updating set-my-repos.sh for deb822 format
I've previously described set-my-repos.sh in a multitude of posts:
- 2020/03/26/use-virt-install-to-fully-automate-the-install-for-devuan-ceres-with-preseed-march-2020-edition
- 2020/11/05/building-an-apt-repo-on-centos-that-supports-apt-file-operations
- 2021/05/23/use-virt-install-to-fully-automate-the-install-for-devuan-ceres-with-preseed-may-2021-edition
- 2022/03/22/install-almalinux-8-with-kickstart-and-virt-install
- 2022/04/03/my-kickstart-for-fedora-35-vms
- 2022/12/11/my-kickstart-for-fedora-37-vms
- 2023/07/30/devuan-preseed-july-2023-edition
- 2023/08/03/my-kickstart-for-rocky-linux-9-vms
- 2024/01/10/devuan-ceres-and-zenity-that-uses-gtk3
- 2024/05/05/devuan-preseed-may-2024-edition
I've updated my process to work with deb822 format, which ironically is not fully documented there, and you have to read manpages.debian.org to understand all the fields.
A major improvement to this whole process is that I no longer need a custom /etc/apt/apt.conf.d/52apt-file-stackrpms.conf file at all. Because you can specify Components, or just omit that, apt will then figure out the Contents sections correctly!
The downside is that because I'm not storing the original upstream url for the OBS repositories in, for example, a separate file, and because I resign the repository (so I can include the older versions of dpkgs in the repo), the gpg keys won't match even if I use the upstream url. I should probably bother to set up a "Enabled: no" version of "OBS bgstack15-upstream" repo files, but I haven't bothered to do that yet.
I don't think one-line-style format is going away anytime soon, but I liked the idea of using the newer option, and it had that awesome bonus of not needing the custom apt-file config (which was flaky).
You can see the old version (from my 2024-05-05 post linked earlier) here
files/2024/listings/set-my-repos-2024-09.sh (Source)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 |
#!/bin/sh # File: /mnt/public/Support/Platforms/devuan/set-my-repos.sh # Location: # Author: bgstack15 # Startdate: 2019-08-10 16:02 # Title: Script that Establishes the repos needed for Devuan # Purpose: Set up the 3 repos I always need on devuan clients # History: # 2020-02-01 customize clients for devuan-archive # 2020-10-23 add apt-file compatibility # 2021-01-27 disable devuan-archive # 2024-01-03-4 14:53 add pref for zenity with gtk3 # 2024-09-12-5 13:52 use deb822 format sources now # Usage: # sudo set-my-repos.sh # Reference: # /mnt/public/Support/Platforms/devuan/devuan.txt # Improve: # need to control the sources.list file itself to have the main, contrib, etc., for ceres. # Documentation: test -z "${ALLREPOSGLOB}" && ALLREPOSGLOB="/etc/apt/sources.list /etc/apt/sources.list.d/*" test -z "${REPOSBASE}" && REPOSBASE="/etc/apt/sources.list.d" test -z "${PREFSBASE}" && PREFSBASE="/etc/apt/preferences.d" test -z "${ADDLCONFBASE}" && ADDLCONFBASE="/etc/apt/apt.conf.d" # confirm key confirm_key() { # call: confirm_key "${PRETTYNAME}" "${SEARCHPHRASE}" "${URL_OF_KEY}" ___ck_repo="${1}" ___ck_sp="${2}" ___ck_url="${3}" if apt-key list 2>/dev/null | grep -qe "${___ck_sp}" ; then : else # not found so please add it echo "Adding key for ${___ck_repo}" 1>&2 #wget -O- "${___ck_url}" | sudo