Merge pull request 'docs: document the proper (GPG-verified, deb822) apt setup' (#34) from docs/apt-proper into main
Reviewed-on: #34
This commit was merged in pull request #34.
This commit is contained in:
@@ -41,22 +41,39 @@ apt pulls the GUI dependencies (PySide6, pyte) automatically:
|
|||||||
sudo apt install ./rigdoctor_*_all.deb # CLI only: add --no-install-recommends
|
sudo apt install ./rigdoctor_*_all.deb # CLI only: add --no-install-recommends
|
||||||
```
|
```
|
||||||
|
|
||||||
**Or add the apt repository** for `apt install` + automatic updates:
|
**Or add the apt repository** for `apt install` + automatic updates. The registry is private and
|
||||||
|
GPG-signed, so you need a Gitea token with **`read:package`**, the signing key, and the deb822
|
||||||
|
source (`read -rsp` keeps the token out of your shell history):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# the registry is private, so give apt a token (a Gitea PAT with read:package)
|
read -rsp 'Gitea read:package token: ' TOKEN; echo
|
||||||
echo "machine git.jesseyvanofferen.com login <user> password <token>" \
|
|
||||||
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf
|
|
||||||
sudo chmod 600 /etc/apt/auth.conf.d/rigdoctor.conf
|
|
||||||
|
|
||||||
echo "deb [trusted=yes] https://git.jesseyvanofferen.com/api/packages/jessey/debian stable main" \
|
# signing key → dearmored into the keyring (the key endpoint requires the token too)
|
||||||
| sudo tee /etc/apt/sources.list.d/rigdoctor.list
|
sudo install -d -m 0755 /etc/apt/keyrings
|
||||||
|
curl -fsSL --user <user>:"$TOKEN" \
|
||||||
|
https://git.jesseyvanofferen.com/api/packages/jessey/debian/repository.key \
|
||||||
|
| sudo gpg --dearmor -o /etc/apt/keyrings/gitea-jessey.gpg
|
||||||
|
|
||||||
|
# download credentials, kept out of the sources file
|
||||||
|
printf 'machine git.jesseyvanofferen.com login <user> password %s\n' "$TOKEN" \
|
||||||
|
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf >/dev/null
|
||||||
|
sudo chmod 0600 /etc/apt/auth.conf.d/rigdoctor.conf
|
||||||
|
|
||||||
|
# the source (modern deb822 format, GPG-verified, all-arch)
|
||||||
|
sudo tee /etc/apt/sources.list.d/rigdoctor.sources >/dev/null <<'EOF'
|
||||||
|
Types: deb
|
||||||
|
URIs: https://git.jesseyvanofferen.com/api/packages/jessey/debian
|
||||||
|
Suites: stable
|
||||||
|
Components: main
|
||||||
|
Architectures: all
|
||||||
|
Signed-By: /etc/apt/keyrings/gitea-jessey.gpg
|
||||||
|
EOF
|
||||||
|
|
||||||
sudo apt update && sudo apt install rigdoctor
|
sudo apt update && sudo apt install rigdoctor
|
||||||
```
|
```
|
||||||
|
|
||||||
Then `sudo apt upgrade` keeps it current. *(If your server serves a signed registry, drop the
|
Then `sudo apt upgrade` keeps it current. *(Quick-and-dirty alternative if the registry isn't
|
||||||
`auth.conf.d` file and replace `[trusted=yes]` with `[signed-by=…]` + the `repository.key`.)*
|
signed: skip the key and use a one-line `deb [arch=all trusted=yes] …/debian stable main` source.)*
|
||||||
|
|
||||||
### Any distro — self-extracting `.run` (no root)
|
### Any distro — self-extracting `.run` (no root)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user