Package repositories

Package repositories are available for Debian Linux and for FreeBSD/PC-BSD. They have pre-built binary packages of several softwares. This is how to configure your computer to use these repositories.

No softwares are currently available as pre-built binaries for anything other than the AMD64 architecture.

FreeBSD and PC-BSD

Only the new pkg from version 10 is supported. Make sure that it is up-to-date, too. pkgng version 1.0 used a quite different format for package manifests.

You can view the contents of this repository via GOPHER or via FTP in EPLF.

Point pkg at the repository:

Create a file named /usr/local/etc/pkg/repos/JdeBP.conf, with contents as follows:

JdeBP {
	url: "http://FreeBSD-repository.JdeBP.info./",
	pubkey: "/usr/local/etc/pkg/keys/JdeBP.pub",
	signature_type: "pubkey",
	enabled: true
}

Provide pkg with the public key:

# install -d /usr/local/etc/pkg/keys
# fetch -o "/usr/local/etc/pkg/keys/JdeBP.pub" "http://FreeBSD-repository.JdeBP.info./package_signing_key.pub"

No that dot is not a mistake; it is preventing search path spoofing from making it easy for someone else to supplant the repository server's domain name on your computer.

There is an HTTPS-accessible key server.

# install -d /usr/local/etc/pkg/keys
# fetch -o "/usr/local/etc/pkg/keys/JdeBP.pub" "https://JdeBP.EU./Repository/freebsd/package_signing_key.pub"

Or you can download package_signing_key.pub to that directory from this page. Or you can download package_signing_key.pub to that directory via GOPHER.

Note that really one should fetch the public key from a different place to the repository itself, which you are not doing. That needs more WWW servers to be distinct file servers; which would cost a lot of money, just to host one very small file.

Update your package list:

# pkg update

Debian Linux

You can view the contents of this repository via GOPHER or via FTP in EPLF.

Point APT at the repository:

Create a file named /etc/apt/sources.list.d/JdeBP.list, with contents as follows:

deb [signed-by=/usr/share/keyrings/jdebp-debian-repository.gpg] http://Debian-repository.JdeBP.info./ stable main

On Debian 8 and earlier you do not have signed-by:

deb http://Debian-repository.JdeBP.info./ stable main

Tell APT about the public key:

On Debian 9 and later you download it into the same file under /usr/share/keyrings/ as you told APT with signed-by:

# curl "http://Debian-repository.JdeBP.info./repository_signing_key.pub" > /usr/share/keyrings/jdebp-debian-repository.gpg

No that dot is not a mistake; it is preventing search path spoofing from making it easy for someone else to supplant the repository server's domain name on your computer.

There is an HTTPS-accessible key server.

# curl "https://JdeBP.EU./Repository/debian/repository_signing_key.pub" > /usr/share/keyrings/jdebp-debian-repository.gpg

Or you can download repository_signing_key.pub from this page. Or you can download repository_signing_key.pub to that directory via GOPHER. These are both the plain binary key file. There is an "ASCII armoured" repository_signing_key.pub.asc version, too.

Note that really one should fetch the public key from a different place to the repository itself, which you are not doing. That needs more WWW servers to be distinct file servers; which would cost a lot of money, just to host one very small file.

On Debian 8 and earlier you have to add the key to the global APT keyring, which has the unfortunate side-effect of making it a valid signing key for all package repositories that your machine is configured to use, rather than just this repository:

# curl "http://Debian-repository.JdeBP.info./repository_signing_key.pub.asc" | apt-key add -

Update your package list:

You can do this with apt-get, synaptic, or aptitude. See their manuals for how. Here is the latter:

# aptitude update

OpenBSD

This is not provided yet.

You can view the contents of this repository via GOPHER or via FTP in EPLF.

A repository exists, and you can probably guess its hostname. But the problems with the old package manager on OpenBSD mean that pre-built binary packages come with a long list of caveats (which are not present on other platforms). Binary packages will not (currently) just drop in and work as they do on other platforms. For OpenBSD, for the time being, you should build from source, check the doco for what limitations apply, and hand-perform any installation and configuration.


© Copyright 2016,2017 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this WWW page in its original, unmodified form as long as its last modification datestamp information is preserved.