apt-key add - ___ck_keyfile="/etc/apt/trusted.gpg.d/$( echo "${___ck_repo}" | tr '[: ]' '_' ).gpg" wget -O- --quiet "${___ck_url}" | gpg --dearmor | sudo tee "${___ck_keyfile}" 1>/dev/null fi } # confirm repo confirm_repo() { # call: confirm_repo "${PRETTYNAME}" "${SEARCHPHRASE}" "${SEARCHGLOB}" "${FULLSTRING}" "${PREFERRED_FILENAME}" "${OVERWRITE}" ___cr_repo="${1}" ___cr_sp="${2}" ___cr_sf="${3}" ___cr_full="${4}" ___cr_pref="${5}" ___cr_overwrite="${6}" if ! grep -E -qe "${___cr_sp}" ${___cr_sf} ; then # not found so please add it to preferred file echo "Adding repo ${___cr_repo}" 1>&2 if test "${___cr_overwrite}" = "true" ; then # overwrite, instead of append echo "${___cr_full}" > "${REPOSBASE}/${___cr_pref:-99_misc.list}" else echo "${___cr_full}" >> "${REPOSBASE}/${___cr_pref:-99_misc.list}" fi fi } confirm_sources() { # call: confirm_sources "${PRETTYNAME}" "${URIS}" "${SUITES}" "${SIGNEDBY}" "${FILENAME}" "${OVERWRITE}" "${REMOVE_LISTFILE}" __cs_prettyname="${1}" __cs_uris="${2}" __cs_suites="${3}" # probably will be "/" for my kind of repos __cs_signedby="${4}" __cs_filename="${5}" __cs_overwrite="${6}" __cs_remove_listfile="${7}" # determine if cs_filename is short, if so, prepend /etc/apt/sources.list.d if test "${__cs_filename}" = "$( basename "${__cs_filename}" )" ; then __cs_filename="/etc/apt/sources.list.d/${__cs_filename}" fi __cs_listfile="${__cs_filename%%.sources}.list" if test "${__cs_listfile}" = "$( basename "${__cs_listfile}" )" ; then __cs_listfile="/etc/apt/sources.list.d/${__cs_listfile}" fi # determine of cs_signedby gpg key is short, if so, prepend /etc/apt/trusted.gpg.d if test -n "${__cs_signedby}" && test "${__cs_signedby}" = "$( basename "${__cs_signedby}" )" ; then __cs_signedby="/etc/apt/trusted.gpg.d/${__cs_signedby}" fi if test ! -r "${__cs_filename}" || test "{__cs_overwrite}" = "true"; then { echo "Enabled: yes" echo "Types: deb" echo "URIs: ${__cs_uris}" echo "Suites: ${__cs_suites}" test -n "${__cs_prettyname}" && echo "X-Repolib-Name: ${__cs_prettyname}" || : test -n "${__cs_signedby}" && echo "Signed-By: ${__cs_signedby}" } > "${__cs_filename}" fi test "${__cs_remove_listfile}" = "true" && test -f "${__cs_listfile}" && echo "${__cs_listfile}" | grep -qE "\/etc\/apt\/sources\.list\.d\/.+\.list$" 1>/dev/null 2>&1 && rm -f "${__cs_listfile}" } confirm_preferences() { # call: confirm_preferences "${PRETTYNAME}" "${FILENAME}" "{PACKAGE}" "${PIN_EXPRESSION}" "{PRIORITY}" ___cp_prettyname="${1}" ___cp_pref="${2}" ___cp_package="${3}" ___cp_pin_expression="${4}" ___cp_priority="${5}" ___cp_version="${6}" ___cp_tempfile="$( mktemp )" { echo "Package: ${___cp_package}" test -n "${___cp_version}" && echo "Version: ${___cp_version}" echo "Pin: ${___cp_pin_expression}" echo "Pin-Priority: ${___cp_priority}" } > "${___cp_tempfile}" diff "${PREFSBASE}/${___cp_pref}" "${___cp_tempfile}" 1>/dev/null 2>&1 || { echo "Setting preferences for ${___cp_prettyname}" touch "${PREFSBASE}/${___cp_pref}" ; chmod 0644 "${PREFSBASE}/${___cp_pref}" cat "${___cp_tempfile}" > "${PREFSBASE}/${___cp_pref}" } rm -f "${___cp_tempfile:-NOTHINGTODEL}" 1>/dev/null 2>&1 } # REPO 1: local internaldeb confirm_key "internaldeb" "bgstack15.