Debian Packages

For more information about components, requirements and configuration of Debian package please take a 👀 into official Debian docs.

Steps to Add Package

1. Ask Platon to create a Debian repository. Provide name, description and list of users who should have access → Slack channel
2. Push package to repository
   • Manually
   • Configure CI pipeline
     1. Ask Platon to create access token Slack channel
     2. Set up CI pipeline

For each repository, Artifactory provides prefilled curl commands. The commands can be found under 🔧 Set Me Up.

Push Package to Repository Manually

curl -u <USER_NAME>:<TOKEN>\
  -XPUT "<REPOSITORY_URL><DEBIAN_PACKAGE_NAME>;deb.distribution=<DISTRIBUTION>;deb.component=<COMPONENT>;deb.architecture=<ARCHITECTURE>"\
  -T <PATH_TO_FILE>

• <USER_NAME> - your Artifactory username, typically your Sikt email address.
• <TOKEN> - your identity token. Identity token can be created under your Artifactory profile.
• <REPOSITORY_URL> - can be found in Artifactory GUI → click on the repository and copy URL to file.
• <DEBIAN_PACKAGE_NAME> - name of the package as it will appear in Artifactory. If you are uploading more packages in same time, point to folder you want to upload to - the name will be same as in upload destination.
• <DISTRIBUTION> - a distribution is just a name for APT to figure out which subdirectory to choose, e.g. bionic, bookworm
• <COMPONENT> - e.g. main, contrib or non-free
• <ARCHITECTURE> - usually amd64, i386 or all
• <PATH_TO_FILE> - path pointing to the built package. If you want to upload more packages from the same folder add /*.deb to the path.

Set Up CI Pipeline

1. Create ARTIFACTORY_ACCESS_TOKEN variable (masked) in your pipeline (https://gitlab.sikt.no/<GROUP>/<PROJECT>/-/settings/ci_cd) and paste generated access token (provided by Platon). Tokens are stored in vault.unit.no.

include:
- project: 'platon/artifactory'
  file: '/artifactory.gitlab-ci-helpers.yml'

variables:
  ARTIFACTORY_ACCESS_TOKEN: $ARTIFACTORY_ACCESS_TOKEN
  ARTIFACTORY_TARGET_PATH: <REPOSITORY_NAME>/pool/
  PACKAGE_PATH: <PATH_TO_FILE>.deb
  DISTRIBUTION: <DISTRIBUTION>
  COMPONENT: <COMPONENT>
  ARCHITECTURE: <ARCHITECTURE>

deploy-debian-package:
  extends: .artifactory-debian-deploy
  stage: deploy

Variables can be defined as global or as a job specific or as a mixture.

• <REPOSITORY_NAME> - repository to which you want to push
• <PATH_TO_FILE> - path pointing to the built package. If you want to upload more packages from the same folder add /*.deb to the path.
• <DISTRIBUTION> - a distribution is just a name for APT to figure out which subdirectory to choose, e.g. bionic, bookworm
• <COMPONENT> - e.g. main, contrib or non-free
• <ARCHITECTURE> - usually amd64, i386 or all

Resolve Packages

Adding a public key to a repository is an important step to ensure the authenticity and integrity of packages you install. This is typically done to verify that the packages you are downloading are from a trusted source. Here's how you can add a public key to a Debian repository:

1. Obtain the Public Key

Obtain the public key file (usually with a .asc extension) from Artifactory. This key is used to sign the repository's packages, and you need it to verify the package signatures.

wget -O /etc/apt/trusted.gpg.d/artifactory-sikt.asc https://artifactory.sikt.no/artifactory/api/security/keypair/default/public

2. Add Debian repository

Add entry to file containing repository URL addresses e.g. /etc/apt/sources.list

echo deb "https://artifactory.sikt.no/artifactory/debian-microdep-local <DISTRIBUTION> <COMPONENT>" >> /etc/apt/sources.list

3. Update Package List

After adding the repository, you should update the package lists to ensure your system knows about the newly added repository:

sudo apt update

4. Install Package

Now you are able to install the desired package on your system with:

apt-get install <PACKAGE>

Resolve Packages with Puppet

To install the package on desired machine, the address to the Debian package must be added to list of the sources.

In Sikt, package source is typically configured with Puppet (more about how to work with Puppet 👉 testing your changes). To add the repository to Puppet add following configuration to the Puppet module handling the package:

  apt::source { 'artifactory.sikt.no':
    ensure   => present,
    comment  => '<type description>',
    location => 'https://artifactory.sikt.no/artifactory/<repository name>',
    release  => $facts['os']['distro']['codename'],
    repos    => 'main',
    key      => {
      'id'     => 'F8B12EEAABFFDFC3D15FFB8A673941BC25966A25', #gpg public key id
      'server' => 'https://artifactory.sikt.no:443/artifactory/api/security/keypair/default/public',
    },
    include  => {
      'src' => false,
      'deb' => true,
    },
  }

Migration from apt.uninett.no

apt.uninett.no will be deprecated and therefore Debian packages stored there should be migrated to artifactory.sikt.no.

If you build/publish through pipeline (as you should) refer to Set Up CI Pipeline ☝. If not (🙈) you can upload packages manually with curl or with help of web GUI.