Aptly - Setup your repository

By xngo on March 31, 2020

Generate repository key

We need to generate 2 keys: 1 private and 1 public. The private key will be used to sign the published repositories. The public key will be publicly available so that others can use it to fetch packages from your repositories.

First, let's create the private key. Put the following configuration settings in gpg2_config_settings.txt

%echo Generating a default key
Key-Type: RSA
Key-Length: 4096
Name-Real: John Doe
Name-Comment: aptly key no passphrase
Name-Email: John.Doe@some-fake-email-address-in-the-world-2020.com
Expire-Date: 0
%no-protection
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done

Generate the private key using gpg.

gpg --batch --gen-key gpg2_config_settings.txt
#   gpg: keybox '/root/.gnupg/pubring.kbx' created
#   gpg: Generating a default key
#   gpg: /root/.gnupg/trustdb.#   gpg: trustdb created
#   gpg: key DD16F35F96BC1CAC marked as ultimately trusted
#   gpg: directory '/root/.gnupg/openpgp-revocs.d' created
#   gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/20BCAF770690428050DFA002DD16F35F96BC1CAC.rev'
#   gpg: done

Let's get the ID that was created.

gpg --list-secret-keys
# /root/.gnupg/pubring.kbx
# ------------------------
# sec   rsa4096 2020-03-31 [SCEA]
#       20BCAF770690428050DFA002DD16F35F96BC1CAC
# uid           [ultimate] John Doe (aptly key no passphrase) <John.Doe@some....0.com>

Just use the ID shown above to export the public key to public_key.pub file.

gpg --output public_key.pub --armor --export 20BCAF770690428050DFA002DD16F35F96BC1CAC

You should expose the public_key.pub file to the public so that other people can download this file.

Create config file for aptly

Run aptly config show will generate the default configuration file.

aptly config show
# Config file not found, creating default config at /root/.aptly.conf
# 
# {
#     "rootDir": "/root/.aptly",
#     "downloadConcurrency": 4,
#     "downloadSpeedLimit": 0,
#     "architectures": [],
#     "dependencyFollowSuggests": false,
#     "dependencyFollowRecommends": false,
#     "dependencyFollowAllVariants": false,
#     "dependencyFollowSource": false,
#     "dependencyVerboseResolve": false,
#     "gpgDisableSign": false,
#     "gpgDisableVerify": false,
#     "gpgProvider": "gpg",
#     "downloadSourcePackages": false,
#     "skipLegacyPool": true,
#     "ppaDistributorID": "ubuntu",
#     "ppaCodename": "",
#     "skipContentsPublishing": false,
#     "FileSystemPublishEndpoints": {},
#     "S3PublishEndpoints": {},
#     "SwiftPublishEndpoints": {}
# }

The configuration file uses JSON format and you can check the default values at https://www.aptly.info/doc/configuration/. It is important to note that all files(packages) are stored in the "rootDir". In my case, it is "/root/.aptly". Be aware that mirroring other repositories may require hundreds of gigabytes.

Import public key

For other people to access your repository, they have to import your public_key.pub. Assume that you put public_key.pub at https://example.com/public_key.pub. Then, to import the key, they have to do the followings:

wget https://example.com/public_key.pub
apt-key add public_key.pub

If they have imported correctly, they will see the ID from the apt-key list

apt-key list
# ...
# pub   rsa4096 2020-03-31 [SCEA]
#       20BC AF77 0690 4280 50DF  A002 DD16 F35F 96BC 1CAC
# uid           [ unknown] John Doe (aptly key no passphrase) <John.Doe@some....0.com>
# ...

About the author

Xuan Ngo is the founder of OpenWritings.net. He currently lives in Montreal, Canada. He loves to write about programming and open source subjects.