Debian Repo

This is a repo of Debian i386 packaged versions of my stuff for use with apt instead of individual .deb downloads. The tree starts at ftp://download.tuxfamily.org/user42/debian/, or see the tree listing.

• "main" is my packages
• "other" is packaged things from elsewhere, such as dependencies from CPAN not otherwise in the Debian archive (see below).

Point apt-get to the repo with the following line in your /etc/apt/sources.list file, then "apt-get update" to fetch the indexes.

deb     https://download.tuxfamily.org/user42/debian user42 main other
deb-src https://download.tuxfamily.org/user42/debian user42 main other

Or ftp://download... or http://download... as desired. Browse through the Packages files directly for all the contents,

main Packages
other Packages

The packages were built on an i386 of an only moderately up-to-date "testing" at release time. All the Emacs things and most of the Perl are architecture "all". There's an amd64 pool which has just those "all" packages. On other archs something like the following might work to take just the "all" packages (or perhaps amd64 instead of i386, and new enough apt),

deb [arch=i386] https://download.tuxfamily.org/user42/debian user42 main other

Using "amd64" for the "all" packages was a mistake, since may eventually have some actual amd64.

The deb-src line shown above is only needed to download sources with apt-get source PACKAGENAME. Each .orig.tar.gz is identical to the source .tar.gz, but renamed to the deb package name. Each .diff.gz is empty (except on a binary rebuild) since the tar includes a debian dir.

Currently not all sources are in the repo, but going to have most eventually. The intended use is convenient rebuilding of packages against newer or older libraries. The simplest is by apt, but things like pbuilder can do whole environments and chains of depends.

apt-get source --compile libfile-locate-iterator-perl

If tests fail for no good reason then try skipping with

DEB_BUILD_OPTIONS=nocheck apt-get source --compile ...

The Perl XS packages are built for Perl 5.32.0 but can be rebuilt from source for other versions. Perl minor versions are usually upwardly binary compatible but major versions are not, forcing you to go in lock-step with irritating rebuilds of all packages.

On non-i386, it might work to build and install binary dependencies individually and then let apt-get take the "all" packages as above.

The Emacs packages have debhelper blobs which only work with emacsen-common version 2 and up. Those emacsen-common bits were designed to reduce dependencies but result in an undeclared dependency on its version 2 or higher. That version is now a while ago. The symptom of running with earlier is no byte compiling at package install.

Security

The repo and .dsc files are signed with my key. The Release file etc has SHA256 digests signed by my 4096R which should be big enough for Apt post 2016 refusing SHA-1 (due to whatever computing power or algorithms approaching the time when it might no longer be secure).

With recent Apt, it may be necessary to tell Apt to trust my key or it won't even show packages. This is annoying but it's an end-to-end check. Previously you could answer yes to "without verification" warnings, or apt-get --allow-unauthenticated. One way is to copy my public keyring file user42_kevin.gpg to

/etc/apt/trusted.gpg.d/user42_kevin.gpg

But examine or verify first of course (gpg --list-keys, --list-sigs, etc). Read more in the apt-key and/or apt-secure man pages, or the Debian wiki on SecureApt. You can always review and dpkg -i filename.deb individual files.

Each source .dsc has an internal signature from my key. This is a Gnu PG clear sign and should be verified by dscverify (from the devscripts package) since that checks the .orig.tar.gz and .diff.gz files actually have the SHAs listed in the .dsc.

dscverify --keyring user42_kevin.gpg FILENAME.dsc

Instead of --keyring option each time, you can list my keyring file in environment variable DSCVERIFY_KEYRINGS or file /etc/devscripts.conf, or add my key to ~/.gnupg/trustedkeys.gpg.

All of tuxfamily can be reached by https. This is recommended for security if going to actually run something. The HTTPS SSL certificate is from tuxfamily.

The "other" packages are things from elsewhere put into debs. No guarantees about the quality, security, etc, except they seem fine. Each maintainer version is "0.1" or "0.2" so if/when there's a packaged version in the Debian archive then that will be higher and should be preferred by apt etc. Things with their own descriptions and notes include,

• geniustrader -- package of Genius Trader modules
• pariemacs -- package of PariEmacs
• ta-lib -- package of TA-Lib Perl interface
• tvtwm -- package of tvtwm window manager

Perl packages are built with dh-make-perl. The source .diff.gz is as generated by dh-make-perl at the time, possibly with tweaks to the Depends, or minor bug fixes.

libpngwriter0c2 and libpngwriter0-dev are copied from snapshot.debian.org as they're no longer in the Debian archive. Both use libpng12 (also copied). The corresponding libpng12-dev is no longer current, but installing just the libpng12 library part is fine.

This page Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Kevin Ryde.
(Back to the sitemap.)