Repository Management: Difference between revisions

From iPhone Development Wiki
(linking another guide)
(→‎Private repositories: Crazy Payment API was never added here)
 
(28 intermediate revisions by 7 users not shown)
Line 1: Line 1:
This page contains instructions for getting a personal repository set up, and general tips and tricks.
Here are instructions and advice for setting up and managing a Cydia repository. For context, Cydia uses an adapted version of Debian APT ([https://en.wikipedia.org/wiki/Advanced_Packaging_Tool Advanced Packaging Tool]) to manage packages.


== Novice ==
== saurik's explanation ==


If you have no interest in setting up your own server, you can always use [https://myrepospace.com/ MyRepoSpace].
The authoritative guide to setting up a Cydia APT repository is '''[http://www.saurik.com/id/7 saurik's post on the subject]'''.


== Advanced ==
=== Share API ===


Cydia uses a Debian APT-like implementation to manage packages.
Public since July 3rd 2015 in saurik's [https://twitter.com/saurik/status/617138072342282240 tweet], it is possible to link to a repository or package from a url that Cydia can pick up.


=== saurik's explanation ===
To link to a repository, make an anchor on your site to


If you have no experience with Debian APT, then you can read saurik's [http://www.saurik.com/id/7 excellent writeup on the subject], which should be more than enough to get you started.
    cydia://url/https://cydia.saurik.com/api/share#?source=http://apt.saurik.com/beta/itsamystery/


=== Other explanations ===
To link to a package, make an anchor on your site to


http://patrickmuff.ch/blog/2013/02/15/create-your-own-cydia-repository-on-ubuntu/
    cydia://url/https://cydia.saurik.com/api/share#?source=http://apt.saurik.com/beta/itsamystery/&package=com.saurik.mystery


https://github.com/WinneonSword/tutorial-repository
Replacing ''http://apt.saurik.com/beta/itsamystery/'' and ''com.saurik.mystery'' to the target repository and package.


=== Quick and dirty summary ===
If the repository is not on the list Cydia will ask to add it. It will then take you to the package list (if linked to a repository) or to the specified package (if linked to a package).


First thing is, obviously, you'll need a web host. Literally it could be anything, like [https://neocities.org/ Neocities] or [https://pages.github.com/ GitHub pages].
== Other explanations ==


==== Repository structure ====
Patrick Muff wrote [http://patrickmuff.ch/blog/2013/02/15/create-your-own-cydia-repository-on-ubuntu/ "Create your own Cydia Repository on Ubuntu in a few minutes"]


The basic idea is that you have two files in your server, <tt>Packages</tt> and <tt>Release</tt>. These files can be bzipped to save bandwidth (i.e. <tt>Packages.bz2</tt> and <tt>Release.bz2</tt>). <tt>Packages</tt> contains all of the information related to the different packages on your server (and where to download them, more on that later) and <tt>Release</tt> contains all of the information related to your server (like the name, description, etc).
WinneonSword made a [https://github.com/WinneonSword/tutorial-repository Tutorial Repository on Github].


If you want to see an example of a typical <tt>Packages</tt> and <tt>Release</tt> file, go to your sources in Cydia and find a repository hosted by a 3rd party. Copy-paste the URL in your browser and append <tt>Release.bz2</tt> (or <tt>Release</tt> if you get a 404) to the end. Same thing applies with Packages.
== Quick and dirty summary ==


==== .deb files ====
First thing is, you'll need a web host. It could be anything, like [https://pages.github.com/ GitHub pages] (which is what most people do these days).


The <tt>Packages</tt> file mentioned earlier points to .deb files in your server that you can download. These are made with dpkg-deb. [http://man.he.net/man1/dpkg-deb Manpage here]. The idea is that you set up a folder in the way you'd want the files to appear in your filesystem (and the <tt>DEBIAN</tt> folder, which would contain your <tt>control</tt> file, and optional <tt>preinst</tt> and <tt>postinst</tt> scripts) when it installs in Cydia, and then you'd use <tt>dpkg-deb -b folder_name</tt> to make the package (which will be named <tt>folder_name.deb</tt>.
=== Repository structure ===
 
The basic idea is that you have two files in your server, <tt>Packages</tt> and <tt>Release</tt>. <tt>Packages</tt> must be bzipped and named <tt>Packages.bz2</tt>, and optionally <tt>Release</tt> may be also. <tt>Packages</tt> contains all of the information related to the different packages on your server (and where to download them, more on that later) and <tt>Release</tt> contains all of the information related to your server (like the name, description, etc).
 
If you want to see examples of <tt>Packages</tt> and <tt>Release</tt> files, you can see the cached files from your installed repos at <tt>/var/lib/apt/lists</tt> (note they can be quite large).
 
=== .deb files ===
 
The <tt>Packages</tt> file mentioned earlier points to .deb files in your server that you can download. These are made with [http://man.he.net/man1/dpkg-deb dpkg-deb]. Read more in the '''[[Packaging]]''' page.


== Custom icon ==
== Custom icon ==


Put the file <tt>CydiaIcon.png</tt> at the root of your repository.
Put the file <tt>CydiaIcon.png</tt> at the root of your repository. It is displayed at 32x32, and it would be best for the file to be at Retina resolution (64x64 for @2x and 96x96 for @3x).
 
== Private repositories ==
 
 
<b>NOTE:</b> Static webhosts (like Github Pages) won't work for private repos. You'll need a server that has some way to let you process requests server-side, e.g. PHP, node.js, Go, Django, etc.
 
=== Payment Provider API ===
 
All current package managers (with the exception of Cydia) support Payment Provider API, which can be used for purposes other than payment/checkout systems.
 
* [https://developer.getsileo.app/payment-providers Payment Provider API specification]
 
=== Password Protection ===
 
You can use a username and password system through Cydia's depiction system, where the user enters their username and password in the depiction page, and then is authorized to download the package.
 
==== Password Protection Examples ====
 
* [https://github.com/goeo-/errrr/ PHP]
 
=== UDID Protection ===
 
You can also restrict access based on UDID. Cydia sends the user's UDID via the <tt>X-Unique-ID</tt> HTTP header, so your server could check that against a database in order to ensure that the user has rightful access.
 
==== Pitfalls of UDID Protection ====


== Private repos ==
UDID-protected repos are not very secure. UDID's can be easily faked since there is nothing to say whether it's legitimate or spoofed since it's sent as an HTTP header (<code>X-Unique-ID</code>), and these are sent with ''every'' Cydia support email. There have been public UDID leaks that pirate repositories are known to brute-force packages with. An unfortunate number of repositories, and Cydia Store, use it despite its misuse being bad enough that it was [http://www.theverge.com/2013/3/21/4133288/apple-to-finally-stop-accepting-apps-that-use-outdated-udid-device-identifier-may-1st banned from the App Store] in 2012. You should not consider protection by UDID completely secure; while it works and is simple to implement, it's like a fingerprint: if it's compromised by bad guys, it's hard to change it.


The most trivial way to get private repository is to restrict access based on UDID. Cydia sends the user's UDID via the <tt>HTTP_X_UNIQUE_ID</tt> HTTP header, so your server could check that against a database in order to ensure that the user has rightful access.
==== UDID Protection Examples ====


<b>NOTE:</b> Static webhosts like Neocities won't work for private repos. You'll need a server that has some way to let you process requests server-side, e.g. PHP, node.js, or Flask.
* [https://github.com/xdb6f/udid-cydia-repo PHP].
* [https://github.com/Aehmlo/udid-enabled-cydia-repo Node.js].


=== PHP implementation ===
== See also ==


A PHP implementation can be found [https://github.com/moeseth/UDID-protected-cydia-repo here].
* About <code>target=_blank</code> links in repositories: https://mathiasbynens.github.io/rel-noopener/ and https://css-tricks.com/use-target_blank/

Latest revision as of 04:35, 29 May 2021

Here are instructions and advice for setting up and managing a Cydia repository. For context, Cydia uses an adapted version of Debian APT (Advanced Packaging Tool) to manage packages.

saurik's explanation

The authoritative guide to setting up a Cydia APT repository is saurik's post on the subject.

Share API

Public since July 3rd 2015 in saurik's tweet, it is possible to link to a repository or package from a url that Cydia can pick up.

To link to a repository, make an anchor on your site to

   cydia://url/https://cydia.saurik.com/api/share#?source=http://apt.saurik.com/beta/itsamystery/

To link to a package, make an anchor on your site to

   cydia://url/https://cydia.saurik.com/api/share#?source=http://apt.saurik.com/beta/itsamystery/&package=com.saurik.mystery

Replacing http://apt.saurik.com/beta/itsamystery/ and com.saurik.mystery to the target repository and package.

If the repository is not on the list Cydia will ask to add it. It will then take you to the package list (if linked to a repository) or to the specified package (if linked to a package).

Other explanations

Patrick Muff wrote "Create your own Cydia Repository on Ubuntu in a few minutes"

WinneonSword made a Tutorial Repository on Github.

Quick and dirty summary

First thing is, you'll need a web host. It could be anything, like GitHub pages (which is what most people do these days).

Repository structure

The basic idea is that you have two files in your server, Packages and Release. Packages must be bzipped and named Packages.bz2, and optionally Release may be also. Packages contains all of the information related to the different packages on your server (and where to download them, more on that later) and Release contains all of the information related to your server (like the name, description, etc).

If you want to see examples of Packages and Release files, you can see the cached files from your installed repos at /var/lib/apt/lists (note they can be quite large).

.deb files

The Packages file mentioned earlier points to .deb files in your server that you can download. These are made with dpkg-deb. Read more in the Packaging page.

Custom icon

Put the file CydiaIcon.png at the root of your repository. It is displayed at 32x32, and it would be best for the file to be at Retina resolution (64x64 for @2x and 96x96 for @3x).

Private repositories

NOTE: Static webhosts (like Github Pages) won't work for private repos. You'll need a server that has some way to let you process requests server-side, e.g. PHP, node.js, Go, Django, etc.

Payment Provider API

All current package managers (with the exception of Cydia) support Payment Provider API, which can be used for purposes other than payment/checkout systems.

Password Protection

You can use a username and password system through Cydia's depiction system, where the user enters their username and password in the depiction page, and then is authorized to download the package.

Password Protection Examples

UDID Protection

You can also restrict access based on UDID. Cydia sends the user's UDID via the X-Unique-ID HTTP header, so your server could check that against a database in order to ensure that the user has rightful access.

Pitfalls of UDID Protection

UDID-protected repos are not very secure. UDID's can be easily faked since there is nothing to say whether it's legitimate or spoofed since it's sent as an HTTP header (X-Unique-ID), and these are sent with every Cydia support email. There have been public UDID leaks that pirate repositories are known to brute-force packages with. An unfortunate number of repositories, and Cydia Store, use it despite its misuse being bad enough that it was banned from the App Store in 2012. You should not consider protection by UDID completely secure; while it works and is simple to implement, it's like a fingerprint: if it's compromised by bad guys, it's hard to change it.

UDID Protection Examples

See also