debpkgr

Release 1.1.0

Debian/Ubuntu .deb pkg utils

Homepage PyPI Python

License
Apache-2.0
Install
pip install debpkgr==1.1.0

Documentation

debpkgr

Pure Python implementation of Debian/Ubuntu packaging and repository utilities.

The allows one to perform various Debian-specific operations on non-Debian systems, in the absence of typical system-provided utilities (e.g. apt).

Example

Inspect Package

from debpkgr.debpkg import DebPkg

pkg = DebPkg.from_file('/path/to/foo.deb')

print(pkg.name)
print(pkg.nevra)
print(pkg.md5sum)
print(pkg.package)

Create Repo

from debpkgr.aptrepo import create_repo

name = 'test_repo_foo'
arches = ['amd64', 'i386']
description = 'Apt repository for Test Repo Foo'

files = []
for root, _, fl in os.walk(temp_dir):
    for f in fl:
        if f.endswith('.deb'):
            files.append(os.path.join(root, f))

repo = create_repo(self.new_repo_dir, files, name=name,
                   arches=arches, desc=description)

Signature Support

It is possible to sign the repository metadata using a wrapper script / executable around GPG or another GPG-signing facility (like a [Hardware Security Module](https://en.wikipedia.org/wiki/Hardware_security_module).

To do so, you will need to pass a SignOptions object to the lower-level AptRepo class as the gpg_sign_options argument:

gpg_sign_options = SignOptions(cmd="/usr/local/bin/sign.sh",
                               key_id="45BA0816")
repo = AptRepo(repo_dir, repo_name,
               gpg_sign_options=gpg_sign_options)

The supplied sign command has to be an executable.

It will be supplied the path to a Release file to be signed, and is expected to produce a file named Release.gpg in the same directory as the Release file.

Additionally, the sign command will be passed the following environment variables:

  • GPG_CMD
  • GPG_KEY_ID (if specified in the configuration file)
  • GPG_REPOSITORY_NAME
  • GPG_DIST

The sign command may decide on a key ID to use, based on the repository name or the dist that is being signed.

A minimal sign command using GPG could be:

#!/bin/bash -e

KEYID=${GPG_KEY_ID:-45BA0816}

gpg --homedir /var/lib/debpkgr/gpg-home \
    --detach-sign --default-key $KEYID \
    --armor --output ${1}.gpg ${1}

You could import your password-less GPG keys like this:

mkdir /var/lib/debpkgr/gpg-home
chmod 0700 /var/lib/debpkgr/gpg-home
gpg --homedir /var/lib/debpkgr/gpg-home --import <path-to-secret-keys>

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
7
Forks
6
Watchers
11
Contributors
5
Repository size
168 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.0
1.0.5
1.0.3
1.0.1
1.0.1.dev1

Contributors

Brett Smith Mihai Ibanescu Matthias Dellweg Walter Scheper Patrick Creech


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-13 22:33:44 UTC

Login to resync this project