Skip to main content

Debian/Ubuntu .deb pkg utils

Project description

debpkgr

Pure Python implementation of Debian/Ubuntu packaging and repository utilities.

The allows one to perform various Debian-specific operations on non-Debian systems, in the absence of typical system-provided utilities (e.g. apt).

Example

Inspect Package

from debpkgr.debpkg import DebPkg

pkg = DebPkg.from_file('/path/to/foo.deb')

print(pkg.name)
print(pkg.nevra)
print(pkg.md5sum)
print(pkg.package)

Create Repo

from debpkgr.aptrepo import create_repo

name = 'test_repo_foo'
arches = ['amd64', 'i386']
description = 'Apt repository for Test Repo Foo'

files = []
for root, _, fl in os.walk(temp_dir):
    for f in fl:
        if f.endswith('.deb'):
            files.append(os.path.join(root, f))

repo = create_repo(self.new_repo_dir, files, name=name,
                   arches=arches, desc=description)

Signature Support

It is possible to sign the repository metadata using a wrapper script / executable around GPG or another GPG-signing facility (like a [Hardware Security Module](https://en.wikipedia.org/wiki/Hardware_security_module).

To do so, you will need to pass a SignOptions object to the lower-level AptRepo class as the gpg_sign_options argument:

gpg_sign_options = SignOptions(cmd="/usr/local/bin/sign.sh",
                               key_id="45BA0816")
repo = AptRepo(repo_dir, repo_name,
               gpg_sign_options=gpg_sign_options)

The supplied sign command has to be an executable.

It will be supplied the path to a Release file to be signed, and is expected to produce a file named Release.gpg in the same directory as the Release file.

Additionally, the sign command will be passed the following environment variables:

  • GPG_CMD

  • GPG_KEY_ID (if specified in the configuration file)

  • GPG_REPOSITORY_NAME

  • GPG_DIST

The sign command may decide on a key ID to use, based on the repository name or the dist that is being signed.

A minimal sign command using GPG could be:

#!/bin/bash -e

KEYID=${GPG_KEY_ID:-45BA0816}

gpg --homedir /var/lib/debpkgr/gpg-home \
    --detach-sign --default-key $KEYID \
    --armor --output ${1}.gpg ${1}

You could import your password-less GPG keys like this:

mkdir /var/lib/debpkgr/gpg-home
chmod 0700 /var/lib/debpkgr/gpg-home
gpg --homedir /var/lib/debpkgr/gpg-home --import <path-to-secret-keys>

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

debpkgr-1.0.5.tar.gz (48.9 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page