Install package from private repository using composer from Bitbucket

By the use of composer is very simple to keep a package manager from different dependency in our projects. If you create your own package you must publish it in packagist in order composer can find it to install it. But if you want to have a private repository you must pay a fee in order to allow this from packagist.

So, can I have a private repository where composer can download my packages?
Yes, you can.

Per a request from my friends and family, I created this simple guide to install a package from a private repository that is hosted  in Bitbucket.

Overview

1. Create SSH keys.
2. Create my package.
3. Add to my repository.
4. Let's do it!

Create SSH

If you already have SSH private and public keys you can skip this step.

If not see Bitbucket guide.

1. Keep in hand the public key we will use it later.

My package

1. Lets create a package called "mypackage".

composer.json

{
    "name": "abelbm/mypackage",
    "autoload": {
        "psr-4": {
            "Abelbm\\Mypackage\\": "src"
        }
    }
}

test.php

namespace Abelbm\Mypackage;

class test {
    public function test(){
        echo "test";
    }
}

2. Add this package in a git repository in Bitbucket with the repository name "mypackage".




3. Push also to your repository the tag "v1.0".

git tag -a v1.0 -m "first version"
git push origin v1.0

4. Check the tag in your repository.



5. Go to the repository's settings.



6. Navigate to the section "Access Keys".



7. Add your public key.



8. Done!

My project

1. Lets say we have our project called "myproject". Add a "composer.json" file.

composer.json

{
    "require": {
        "abelbm/mypackage": "1.0"
    },
    "repositories": [
        {
            "type": "vcs",
            "url":  "ENTER YOUR REPOSITORY PATH"
        }
    ]
}

2. Update the "url" with the SSH path of "mypackage". Example: git@bitbucket.org:abelbmartinez/mypackage.git




3. Using the terminal, navigate to "myproject" folder and run "composer" to install the package.



4. If everything is correct the package should install like a charm. Enjoy!

Create your own Debian or Ubuntu repository and certified by your own *.gpg using Reprepo and Python

We are going to work in a Linux environment using tools like Python, Reprepro and GPG key. 

GPG key
With this we can sign our software and guarantee that we are using software from a trusted site.


Reprepro 
Powerful tool for generate  a Debian repository.

Python-pexpect Python's module for work with interactive applications.

Let's make it by step:

1- Create your own *.gpg key. 

TODO

2- Create a folder and name as packages, here we'll place all the *.deb.

mkdir /home/packages
cd /home/packages

3- Create a folder and name it as conf inside it create a file and call it distributions.

mkdir conf
gedit conf/distributions

We'll do this for distribution  lucid and the component main. Also we'll generate the Packages, Release, .gz y .bz2 files.  SignWith is the variable that says who is going to sign .


distributions file

Codename: lucid
Components: main
Architectures: i386 amd64
Description: My repository
SignWith: abelbmartinez@gmail.com
DebIndices: Packages Release . .gz .bz2

4- Make a folder and name it as repository, there we'll have our new repository.

mkdir /home/repository

5- Create a script file and name it as pycrearepo_lucid.py. Copy and paste all the code below.

pycrearepo_lucid.py file

#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
[EN]
This Script generate a DEBIAN repository using the tool 'reprepo'.
It works like this, first get all the *.deb from a folder, then obtain 
the size of all these packages, the list from all the sizes is 
ordered descendent, 'reprepro' interact more stable with 
'python-pexpect' adding packages in this way.

[ES]
Este Script genera un repositorio DEBIAN usando la herremienta 'reprepro'. 
La sintaxis es la siguiente, se obtinen todos los *.deb de una carpeta
luego se obtiene el tamaño de estos paquetes, el listado del tamaño de los
paquetes es ordenado de mayor a menor, ya que 'reprepo' trabaja junto con
'python-pexpect' más estable cuando se le adicionan los paquetes de esta manera.

Created on 04.06.2010

@requires: reprepro, python-pexpect

@author: Abel Bolaños Martínez
@contact: abelbmartinez@gmail.com

@author: Oscar Martínez Lopez 
@contact: oscar.martinez@etecsa.cu

@license: Public Domain
'''

import pexpect
import glob
import os
import time

#packages *.deb
packagesSources = "/home/packages/"
distribution = "lucid"
#repositorio
repoMirror = "/home/repository/"
#private key
gpgKeys = "/home/mirrorGPG/"
#Secret phrase from the private key
keyringPhrase = "yourSecretPhrase"


os.chdir(packagesSources)
#get all the *.deb
listPackages = glob.glob("*.deb")
dictSizePackage = dict()
#dict de {size:package}
for package in listPackages:
    dictSizePackage.update({os.path.getsize(package):package})
#sizes
sizes = dictSizePackage.keys()
#sort
sizes.sort()
#backToFront
sizes.reverse()

for size in sizes:
    time.sleep(1.5)#let's wait for 'reprepro' delete the 'lockfile'
    command = pexpect.spawn("reprepro -b . --gnupghome %s --outdir %s --ask-passphrase --waitforlock 2 --keepunusednewfiles includedeb %s %s" % (gpgKeys,repoMirror,distribution,dictSizePackage[size]))
    print " "
    print "Copying the package %s to repository." % dictSizePackage[size]
    i = command.expect(["Please enter passphrase:","Skipping inclusion of","The lock file './db/lockfile' already exists"],timeout=520) 
    if i==0:
        command.sendline(keyringPhrase) 
        print "Added to repository package %s with succeed." % dictSizePackage[size]
    if i==1:
        print 'Package already %s in the repository, not included.' % dictSizePackage[size]
    if i==2:
        print "Attention !!! : Database is locked now. Execute the Script again if the problem persist YOU must delete the file '%sdb/lockfile' and execute the Script again" % packagesSources

Variables packagesSources, distribution, repoMirror, gpgKeys, keyringPhrase must be filled.

• packagesSources: path to the packages.
  
• distribution: distribution to generate.
  
• repoMirror: the new repository path.
  
• gpgKeys: path to the GPG key for sign the packages.
  
• keyringPhrase: secret key phrase.
  

6- Completed!
7- At least you must create a package for share your public GPG key. Here you can learn how to make a simple deb package.
8- Publish it to the web and test it.