path: root/blog/entry/gitannexreprepro.mdwn
diff options
authorSean Whitton <>2018-05-02 23:05:58 -0700
committerSean Whitton <>2018-05-02 23:05:58 -0700
commitdce66e727dbb6ff601c530faa68d1c34e5821b7f (patch)
tree29e33f8efb7dde40a272b0ccf7fef54a2b613d1b /blog/entry/gitannexreprepro.mdwn
parent1435c0c1c3a4b48e496904aca4af66d48f8e8767 (diff)
new blog entry
Diffstat (limited to 'blog/entry/gitannexreprepro.mdwn')
1 files changed, 85 insertions, 0 deletions
diff --git a/blog/entry/gitannexreprepro.mdwn b/blog/entry/gitannexreprepro.mdwn
new file mode 100644
index 0000000..e285cf5
--- /dev/null
+++ b/blog/entry/gitannexreprepro.mdwn
@@ -0,0 +1,85 @@
+[[!meta title="git-annex-export and reprepro"]]
+# Introduction
+I wanted to set up my own apt repository for versions of packages that
+I can't upload to Debian quite yet (perhaps because of a release
+freeze or the rules of, have local
+modifications, or that are waiting in Debian's NEW queue and I want to
+install on my other computers, etc.
+This repository must be PGP-signed, but I want to use my regular PGP
+key rather than a PGP key stored on the server, because I don't want
+to trust my server with root access to my laptop.
+Further, I want to be able to add to my repo while offline, rather
+than dputting .changes files to my server.
+So, I want to be executing reprepro offline, on my laptop. How, then,
+does the repo's content get to the server? Using some new features of
+git-annex: git-annex-export, and v6 repositories.
+(v6 repositories are not production-read but the data in this repo is
+replaceable: I backup the reprepro config files, and the packages can
+be regenerated from the (d)git repositories containing the source
+# Schematic instructions
+This should be enough to get you going if you have some experience
+with git-annex and reprepro.
+In the following, `athena` is a host I can ssh to. On that host,
+Apache will serve `/var/www/html/debian` as the apt repository; I
+assume you've set up Apache's config to deny access to the `conf/` and
+`db/` subdirectories and enabled the following of symlinks, etc.
+1. `git init` and a new git repository on laptop.
+2. Create `conf/distributions`, `conf/options`, `conf/` and
+ `.gitattributes` per below.
+3. Create README, foo.list, etc. if desired.
+4. `git add` the various plain text files and commit.
+5. Add an origin remote, `git config remote.origin.annex-ignore true`
+ and `git push -u origin master git-annex`. I.e. store repository
+ metadata somewhere.
+6. `git annex init --version=6`.
+7. `git config --local annex.thin true` to save disc space.
+8. `git config --local annex.addunlocked true` so that reprepro can
+ modify files.
+9. `git annex initremote athena type=rsync rsyncurl=athena:/srv/debian autoenable=true exporttree=yes encryption=none`
+10. `git annex export --fast --to=athena --tracking master`
+11. Now you can `reprepro include foo.changes` and git annex should
+ do the rest.
+## Files
+`conf/distributions` is an exercise for the reader.
+ endhook
+ #!/bin/sh
+ git annex add
+ git annex sync --content
+ * annex.largefiles=anything
+ conf/* annex.largefiles=nothing
+ README annex.largefiles=nothing
+ \.gitattributes annex.largefiles=nothing
+# Bugs
+I'm not sure whether these are fixable in git-annex-export, or not.
+Both can be worked around with hacks/scripts on the server.
+- `reprepro exportsymlinks` won't work to create suite symlinks:
+ git-annex-export will create plain files instead of symlinks.
+- git-annex-exports exports non-annexed files in git, such as README,
+ as readable only by their owner.