new blog entry

1 files changed, 85 insertions, 0 deletions

diff --git a/blog/entry/gitannexreprepro.mdwn b/blog/entry/gitannexreprepro.mdwn
new file mode 100644
index 0000000..e285cf5
--- /dev/null
+++ b/blog/entry/gitannexreprepro.mdwn
@@ -0,0 +1,85 @@
+[[!meta title="git-annex-export and reprepro"]]
+
+# Introduction
+
+I wanted to set up my own apt repository for versions of packages that
+I can't upload to Debian quite yet (perhaps because of a release
+freeze or the rules of backports.debian.org), have local
+modifications, or that are waiting in Debian's NEW queue and I want to
+install on my other computers, etc.
+
+This repository must be PGP-signed, but I want to use my regular PGP
+key rather than a PGP key stored on the server, because I don't want
+to trust my server with root access to my laptop.
+
+Further, I want to be able to add to my repo while offline, rather
+than dputting .changes files to my server.
+
+So, I want to be executing reprepro offline, on my laptop.  How, then,
+does the repo's content get to the server?  Using some new features of
+git-annex: git-annex-export, and v6 repositories.
+
+(v6 repositories are not production-read but the data in this repo is
+replaceable: I backup the reprepro config files, and the packages can
+be regenerated from the (d)git repositories containing the source
+packages.)
+
+# Schematic instructions
+
+This should be enough to get you going if you have some experience
+with git-annex and reprepro.
+
+In the following, `athena` is a host I can ssh to.  On that host,
+Apache will serve `/var/www/html/debian` as the apt repository; I
+assume you've set up Apache's config to deny access to the `conf/` and
+`db/` subdirectories and enabled the following of symlinks, etc.
+
+1. `git init` and a new git repository on laptop.
+2. Create `conf/distributions`, `conf/options`, `conf/do-sync.sh` and
+   `.gitattributes` per below.
+3. Create README, foo.list, etc. if desired.
+4. `git add` the various plain text files and commit.
+5. Add an origin remote, `git config remote.origin.annex-ignore true`
+   and `git push -u origin master git-annex`.  I.e. store repository
+   metadata somewhere.
+6. `git annex init --version=6`.
+7. `git config --local annex.thin true` to save disc space.
+8. `git config --local annex.addunlocked true` so that reprepro can
+   modify files.
+9. `git annex initremote athena type=rsync rsyncurl=athena:/srv/debian autoenable=true exporttree=yes encryption=none`
+10. `git annex export --fast --to=athena --tracking master`
+11. Now you can `reprepro include foo.changes` and git annex should
+    do the rest.
+
+## Files
+
+`conf/distributions` is an exercise for the reader.
+
+`conf/options`:
+
+    endhook do-sync.sh
+
+`conf/do-sync.sh`:
+
+    #!/bin/sh
+
+    git annex add
+    git annex sync --content
+
+`.gitattributes`:
+
+    * annex.largefiles=anything
+    conf/* annex.largefiles=nothing
+    README annex.largefiles=nothing
+    \.gitattributes annex.largefiles=nothing
+
+# Bugs
+
+I'm not sure whether these are fixable in git-annex-export, or not.
+Both can be worked around with hacks/scripts on the server.
+
+- `reprepro exportsymlinks` won't work to create suite symlinks:
+  git-annex-export will create plain files instead of symlinks.
+
+- git-annex-exports exports non-annexed files in git, such as README,
+  as readable only by their owner.