How does it work?
Here is how APT repositories are created and pushed to users.
1.) Packages are downloaded to a specific directory on a server. They can be separated by their first letter, or not, either way, they're located in the same folder.
2.) A list of the packages is saved to the
Packages file. Typically, this is in a folder that's in front of the package folder. This file also contains the checksums, which are used to verify the integrity of a package being installed, as well as the directory location of the package.
Packages file gets compressed with
gzip. This will create a file called
Packages.gz, and is a smaller version of the package list that your system will download. This file is one step before the packages in the directory tree.
InRelease are created. These files are contain metadata about the repository, as well as checksums for packages.
InRelease are signed by the repository's secret key. These files are one step before the packages in the directory tree.
5.) Finally, the updates are pushed to the repository. All the newly created files replace the old ones and updates can roll out to users.
6.) Users download and install packages from their systems. Upon running
sudo apt update, the Debian system will locate the .list package from
/etc/apt/sources.list.d. It checks for the Release, Release.gpg, InRelease, Packages, and public key, and if they can't be located, the command will exit with an error. If successful, packages can be updated with
sudo apt upgrade, and new ones can be installed with
sudo apt install <package name>.