Create Signed APT repository

Aus Gemini-Wiki
Zur Navigation springen Zur Suche springen
Deutsch.png - in Deutsch English.png - in English
Ambox attention.png This article requires some in-depth experience with Dreambox / Linux and is for advanced users.

After you succeeded in setting up a Dreambox SDK, e.g. for OE 2.2, this article is very interesting. It describes the setup of a signed APT repository. This will allow you to install your own packages via the package manager (APT) of the Dreambox.

Prerequisite for this description is a DEB based ditro (e.g. Ubuntu, Mint, Debian, etc.) which is installed on your computer with your Dreambox SDK. A web server is also needed, to offer the packages for the Dreambox.

Create Repository

Install dependencies

sudo apt-get install dpkg-dev apache2 dpkg-sig

Create GPG key

Now we create a GPG key, which will be used to sign the packages and the repository.

 gpg --gen-key

The following questions are not described in detail. The standard questions will appear. At the end, enter a passphrase and wait untill the key is generated. Be patient, and meanwhile play a little with the mouse and keyboard ;-).

Display the key

Info about the created key can be displayed with the following command.

gpg --list-keys

Export/save the public key

Now you can create the public key with following commands, the output is stored in a file (e.g. my_public.key). The key must be copied in the root directory of the web server, and will be loaded by the client Dreamboxes to permit the installation of the packages.

gpg --output keyFile --armor --export your_id_or_name

Setup web server

This example shows the file structure of the web server for a DM 800 HD PVR. While creating the Dreambox SDK the following directories are created: all, dm8000, mips32el. This structure needs to be mirrored in the preconfigured web root of the web server to store the packages:

/var/www/html/repository/dm8000/all
/var/www/html/repository/dm8000/dm8000
/var/www/html/repository/dm8000/mip32el

The packages are copied into the corresponding directory.

Sign packages

The packages in the directories can be signed as follows.

dpkg-sig --sign *.deb

Create repository index files

With the following command the required compressed Packages index file can be created. An uncompressed file is also needed.

apt-ftparchive packages . > Packages
gzip -c Packages > Packages.gz

Create Release, InRelease, and Release.gpg files

Create Release files.

apt-ftparchive release . > Release
gpg --clearsign -o InRelease Release
gpg -abs -o Release.gpg Release

Setup Dreambox

Import public key

The public key needs to be imported on the dreambox with the following command. The server IP address and directory must be addapted to your setup.

wget -O - http://server_ip/my_public.key | apt-key add -

Modify package lists

Now you need to create three files for the available feeds (e.g. all, dm8000, mips32el) in the directory /etc/apt/sources.list. With the following command you can see the content of the files.

root@dm8000:~# cat /etc/apt/sources.list.d/all-feed.list 
deb http://server_ip/repository/dm8000/all ./
root@dm8000:~# cat /etc/apt/sources.list.d/dm8000-feed.list 
deb http://server_ip/repository/dm8000/dm8000 ./
root@dm8000:~# cat /etc/apt/sources.list.d/mips32el-feed.list 
deb http://server_ip/repository/dm8000/mips32el ./
root@dm8000:~#

Update package list / install package

Once everything is configured, it's possible to update the package list on the dreambox:

apt-get update

Now you can install the available packages from the feed.

Tipps & Tricks

Script to create a signed repository

Ambox attention.png This is only an example, it will need some adaptations to your actual setup.

The easiest way to create a repository for the Dreambox is a script. The following example shows a script with the different steps. But you can't use it just with copy & paste, it's only a template to start creating your own script.

#!/bin/bash
#Create directories on the web server
mkdir -p /var/www/html/repository/dm8000/{all,dm8000,mips32el}
 
#Copy packages to the web server
cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/all/* /var/www/html/repository/dm8000/all
cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/dm8000/* /var/www/html/repository/dm8000/dm8000
cp -u /media/oe/oe2.2/opendreambox/build/dm8000/tmp-eglibc/deploy/deb/mips32el/* /var/www/html/repository/dm8000/mips32el
 
#Sign packages
dpkg-sig -s -p builder /var/www/html/repository/dm8000/all/*.deb 
dpkg-sig -s -p builder /var/www/html/repository/dm8000/dm8000/*.deb --batch
dpkg-sig -s -p builder /var/www/html/repository/dm8000/mips32el/*.deb --batch
 
#Remove old files 
rm -f /var/www/html/repository/dm8000/all/Packages Packages.gz Packages.xz Release.gpg
rm -f /var/www/html/repository/dm8000/dm8000/Packages Packages.gz Packages.xz Release.gpg
rm -f /var/www/html/repository/dm8000/mips32el/Packages Packages.gz Packages.xz Release.gpg
 
#Indexes
dpkg-scanpackages -t deb /var/www/html/repository/dm8000/all/ ./ | tee Packages | gzip -9c > Packages.gz
dpkg-scanpackages -t deb /var/www/html/repository/dm8000/dm8000/ ./ | tee Packages | gzip -9c > Packages.gz
dpkg-scanpackages -t deb /var/www/html/repository/dm8000/mips32el/ ./ | tee Packages | gzip -9c > Packages.gz
 
#Indexes
cd /var/www/html/repository/dm8000/all && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz
cd /var/www/html/repository/dm8000/dm8000 && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz
cd /var/www/html/repository/dm8000/mips32el && apt-ftparchive packages . > Packages && gzip -c Packages > Packages.gz
 
#Sign repository
cd /var/www/html/repository/dm8000/all && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release
cd /var/www/html/repository/dm8000/dm8000 && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release
cd /var/www/html/repository/dm8000/mips32el && apt-ftparchive release . > Release && gpg --clearsign -o InRelease Release && gpg -abs -o Release.gpg Release

Weblinks