The GAVO APT repository

GAVO runs an APT (“Debian“) repository through which we distribute bleeding-edge versions of DaCHS. Since bullseye (version 11), DaCHS is part of Debian, so you will only need this repo if you know you absolutely need the latest and greatest DaCHS or perhaps some other package we needed to hotfix. In other word: starting with bullseye, do not add our repo unless we tell you to or you're sure what you're doing.

To run DaCHS, you'll need to install the gavodachs2-server package. Starting in Debian buster, this will give you whatever DaCHS release was stable when the release was frozen. Debian unstable and testing should carry the latest stable release.

We also run our own APT repository, from which you will get release or beta packages; pulling them from us is usually preferable to pulling them from Debian testing unless you are running testing already. To do that, you have to add our repository to your APT sources. There are two ways to do that, one quick and dirty, one somewhat safer.

In each case, you will have to install our archive's singing key. In clase you want to check it: Its fingerprint is EBF1771A86F3C4B807A9F54D5A9FC1262E677E37.

Note that we changed our repo key in July 2023, migrating away from the 1024D key D8C139FC. If an apt update gives you the message:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9FC1262E677E37

you still have the old key installed and need to update to the new one.

Adding the repo, quick and dirty

The quick and dirty way to install the key on your machine is saying:

  cd /etc/apt/trusted.gpg.d
  curl -s \
    | sudo tee gavo-archive.keyring.asc

If you already had our previous archive key installed, you can then remove it. Just remove the old file gavo-archive.keyring.asc in trusted.gpg.d.

Then, add the line

  deb release main

to your /etc/apt/sources.list (of course, equivalent actions using graphical tools will do as well).

Adding the repo, somewhat cleaner

To limit the possible damage when we foul up, it's somewhat better to follow the following more involved procedure. Become root and then do:

curl \
  > /usr/share/keyrings/gavo-archive-keyring.gpg
Then, create the file /etc/apt/sources.list.d/gavo.sources with the content:
Types: deb deb-src
Suites: release beta
Components: main
Signed-By: /usr/share/keyrings/gavo-archive-keyring.gpg
Finally, make sure we can't clobber anyone else's packages (unless you manually install a package from us) by placing the following content in /etc/apt/preferences.d/gavo.pref:
Package: *
Pin: origin
Pin-Priority: 100

With this pin file, your system will prefer Debian's packages, and you will have to explicitly ask to get packages from us. That is, depending on whether you want our release or beta packages, you would say apt install gavodachs2-server/release or apt install gavodachs2-server/beta. Updates then are automatically pulled from us.

The release distribution

Our repository is essentially a rolling one; we try to keep our packages compatible with both Debian stable, unstable and oldstable. This might, of course, mean that if you never upgrade your base system, you may run into dependency problems over time. We make no promises about Ubuntu, but Ubuntus neither brand-new nor shockingly old should in general work.

We will not clobber packages from stable except when we are very confident they are backwards compatible. Thus, while we cannot actually promise anything, including this repository even in the quick-and-dirty way should not impact your systems's stability in any way, even though we may occasionally include an updated package or two (typically, python3-psycopg2).

The beta distribution

If you are more daring, you can instead try our bleeding-edge packages by adding

  deb beta main

to your sources.list in the quick and dirty case or edit gavo.sources and change the suites line to:

Suites: release beta

While we try to ensure that installations from our beta repository work at all times (and indeed, they are usually less experimental that what we are running on our own servers), you should be a bit more wary for glitches there.