Ubuntu – What layout/files should debian repository have

aptrepository

I'm java developer. My goal is to wrap my objects into deb files / upload them to a private repository and install them from this repository.

So my questions are:

  1. Is Debian repository just an HTTP file storage that fulfill some specific rules?
  2. What are the rules & the structure which are used to store packages?
  3. Is it enough to add deb http://my-repository.com stable non-free
    to /etc/apt/sources.list to use this repository?

Best Answer

  1. Is Debian repository just an HTTP file storage that fulfill some specific rules?

    Yes, but it can also be an FTP storage or just a local directory.

  2. What are the rules & the structure which are used to store packages?

    Debian Wiki: Debian Repository Format documents the structure of the official Debian repository and the format that is officially understood by clients.

  3. Is it enough to add deb http://my-repository.com stable non-free to /etc/apt/sources.list to use this repository?

    Yes but it depends on how you set up you repository. However the simplest is to setup a flat repository which have same setup as the trivial archive/repository (local directory)

    1. Better to create a folder for each release, ex: trusty.

    2. Copy your Debian packages into it.

    3. Generate package list (run it from its parent directory):

       dpkg-scanpackages -m trusty /dev/null | gzip -9c > ./trusty/Packages.gz
      
    4. Upload the whole folder to your site

    5. Now you can access it by adding the repository in this format:

       deb http://my-repository.com trusty/
      

      Note: / is a must here, as trusty is directory in this setup.

Update Note (2021-05-28): What's next?

That above will be somehow okay in a confined/closed private network. But publishing Debian packages into the public need more safety measures like:

  1. Signing: each package release file (while building), repository package lists
  2. And publish the public key from key pair used for signing so user can add it to APT.

Here is a Debian page with good overview about Secure APT

Related Question