Apt

Private Debian apt repository for jamescodes.

One-line install

Configure the keyring, sources list and basic-auth credentials in one shot. Replace USERNAME and PASSWORD with the credentials provided to you.

curl -fsSL https://apt.jamescodes.productspeoplecareabout.com/repo.sh \
  | sudo bash -s -- USERNAME PASSWORD

Then install whatever you need:

sudo apt install harden vps-quadlet vps-caddy

What is public

Only the paths in this table are reachable without basic-auth credentials. Everything else (browsing /dists/, /pool/, fetching .deb files, etc.) requires the credentials configured by repo.sh.

PathPurpose
/This page.
/repo.shInstaller script — configures keyring, sources list, auth.
/public.gpg.keyRepository signing key (ASCII-armored).
/shared-v0.3.0.cssShared design-system CSS used by this page.

Browse (requires basic auth)

If your browser has the credentials saved, these will load directly; otherwise it will prompt.

Suites and architectures

Suites: trixie (Debian 13 / Raspberry Pi OS 13) and noble (Ubuntu 24.04). Architectures advertised: amd64, arm64, armhf. All packages are Architecture: all.

Verify the signing key

The repository's signing key fingerprint is:

7C00 0F60 6ECB 1DE5 4B4D  7605 6EB6 177A FF1B 077D

Before trusting the key, verify that the file you downloaded matches that fingerprint:

curl -fsSL https://apt.jamescodes.productspeoplecareabout.com/public.gpg.key \
  | gpg --show-keys --fingerprint

The middle line of the output (under pub) should match the fingerprint above exactly. If it doesn't, do not import the key — stop and report it.

If you've already trusted the key via repo.sh, you can verify the on-disk copy the same way:

gpg --show-keys --fingerprint /etc/apt/keyrings/jamescodes-apt.asc