{"id":277,"date":"2025-06-21T01:45:11","date_gmt":"2025-06-21T00:45:11","guid":{"rendered":"https:\/\/perilouscodpiece.org\/blaeg\/?p=277"},"modified":"2025-06-21T01:45:40","modified_gmt":"2025-06-21T00:45:40","slug":"gitea-debian-package-repository-with-testing-trixie-13","status":"publish","type":"post","link":"https:\/\/perilouscodpiece.org\/blaeg\/2025\/06\/21\/gitea-debian-package-repository-with-testing-trixie-13\/","title":{"rendered":"gitea debian package repository with testing\/trixie\/13"},"content":{"rendered":"\n<p><a href=\"https:\/\/gitea.com\">Gitea<\/a> is awesome for self-hosting git repos. One of the neat features it has is package repository hosting, including for debian (<a href=\"https:\/\/docs.gitea.com\/usage\/packages\/overview\">their docs on this in general<\/a>). For debian stable\/bookworm\/12, this works seamlessly at least in my experience.<br \/><br \/>Things get a bit hairier once you start using testing (trixie\/13 at present). The root problem is that the go pgp library used produces signatures that the new apt tooling in 13 does not like, specifically in regards to signature verification. See <a href=\"https:\/\/github.com\/go-gitea\/gitea\/issues\/33400\">here<\/a> for an example bug report \/ fix. &#8220;apt update&#8221; from a testing machine will fail with ugly mumbling along the lines of &#8220;OpenPGP signature verification failed, sub-process sqv returned an error code (god hates you, everything is ruined forever) , error message is demonic howling, signing key unknown, E_FUCKED, no binding signature on this shit, boss!&#8221;. (God help you if google search lands you here on those keywords.) Gitea 1.24 contains newer dependencies that should fix this. <b>BUT!<\/b> <i>The debian package repository signing key material has to be regenerated.<\/i> And that is where the fun starts, as there&#8217;s no way to do this via web ui or cli as far as I can tell.<\/p>\n\n\n<p>This process <b>seems<\/b> to do the right things, but it is admittedly a big hassle:<ol>\n<li>upgrade to 1.24.latest if not already done<\/li>\n<li>delete all package versions\/files through web ui. there should be no debian repo listed in the packages page<\/li>\n<li>open up your database and delete the debian.private.key and debian.public.key rows for your user in the user_settings table (whether sqlite, postgres, whatever)<\/li>\n<li>(I also got paranoid here and went on a cleaning sweep for all things &#8220;debian&#8221; in the package* tables as there were remnants despite there being no visible listing for a debian package repo after the delete package step above. I have not verified if this step is required, but it doesn&#8217;t seem to hurt per se.)<\/li><li><b>this part is important: restart the gitea service<\/b><\/li>\n<li>re-upload your package file(s). you <i>should<\/i> notice the upload take a hair longer, as it&#8217;s regenerating the repository.key et al.<\/li>\n<li>to verify, curl https:\/\/your-gitea-host:3000\/api\/packages\/yourusername\/debian\/repository.key -o test, gpg &#8211;show-keys test. the dates shown should be the current day if everything worked.<\/li>\n<li>you&#8217;ll have to re-download the repository.key into \/etc\/apt\/keyrings\/gitea-yourusername.asc (or wherever you put it, and matching the signed-by bit in the list file establishing gitea as a repo debian can draw from<\/li>\n<li>apt update \/ upgrade should now work<\/li>\n<\/ol>\nYou might be fooled, as I was, that the gitea command line &#8220;admin regenerate keys&#8221; command might do something useful to solve this, but alas it does not.\n<\/p>","protected":false},"excerpt":{"rendered":"<p>Gitea is awesome for self-hosting git repos. One of the neat features it has is package repository hosting, including for debian (their docs on this in general). For debian stable\/bookworm\/12, this works seamlessly at least in my experience. Things get a bit hairier once you start using testing (trixie\/13 at present). The root problem is &hellip; <a href=\"https:\/\/perilouscodpiece.org\/blaeg\/2025\/06\/21\/gitea-debian-package-repository-with-testing-trixie-13\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">gitea debian package repository with testing\/trixie\/13<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-277","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":2,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/posts\/277\/revisions"}],"predecessor-version":[{"id":280,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/posts\/277\/revisions\/280"}],"wp:attachment":[{"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/categories?post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/perilouscodpiece.org\/blaeg\/wp-json\/wp\/v2\/tags?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}