*www\.no-ip\.biz" "http://server3/internal/repo/deb/internaldeb.gpg" confirm_sources "Internal Dpkg repo" "http://server3/internal/repo/deb" "/" "internaldeb.gpg" "internaldeb.sources" "true" "true" # REPO 2: local devuan-deb confirm_key "devuan-deb" "bgstack15.*www\.no-ip\.biz" "http://server3/internal/repo/deb/internaldeb.gpg" confirm_sources "Internal Devuan dpkgs" "http://server3/internal/repo/devuan-deb" "/" "internaldeb.gpg" "devuan-deb.sources" "true" "true" # REPO 3: local obs # Thankfully I re-sign this with my own key. #confirm_key "OBS bgstack15" "bgstack15@build\.opensuse\.org" "https://download.opensuse.org/repositories/home:bgstack15/Debian_Unstable/Release.key" confirm_key "OBS bgstack15" "bgstack15.*www\.no-ip\.biz" "http://server3/mirror/obs/Release.key" confirm_sources "OBS bgstack15" "http://server3/mirror/obs" "/" "OBS_bgstack15.gpg" "home:bgstack15.sources" "true" "true" # REPO 4: local devuan-archive # deprecated circa 2021-05 # enabled again 2023-08-22 for discord/gconf confirm_key "devuan-archive" "bgstack15.*www\.no-ip\.biz" "http://server3/internal/repo/deb/internaldeb.gpg" confirm_sources "Internal Devuan archive" "http://server3.ipa.internal.com/internal/repo/devuan-archive" "/" "internaldeb.gpg" "devuan-archive.sources" "true" "true" confirm_preferences "devuan-archive" "puddletag" "*" "origin server3.ipa.internal.com" "700" # REPO 5: local obs-aftermozilla key for non-local aftermozilla repo # just the key #confirm_key "OBS bgstack15 aftermozilla" "bgstack15@build\.opensuse\.org" "https://download.opensuse.org/repositories/home:bgstack15:aftermozilla/Debian_Unstable/Release.key" # REPO 5: local obs-AfterMozilla #confirm_key "OBS bgstack15" "bgstack15@build\.opensuse\.org" "http://server3/mirror/obs/Release.key" confirm_key "OBS bgstack15" "bgstack15.*www\.no-ip\.biz" "http://server3/mirror/obs/Release.key" confirm_sources "OBS AfterMozilla" "http://server3/mirror/obs-AfterMozilla" "/" "OBS_bgstack15.gpg" "home:bgstack15:AfterMozilla.sources" "true" "true" # REPO 6: local obs-gtk3-classic confirm_key "OBS bgstack15" "bgstack15.*www\.no-ip\.biz" "http://server3/mirror/obs/Release.key" confirm_sources "OBS gtk3-classic" "http://server3/mirror/obs-gtk3-classic" "/" "OBS_bgstack15.gpg" "home:bgstack15:gtk3-classic.sources" "true" "true" # ADDITIONAL APT PREFS # important for the [target] stuff to work on repos so apt-file can work #cp -p "$( dirname "$( readlink -f "${0}" )")/input/52apt-file-stackrpms.conf" "${ADDLCONFBASE}/" rm -f "${ADDLCONFBASE}/52apt-file-stackrpms.conf" 2>/dev/null || : # 2023-10-27-6 08:47 use apt-preferences to hold this exact app version because newer versions remove the system tray icon. confirm_preferences "all" "krb5-auth-dialog" "krb5-auth-dialog" "release" "1000" "3.26.1-4" # zenity with gtk3 is stored in devuan-deb confirm_preferences "all" "zenity" "zenity" "release" "600" "3.44.2-1" confirm_preferences "all" "zenity-common" "zenity-common" "release" "600" "3.44.2-1" |
Basically, a new style repo looks like:
Enabled: yes Types: deb URIs: http://server3/internal/repo/deb Suites: / X-Repolib-Name: Internal Dpkg repo Signed-By: /etc/apt/trusted.gpg.d/internaldeb.gpg
Which is easier for some parsing compared to:
deb [target-=Contents-deb target+=Contents-stackrpms] http://server3/internal/repo/deb/ /
Which is believable.
Comments