docs: document the proper (GPG-verified, deb822) apt setup #34

Merged
jessey merged 1 commits from docs/apt-proper into main 2026-05-22 13:46:11 +00:00
+26 -9
View File
@@ -41,22 +41,39 @@ apt pulls the GUI dependencies (PySide6, pyte) automatically:
sudo apt install ./rigdoctor_*_all.deb # CLI only: add --no-install-recommends sudo apt install ./rigdoctor_*_all.deb # CLI only: add --no-install-recommends
``` ```
**Or add the apt repository** for `apt install` + automatic updates: **Or add the apt repository** for `apt install` + automatic updates. The registry is private and
GPG-signed, so you need a Gitea token with **`read:package`**, the signing key, and the deb822
source (`read -rsp` keeps the token out of your shell history):
```bash ```bash
# the registry is private, so give apt a token (a Gitea PAT with read:package) read -rsp 'Gitea read:package token: ' TOKEN; echo
echo "machine git.jesseyvanofferen.com login <user> password <token>" \
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf
sudo chmod 600 /etc/apt/auth.conf.d/rigdoctor.conf
echo "deb [trusted=yes] https://git.jesseyvanofferen.com/api/packages/jessey/debian stable main" \ # signing key → dearmored into the keyring (the key endpoint requires the token too)
| sudo tee /etc/apt/sources.list.d/rigdoctor.list sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL --user <user>:"$TOKEN" \
https://git.jesseyvanofferen.com/api/packages/jessey/debian/repository.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/gitea-jessey.gpg
# download credentials, kept out of the sources file
printf 'machine git.jesseyvanofferen.com login <user> password %s\n' "$TOKEN" \
| sudo tee /etc/apt/auth.conf.d/rigdoctor.conf >/dev/null
sudo chmod 0600 /etc/apt/auth.conf.d/rigdoctor.conf
# the source (modern deb822 format, GPG-verified, all-arch)
sudo tee /etc/apt/sources.list.d/rigdoctor.sources >/dev/null <<'EOF'
Types: deb
URIs: https://git.jesseyvanofferen.com/api/packages/jessey/debian
Suites: stable
Components: main
Architectures: all
Signed-By: /etc/apt/keyrings/gitea-jessey.gpg
EOF
sudo apt update && sudo apt install rigdoctor sudo apt update && sudo apt install rigdoctor
``` ```
Then `sudo apt upgrade` keeps it current. *(If your server serves a signed registry, drop the Then `sudo apt upgrade` keeps it current. *(Quick-and-dirty alternative if the registry isn't
`auth.conf.d` file and replace `[trusted=yes]` with `[signed-by=…]` + the `repository.key`.)* signed: skip the key and use a one-line `deb [arch=all trusted=yes] …/debian stable main` source.)*
### Any distro — self-extracting `.run` (no root) ### Any distro — self-extracting `.run` (no root)