One-line install
Configure the keyring, sources list and basic-auth credentials in one shot. Replace USERNAME and PASSWORD with the credentials provided to you.
curl -fsSL https://apt.jamescodes.productspeoplecareabout.com/repo.sh \ | sudo bash -s -- USERNAME PASSWORD
Then install whatever you need:
sudo apt install harden vps-quadlet vps-caddy
What is public
Only the paths in this table are reachable without basic-auth credentials. Everything else (browsing /dists/, /pool/, fetching .deb files, etc.) requires the credentials configured by repo.sh.
| Path | Purpose |
|---|---|
| / | This page. |
| /repo.sh | Installer script — configures keyring, sources list, auth. |
| /public.gpg.key | Repository signing key (ASCII-armored). |
| /shared-v0.3.0.css | Shared design-system CSS used by this page. |
Browse (requires basic auth)
If your browser has the credentials saved, these will load directly; otherwise it will prompt.
Suites and architectures
Suites: trixie (Debian 13 / Raspberry Pi OS 13) and noble (Ubuntu 24.04). Architectures advertised: amd64, arm64, armhf. All packages are Architecture: all.
Verify the signing key
The repository's signing key fingerprint is:
7C00 0F60 6ECB 1DE5 4B4D 7605 6EB6 177A FF1B 077D
Before trusting the key, verify that the file you downloaded matches that fingerprint:
curl -fsSL https://apt.jamescodes.productspeoplecareabout.com/public.gpg.key \ | gpg --show-keys --fingerprint
The middle line of the output (under pub) should match the fingerprint above exactly. If it doesn't, do not import the key — stop and report it.
If you've already trusted the key via repo.sh, you can verify the on-disk copy the same way:
gpg --show-keys --fingerprint /etc/apt/keyrings/jamescodes-apt.asc