How to make your .deb

You can use this little script

function MONDEB(){

# Go to your repository 
cd /home/tools/MONDEB/bashelper
# make .deb file
dpkg-deb --build bashelper
# copy .deb on the right place (MONREPO).
cp /home/tools/MONDEB/bashelper/bashelper.deb /home/tools/MONREPO/bashelper/ -f
}

function cdrepo() {
# go to the web repo
cd /home/tools/MONREPO/bashelper/

# Delete old files
rm -rf /home/tools/MONREPO/bashelper/db
rm -rf /home/tools/MONREPO/bashelper/pool
rm -rf /home/tools/MONREPO/bashelper/dists
rm -f  /home/tools/MONREPO/bashelper/public.key

# Make the magic
reprepro -b . includedeb stable  /home/tools/MONREPO/bashelper/bashelper.deb

# Done !
}


MONDEB
echo " ✅DEB   update  OK "

cdrepo
echo " ✅REPO update OK "

echo " gpg starting ... need to put your secret"
/usr/bin/gpg --armor --output /home/tools/MONREPO/bashelper/public.key --export contact@echosystem.fr

Make REPOSITORY for web APT

Exemple of Apache Sub-domain:

 
<VirtualHost *:80>
ServerName deb.echosystem.fr
RedirectPermanent / https://deb/echosystem.fr/
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName deb.echosystem.fr
        ServerAdmin contact@echosystem.fr
        DocumentRoot /home/tools/MONREPO
        Serversignature off
 
# SSL
SSLEngine On
SSLHonorCipherOrder on
SSLCompression    off
SSLCertificateFile /etc/letsencrypt/live/deb.echosystem.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/deb.echosystem.fr/privkey.pem

##Secu
SetEnv nokeepalive ssl-unclean-shutdown

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
    Header always set X-Frame-Options SAMEORIGIN
    Header always set X-Xss-Protection "1; mode=block"
    Header always set X-Content-Type-Options nosniff
   Header always set Referrer-Policy origin
</IfModule>

<Directory /home/tools/MONREPO>
 Options +Indexes +FollowSymLinks
  Require all granted
  RewriteEngine On
  AllowOverride None

IndexOptions FancyIndexing HTMLTable SuppressRules
IndexOptions IconsAreLinks ScanHTMLTitles NameWidth=* DescriptionWidth=*

# Autoindex-Strapdown Directives
AddType text/plain .md
HeaderName HEADER.md
ReadmeName README.md

IndexHeadInsert "<script>conf = {theme: 'cyborg', title: 'Repository APT  ☠'};</script> \
<script src='/autoindex_strapdown/autoindex_strapdown.js'></script> \
<link rel='stylesheet' href='/autoindex_strapdown/autoindex_strapdown.css'>"

# Turn off index.html rendering, so Strapdown directory is autoindexed
#DirectoryIndex no-such-file.html

# Override common defaults on Mac OS X
AddIconByEncoding (CMP,/autoindex_strapdown/icons2/glyphicon-file.svg) x-compress x-gzip
AddIcon /autoindex_strapdown/icons2/glyphicon-file.svg .bin .exe .hqx .tar .wrl .wrl.gz .vrml .vrm .iv .Z .z .tgz .gz .zip .ps .ai .eps .html .shtml .htm .pdf .txt .c .pl .py .for .dvi .uu .conf .sh .shar .csh .ksh .tcl .tex core

# Descriptions
AddDescription "tl;dr: Apache, use freely"
AddDescription "tl;dr: MIT, use freely" LICENSE
AddDescription "SVG file icons" icons

# Icons using Bootstrap's Glyphicon set
DefaultIcon /autoindex_strapdown/icons2/glyphicon-file.svg
AddIcon /autoindex_strapdown/icons2/blank.svg ^^BLANKICON^^
AddIcon /autoindex_strapdown/icons2/glyphicon-folder-open.svg ^^DIRECTORY^^
AddIcon /autoindex_strapdown/icons2/glyphicon-circle-arrow-up.svg ..
AddIconByType (TXT,/autoindex_strapdown/icons2/glyphicon-file.svg) text/*
AddIconByType (IMG,/autoindex_strapdown/icons2/glyphicon-picture.svg) image/*
AddIconByType (SND,/autoindex_strapdown/icons2/glyphicon-music.svg) audio/*
AddIconByType (VID,/autoindex_strapdown/icons2/glyphicon-film.svg) video/*

# Exclusions
IndexIgnore robots.txt pic favicon.ico favicon.gif HEADER.md README.md autoindex_strapdown  themes js .htaccess  favicon.png update-repo.sh update-repo-bashelper.sh
</Directory>

<link rel='stylesheet' href='/autoindex_strapdown/autoindex_strapdown.css'>"

# debug, info, notice, warn, error, crit, alert, emerg.
LogLevel notice

CustomLog ${APACHE_LOG_DIR}/access.deb.echosystem.fr.log vhost_combined
CustomLog ${APACHE_LOG_DIR}/404_only.log vhost_combined "expr=%{REQUEST_STATUS} eq 404"
CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
 
</VirtualHost>
</IfModule>

#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
#<Directory />
#   AllowOverride None
#   Require all denied
#</Directory>


# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens Prod
#ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#ServerSignature Off
ServerSignature Off

#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of:  On | Off | extended
TraceEnable Off
#TraceEnable On

#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
<DirectoryMatch "/\.svn">
   Require all denied
</DirectoryMatch>


#############################################
 
<DirectoryMatch "/\.git">
   Require all denied
</DirectoryMatch>

<Files ".ht*">
    Require all denied
</Files>

<Files "xmlrpc.php">
    Require all denied
</Files>

<Files "robots.txt">
    Require all granted
</Files>

#################################################
#
# Setting this header will prevent MSIE from interpreting files as something
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
Header set X-Content-Type-Options: "nosniff"

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet