• How to create a custom Repo for packages


    May limitations for free accounts?

  • here are the steps i took:

    Added to /etc/pacman.conf

    [repo_test]
    SigLevel = PackageRequired
    Server = https://sourceforge.net/p/fernando-maroto-repo-test/repo_test/ci/master/tree/
    

    created gpg key using seahorse, imported and signed:

    sudo pacman-key -r E0ADE626
    sudo pacman-key --lsign-key E0ADE626
    

    Copied .pkg.tar.xz to the folder ~/repo_test and used repo-add_and_sign

    repo-add_and_sign -r repo_test --arch x86_64 --copy --verbose --purge *.pkg.tar.xz
    

    used git to upload:

    git init 
    git add .
    git commit -m "first commit"
    git remote add origin ssh://[email protected]/p/fernando-maroto-repo-test/repo_test
    git push -u origin master
    

    and now the repo appear with sudo pacman -Syy but without .sig files. My new files still don’t appear at pacman/pamac
    So am i missing any step yet?

  • I don’t know if this is what’s causing it, but for me everything worked after uploading all of my files to the “Files” category in the menu. Perhaps if you put yours there, it might work?

    Hope this helps, and good luck😀.

  • @Keegan thanks, i’ll try your tip tomorrow :)

  • I wish you the best of luck then!

  • @Keegan Hi!
    I managed to create the repo the same way you did:

    • Using the folder files at sourceforge
    • Setting SigLevel = Never

    that’s ok for now, at least i know it works, but i want to sign the packages to give security to users (i tested signing but i guess i’m making something wrong at this point).

    Since i’ll travel again tomorrow and come back in a week or more i won’t be testing in the next few days.
    I was also waiting to upload my next unofficial iso update 'cause some pinta dependencies needs to be fixed on arch repos.

    I want to thank you @Keegan and @joekamprad for helping me in creating my repo, and i want to add more repos to my .iso maybe from xyne (he makes amazing tools for arch).

    EDIT!!! I just managed to sign the key properly, i hope to have time today to give the steps for who is interested in creating a repository too…

    Cheers!

  • xyne = he is a thouder

  • i also managed to make github work!!! but i guess an organized tutorial only when i get back… hehehe

    http://prntscr.com/hc6mol

    If someone wants to test the url or add the repo for testing:
    add to /etc/pacman.conf

    [repo_test]
    SigLevel = PackageRequired
    Server = https://github.com/marotinhodimais/repo_test/releases/download/repo_test/
    

    and import the keys

    sudo pacman-key --keyserver keys.gnupg.net -r 6ECCE045
    sudo pacman-key --lsign-key 6ECCE045
    

    Sync pacman:

    sudo pacman -Syy
    
  • Congratulations @fernandomaroto😀. I can’t wait to see how you did it!

  • Hey all!
    i just want to add some info (and repeat some) to the post https://forum.antergos.com/topic/8032/how-to-create-a-custom-repo-for-packages

    first of all you’ll need to install a package called repo-add_and_sign (to make everything easier) and to create gpg key you can also install seahorse or use the command line

    STEP 1 - To install repo-add_and_sign you need to add xyne repository to /etc/pacman.conf

    [xyne-any]
    # A repo for Xyne's own projects: https://xyne.archlinux.ca/projects/
    # Packages for "any" architecture.
    # Use this repo only if there is no matching [xyne-*] repo for your architecture.
    SigLevel = Required
    # Temporarily broken due to host error.
    #Server = https://xyne.archlinux.ca/repos/xyne
    # Workaround
    Server = https://xyne.archlinux.ca/bin/repo.php?file=
    

    Then sync pacman and install the package
    sudo pacman -Syy repo-add_and_sign

    STEP 2 - create a gpg key (from command line or seahorse)

    From command line:
    gpg --gen-key
    type your full name, email and password

    STEP 3 - create a folder at /home to use as repo source
    At this new folder you can store .pkg.tar.xz files or other format/binaries if you want so

    STEP 4 - repo-add_and_sign the packages
    repo-add_and_sign -r name_of_your_repo --arch x86_64 --copy --verbose --purge *.pkg.tar.xz
    type your e-mail as USERID and your password when asked

    STEP 5 - Upload the files to wherever you want, in this case i’ll use git
    Create your repo at github and add at least a .readme file (that will enable the tab “releases”)
    At releases you should upload your files (and not at repo like we usually do using github)

    then the full path must be adjusted to your config, the sintax is:

    https://github.com/<USER>/<REPO>/releases/download/<TAG>/
    

    For example mine is

    https://github.com/marotinhodimais/repo_test/releases/download/repo_test/
    

    Add your repo to /etc/pacman.conf:

    [repo_test]
    SigLevel = PackageRequired
    Server = https://github.com/marotinhodimais/repo_test/releases/download/repo_test/
    

    Then sync pacman (just for checking - not really necessary)
    sudo pacman -Syy

    you’ll get a signature error with a 16 numbers’ key
    Don’t pulish this key but do the following procedures:
    Check the last 16 numbers (that’s your long Key ID) with:
    gpg --fingerprint

    Export your signature to a server

    gpg --send-key LONG_KEY_HERE
    sudo pacman-key --keyserver keys.gnupg.net -r LONG_KEY_HERE
    sudo pacman-key --lsign-key LONG_KEY_HERE
    

    now everything is ready, to make your repository work for other you must give your short key ID for others (the last 8 characteres from the same command above) and instruct them to add your repo config to /etc/pacman.conf

    sudo pacman-key --keyserver keys.gnupg.net -r SHORT_KEY_HERE
    sudo pacman-key --lsign-key SHORT_KEY_HERE
    

    OBS:
    You’ll need to manually add the binaries to github (i’m testing a package called github-release that makes the job easier)

    Todo: sourceforge tutorial

  • Thank you! That is amazing @fernandomaroto😀. You actually cleared several things up for me regarding signing one’s packages.

