt update && \
  sudo apt install sops
)

Types: deb
URIs: http://deb.l.nicholaswilde.io/debian
Suites: bookworm
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg

apt update && \
apt install sops

Types: deb
URIs: http://deb.l.nicholaswilde.io/debian
Suites: bullseye
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg

apt update && \
apt install sops

Types: deb
URIs: http://deb.l.nicholaswilde.io/debian
Suites: trixie
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg

apt update && \
apt install sops

Types: deb
URIs: http://deb.l.nicholaswilde.io/raspi
Suites: trixie
Components: main
Signed-By: /etc/apt/keyrings/reprepro.gpg

apt update && \
apt install sops

↔ Copy all package from one codename to another from noble to questing.

sudo reprepro -b /srv/reprepro/ubuntu/ copymatched questing noble '*'

📋 List all package information

find /srv/reprepro/ubuntu/dists/noble -name 'Packages.gz' -exec zcat {} +

â™ŧ Regenerate the Repository Index

This can fix BADSIG errors shown on remote hosts.

The badsig error means the Release.gpg file for that codename does not contain a valid signature for the Release file. The Release file itself contains a list of all other index files (like Packages.gz) and their checksums.

sudo reprepro -b /srv/reprepro/debian/ -V export noble

📜 Scripts

Some scripts are provided to help with common tasks.

ðŸ“Ķ Update Reprepro

The script update-reprepro.sh is used to compare the latest released versions of the apps specified with the SYNC_APPS_GITHUB_REPOS and PACKAGE_APPS variables in the .env file to the local versions.

If out of date, the compressed archives specified in the PACKAGE_APPS variable are downloaded, packaged into deb files, and added to reprepro and deb files located in the SYNC_APPS_GITHUB_REPOS variable are downloaded and add to reprepro.

Automation

The update-reprepro-service.sh script can be triggered automatically using a webhook. This is useful for continuous integration, for example, triggering an update after a new package has been built and pushed.

homelab/pve/reprepro

task update-reprepro

sudo ./update-reprepro.sh
package-apps.sh 
--8<-- "reprepro/update-reprepro.sh"

ðŸ“Ķ Package Neovim

The script package-neovim.sh is used to compare the latest released version of Neovim to the local version in reprepro.

If out of date, the compressed archive is downloaded, built, packaged into a deb file.

The reason this is separate from update-reprepro.sh is because dependencies need to get packaged along with the binary and an armhf version is not part of the release package.

There are three ways to build the Neovim package for different architectures:

  1. Docker: Use @pve/reprepro/docker/** on the localhost to build for multiple platforms.
  2. Ansible: Use @pve/reprepro/ansible/** if you have physical machines with different architectures.
  3. Manual Script: Log into each machine with a different architecture and run the @pve/reprepro/package-neovim.sh script.

Tip

To get multiple architectures of the deb file, the script may be run on different architecture platforms. For instance, I use my RPi2 to build the armv7l, RPi5 to build the arm64, and HP to build the amd64 version.

homelab/pve/reprepro

task package-neovim

sudo ./package-neovim.sh
package-neovim.sh 
--8<-- "reprepro/package-neovim.sh"

ðŸ“Ķ Package SOPS

The script package-sops.sh is used to compare the latest released version of SOPS to the local version in reprepro.

If out of date, the compressed archive is downloaded, built, packaged into a deb file.

The reason this is separate from update-reprepro.sh is because the sops repo doesn't offer an armhf version and so I manually build and package the armhf version and add it to reprepro.

Tip

To get multiple architectures of the deb file, the script may be run on different architecture platforms. For instance, I use my RPi2 to build the armhf version.

homelab/pve/reprepro

task package-sops

sudo ./package-sops.sh
package-sops.sh 
--8<-- "reprepro/package-sops.sh"

ðŸ“Ī Upload Deb Files

Once the neovim or sops deb files are built, they are copied to the current pve/reprepro folder. The upload-debs task can then be used to push the deb files to the reprepro LXC using scp.

The REMOTE_IP, REMOTE_USER, and REMOTE_PATH variables in the .env file are used to specify the reprepro LXC.

task upload-debs

🔔 Script Notifications

Some scripts can send notifications via Mailrise.

Set the MAILRISE_* variables and the ENABLE_NOTIFICATIONS variable in the .env file.

⏰ Cronjob

A cronjob can be setup to run every night to check the released versions.

2 A.M. nightly

(crontab -l 2>/dev/null; echo "0 2 * * * /root/git/nicholaswilde/homelab/pve/reprepro/update-reprepro.sh") | crontab -

crontab -e

0 2 * * * /root/git/nicholaswilde/homelab/pve/reprepro/update-reprepro.sh

Copy from one dist to another

Find the full path of the file
find /srv/reprepro/debian/pool -name "localsend-cli*1.2.2*.deb"
Include that file into the new repository
reprepro -b /srv/reprepro/raspi/ includedeb trixie /srv/reprepro/debian/pool/main/l/localsend-cli/localsend-cli_1.2.2_armhf.deb

Remove app

reprepro -b /srv/reprepro/raspi remove bookworm sops
Remove Only a Specific Architecture
reprepro -b /srv/reprepro/raspi -A armhf remove bookworm sops
List Only a Specific Version
reprepro -b /srv/reprepro/raspi listfilter bookworm "Package (== sops), Version (== 1.0.2)"
Remove Only a Specific Version
reprepro -b /srv/reprepro/raspi removefilter bookworm "Package (== sops), Version (== 1.0.2)"
Cleanup
reprepro -b /srv/reprepro/raspi deleteunreferenced

Traefik

homelab/pve/traefik/conf.d/reprepro.yaml 
--8<-- "traefik/conf.d/reprepro.yaml"

Task List

--8<-- "reprepro/task-list.txt"

🔗 References