Merge pull request 'docs: document the proper (GPG-verified, deb822) apt setup' (#34) from docs/apt-proper into main
release / test (push) Successful in 12s
release / release (push) Successful in 14s

Reviewed-on: #34
This commit was merged in pull request #34.
This commit is contained in:
2026-05-22 13:46:10 +00:00
+26 -9
View File
@@ -41,22 +41,39 @@ apt pulls the GUI dependencies (PySide6, pyte) automatically:
sudo apt install ./rigdoctor_*_all.deb # CLI only: add --no-install-recommends
```
**Or add the apt repository** for `apt install` + automatic updates:
**Or add the apt repository** for `apt install` + automatic updates. The registry is private and
GPG-signed, so you need a Gitea token with **`read:package`**, the signing key, and the deb822
source (`read -rsp` keeps the token out of your shell history):
```bash
# the registry is private, so give apt a token (a Gitea PAT with read:package)
echo "machine git.jesseyvanofferen.com login <user> password <token>" \
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf
sudo chmod 600 /etc/apt/auth.conf.d/rigdoctor.conf
read -rsp 'Gitea read:package token: ' TOKEN; echo
echo "deb [trusted=yes] https://git.jesseyvanofferen.com/api/packages/jessey/debian stable main" \
| sudo tee /etc/apt/sources.list.d/rigdoctor.list
# signing key → dearmored into the keyring (the key endpoint requires the token too)
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL --user <user>:"$TOKEN" \
https://git.jesseyvanofferen.com/api/packages/jessey/debian/repository.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/gitea-jessey.gpg
# download credentials, kept out of the sources file
printf 'machine git.jesseyvanofferen.com login <user> password %s\n' "$TOKEN" \
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf >/dev/null
sudo chmod 0600 /etc/apt/auth.conf.d/rigdoctor.conf
# the source (modern deb822 format, GPG-verified, all-arch)
sudo tee /etc/apt/sources.list.d/rigdoctor.sources >/dev/null <<'EOF'
Types: deb
URIs: https://git.jesseyvanofferen.com/api/packages/jessey/debian
Suites: stable
Components: main
Architectures: all
Signed-By: /etc/apt/keyrings/gitea-jessey.gpg
EOF
sudo apt update && sudo apt install rigdoctor
```
Then `sudo apt upgrade` keeps it current. *(If your server serves a signed registry, drop the
`auth.conf.d` file and replace `[trusted=yes]` with `[signed-by=…]` + the `repository.key`.)*
Then `sudo apt upgrade` keeps it current. *(Quick-and-dirty alternative if the registry isn't
signed: skip the key and use a one-line `deb [arch=all trusted=yes] …/debian stable main` source.)*
### Any distro — self-extracting `.run` (no root)