  • –STEP 4 - repo-add_and_sign the packages
    repo-add_and_sign -r name_of_your_repo --arch x86_64 --copy --verbose --purge *.pkg.tar.xz–
    Then I upload these files. Also need to upload files repos (name-of repo.db, .db.tar.xz.sig,db.tar.xz, .files.tar.xz and etc… files?

    In this case, they replace the previously added package. It turns out that there is only one package in one repository. :) How to do it?

  • each time you add a package to the repo, or update one ore more inside, you need to create new signatures and db files…

  • @tuxnot said in How to create a custom Repo for packages:

    In this case, they replace the previously added package

    repo-add-and-sign doesn’t change any packages, and it doesn’t delete them either.
    signatures are created and database files. the data base files also get a signature.
    every time the given command is executed in the directory, old data base files and signatures are deleted and re-created, otherwise it would be impossible to use the data.

    And yes, all files in the directory must be uploaded to the repository!

  • @joekamprad
    Something I’m doing wrong. As a result, pacman only sees the last package added.

  • @tuxnot said in How to create a custom Repo for packages:

    *.pkg.tar.xz

    is what all your packages using? can you post a

    ls /where/your/packages/are
    
  • mine are all *.pkg.tar (default)

  • [[email protected] repo_test]$ ls
    qt5-fsarchiver-0.8.1_1-2-x86_64.pkg.tar
    qt5-fsarchiver-0.8.1_1-2-x86_64.pkg.tar.sig
    repo_test.db
    repo_test.db.sig
    repo_test.db.tar.xz
    repo_test.db.tar.xz.sig
    repo_test.files
    repo_test.files.sig
    repo_test.files.tar.xz
    repo_test.files.tar.xz.sig
    timeshift-18.2-1-x86_64.pkg.tar
    timeshift-18.2-1-x86_64.pkg.tar.sig
    [[email protected] repo_test]$ 
    
    

    All repo-test files i upload to server.

  • @tuxnot said in How to create a custom Repo for packages:

    .pkg.tar
    timeshift-18.2-1-x86_64.pkg.tar
    qt5-fsarchiver-0.8.1_1-2-x86_64.pkg.tar

    so your command is wrong needs to be:

    repo-add_and_sign -r name_of_your_repo --arch x86_64 --copy --verbose --purge *.pkg.tar
    

    *.pkg.tar can be replaced also by full filename of the package you want to add to db and sig it…

  • @joekamprad
    Have a look, please
    Exemple: repo-add_and_sign -r repo_test --arch x86_64 --copy --verbose --purge *timeshift-18.2-1-x86_64.pkg.tar

    [[email protected] repo_test]$ repo-add_and_sise --purge *timeshift-18.2-1-x86_64.pkg.tar
    GPG user ID: mymail***
    signing /home/tux/repo_test/timeshift-18.2-1-x86_64.pkg.tar
    Enter passphrase for mymail***: 
    ['/usr/bin/repo-remove', '/home/tux/repo_test/repo_test.db.tar.xz', 'qt5-fsarchiver']
    ==> Извлечение базы данных во временную директорию...
    ==> Извлечение базы данных во временную директорию...
    ==> Поиск пакета 'qt5-fsarchiver'...
      -> Удаление записи 'qt5-fsarchiver-0.8.1_1-2'...
    ==> Создание обновлённой базы данных '/home/tux/repo_test/repo_test.db.tar.xz'
    ==> ВНИМАНИЕ: Нет пакетов -- создание пустой базы данных.
    ==> ВНИМАНИЕ: Нет пакетов -- создание пустой базы данных.
    ['/usr/bin/repo-add', '/home/tux/repo_test/repo_test.db.tar.xz', '/home/tux/repo_test/timeshift-18.2-1-x86_64.pkg.tar']
    ==> Извлечение базы данных во временную директорию...
    ==> Извлечение базы данных во временную директорию...
    ==> Добавление пакета '/home/tux/repo_test/timeshift-18.2-1-x86_64.pkg.tar'
      -> Добавление подписи пакета...
      -> Подсчёт контрольных сумм...
      -> Создание записи 'desc' в базе данных...
      -> Создание записи 'files' в базе данных...
    ==> Создание обновлённой базы данных '/home/tux/repo_test/repo_test.db.tar.xz'
    deleted old database file: /home/tux/repo_test/repo_test.db.tar.xz.old
    deleted old database file: /home/tux/repo_test/repo_test.db.tar.xz.old.sig
    deleted old database file: /home/tux/repo_test/repo_test.files.tar.xz.old
    deleted old database file: /home/tux/repo_test/repo_test.files.tar.xz.old.sig
    signing /home/tux/repo_test/repo_test.db.tar.xz
    signing /home/tux/repo_test/repo_test.files.tar.xz
    [[email protected] repo_test]$ 
    
    

    There in russian. But write that, adding timeshift, the search qt5-fsarchiver, then remove the entry and re-create the database.

Posts 88Views 7046
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.