summaryrefslogtreecommitdiffhomepage
path: root/blog/entry/gitannexreprepro.mdwn
blob: e285cf5521e2cac67f789dc90f3ac57fa3b85671 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[[!meta title="git-annex-export and reprepro"]]

# Introduction

I wanted to set up my own apt repository for versions of packages that
I can't upload to Debian quite yet (perhaps because of a release
freeze or the rules of backports.debian.org), have local
modifications, or that are waiting in Debian's NEW queue and I want to
install on my other computers, etc.

This repository must be PGP-signed, but I want to use my regular PGP
key rather than a PGP key stored on the server, because I don't want
to trust my server with root access to my laptop.

Further, I want to be able to add to my repo while offline, rather
than dputting .changes files to my server.

So, I want to be executing reprepro offline, on my laptop.  How, then,
does the repo's content get to the server?  Using some new features of
git-annex: git-annex-export, and v6 repositories.

(v6 repositories are not production-read but the data in this repo is
replaceable: I backup the reprepro config files, and the packages can
be regenerated from the (d)git repositories containing the source
packages.)

# Schematic instructions

This should be enough to get you going if you have some experience
with git-annex and reprepro.

In the following, `athena` is a host I can ssh to.  On that host,
Apache will serve `/var/www/html/debian` as the apt repository; I
assume you've set up Apache's config to deny access to the `conf/` and
`db/` subdirectories and enabled the following of symlinks, etc.

1. `git init` and a new git repository on laptop.
2. Create `conf/distributions`, `conf/options`, `conf/do-sync.sh` and
   `.gitattributes` per below.
3. Create README, foo.list, etc. if desired.
4. `git add` the various plain text files and commit.
5. Add an origin remote, `git config remote.origin.annex-ignore true`
   and `git push -u origin master git-annex`.  I.e. store repository
   metadata somewhere.
6. `git annex init --version=6`.
7. `git config --local annex.thin true` to save disc space.
8. `git config --local annex.addunlocked true` so that reprepro can
   modify files.
9. `git annex initremote athena type=rsync rsyncurl=athena:/srv/debian autoenable=true exporttree=yes encryption=none`
10. `git annex export --fast --to=athena --tracking master`
11. Now you can `reprepro include foo.changes` and git annex should
    do the rest.

## Files

`conf/distributions` is an exercise for the reader.

`conf/options`:

    endhook do-sync.sh

`conf/do-sync.sh`:

    #!/bin/sh

    git annex add
    git annex sync --content

`.gitattributes`:

    * annex.largefiles=anything
    conf/* annex.largefiles=nothing
    README annex.largefiles=nothing
    \.gitattributes annex.largefiles=nothing

# Bugs

I'm not sure whether these are fixable in git-annex-export, or not.
Both can be worked around with hacks/scripts on the server.

- `reprepro exportsymlinks` won't work to create suite symlinks:
  git-annex-export will create plain files instead of symlinks.

- git-annex-exports exports non-annexed files in git, such as README,
  as readable only by their owner.