Create and manage your own Ubuntu/Debian package repository (PPA-like) on your server.
- 🚀 Easy setup wizard
- 📦 Add/remove packages with simple commands
- 🔐 Automatic GPG key generation and signing
- 🌐 Nginx web server configuration
- 📊 Package listing and management
- 🔄 Support for multiple distributions
- 🎯 Both public and internal network support
- Ubuntu/Debian server with root access
- Internet connection (for initial setup)
- At least 1GB free disk space (more depending on packages)
sudo ./ubuntu-repo_manager.sh setupThis will guide you through:
- Installing dependencies (aptly, gnupg, nginx)
- Generating GPG signing key
- Creating repository structure
- Configuring web server
- Showing client configuration
# Add a .deb package
sudo ./ubuntu-repo_manager.sh add /path/to/package.deb
# Or use interactive mode
sudo ./ubuntu-repo_manager.sh
# Then select option 2On client machines:
# Add GPG key (modern method)
wget -qO - http://your-server.com/KEY.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/myrepo.gpg
# Add repository with signed-by
echo "deb [signed-by=/etc/apt/trusted.gpg.d/myrepo.gpg] http://your-server.com focal main" | sudo tee /etc/apt/sources.list.d/myrepo.list
# Update and install
sudo apt update
sudo apt install your-packagesudo ./ubuntu-repo_manager.shProvides a menu with all operations.
# Setup new repository
sudo ./ubuntu-repo_manager.sh setup
# Add package
sudo ./ubuntu-repo_manager.sh add /path/to/package.deb
# Remove package
sudo ./ubuntu-repo_manager.sh remove package-name
# List all packages
sudo ./ubuntu-repo_manager.sh list
# Publish changes
sudo ./ubuntu-repo_manager.sh publish
# Show client configuration
sudo ./ubuntu-repo_manager.sh client-config/var/www/ubuntu-repo/
├── aptly/ # Aptly database and package pool
│ ├── db/
│ └── pool/
└── public/ # Published repository (served by nginx)
├── dists/
│ └── focal/
│ └── main/
├── pool/
└── KEY.gpg # Public GPG key for verification
Default configuration can be customized in the setup wizard:
- Repository Name: Default
myrepo - Distribution: Default
focal(Ubuntu 20.04)- Other options:
jammy(22.04),noble(24.04),bionic(18.04)
- Other options:
- Component: Default
main - Architecture: Default
amd64 - Base Directory: Default
/var/www/ubuntu-repo
Download or build .deb packages and add them directly:
sudo ./ubuntu-repo_manager.sh add mypackage.debCreate a simple package:
# Create package structure
mkdir -p mypackage_1.0/DEBIAN
mkdir -p mypackage_1.0/usr/local/bin
# Create control file
cat > mypackage_1.0/DEBIAN/control << EOF
Package: mypackage
Version: 1.0
Section: utils
Priority: optional
Architecture: all
Maintainer: Your Name <you@example.com>
Description: My custom package
Longer description of my package
EOF
# Add your files
cp myscript.sh mypackage_1.0/usr/local/bin/
# Build package
dpkg-deb --build mypackage_1.0
# Add to repository
sudo ./ubuntu-repo_manager.sh add mypackage_1.0.debTo support multiple Ubuntu versions, run setup wizard multiple times with different distributions:
# Setup for Ubuntu 20.04
sudo ./ubuntu-repo_manager.sh setup
# Choose: focal
# Setup for Ubuntu 22.04
sudo ./ubuntu-repo_manager.sh setup
# Choose: jammyFor production environments, use HTTPS:
- Install certbot:
sudo apt install certbot python3-certbot-nginx- Get certificate:
sudo certbot --nginx -d repo.example.com- Certbot will automatically configure nginx for HTTPS
Allow HTTP/HTTPS traffic:
sudo ufw allow 'Nginx Full'
sudo ufw enableIf you want the repository only accessible internally:
- In nginx configuration, bind only to internal IP:
listen 192.168.1.100:80;- Or use firewall rules to restrict access:
sudo ufw allow from 192.168.1.0/24 to any port 80After adding packages, always publish:
sudo ./ubuntu-repo_manager.sh publishRe-add the GPG key (modern method):
wget -qO - http://your-server.com/KEY.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/myrepo.gpgNote: The old apt-key method is deprecated. Always use the signed-by method shown above.
Check that the repository is published:
ls -la /var/www/ubuntu-repo/public/dists/Should contain your distribution folders.
Ensure correct ownership:
sudo chown -R www-data:www-data /var/www/ubuntu-repo/public/# Backup aptly database and packages
sudo tar -czf ubuntu-repo-backup.tar.gz /var/www/ubuntu-repo/aptly/
# Backup GPG keys
gpg --export-secret-keys > gpg-secret-keys.asc# List packages
sudo ./ubuntu-repo_manager.sh list
# Remove old version
sudo ./ubuntu-repo_manager.sh remove package-name_old-version
# Publish changes
sudo ./ubuntu-repo_manager.sh publishdu -sh /var/www/ubuntu-repo/# 1. Setup repository
sudo ./ubuntu-repo_manager.sh setup
# 2. Create a simple package
mkdir -p hello_1.0/DEBIAN hello_1.0/usr/local/bin
cat > hello_1.0/DEBIAN/control << EOF
Package: hello
Version: 1.0
Architecture: all
Maintainer: Me <me@example.com>
Description: Hello world script
EOF
echo '#!/bin/bash' > hello_1.0/usr/local/bin/hello
echo 'echo "Hello from my repo!"' >> hello_1.0/usr/local/bin/hello
chmod +x hello_1.0/usr/local/bin/hello
dpkg-deb --build hello_1.0
# 3. Add to repository
sudo ./ubuntu-repo_manager.sh add hello_1.0.deb
# 4. On client machine
wget -qO - http://my-server.com/KEY.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/myrepo.gpg
echo "deb [signed-by=/etc/apt/trusted.gpg.d/myrepo.gpg] http://my-server.com focal main" | sudo tee /etc/apt/sources.list.d/myrepo.list
sudo apt update
sudo apt install hello
# 5. Test
hello
# Output: Hello from my repo!- Always use GPG signing: Enabled by default in this tool
- Use HTTPS in production: Especially for public repositories
- Regular security updates: Keep aptly and nginx updated
- Access control: Use firewall rules or nginx auth for sensitive repos
- Backup GPG keys: Store securely, losing them means rebuilding trust
This tool is part of BashCollection and follows the same license.