Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• HowToSetupA...nRepository

Translation(s): 한국어(Korean)

This document summarises setting up a Debian package repository.

I have taken care to provide the most accurate information at the time of writing but should you find any mistakes, please fix them.

Archive Types

There are 2 kinds of repositories from user's perspective:

These archives have different meta-data structure. Both archives can store actual package files. Many older repository HOWTOs (e.g. old "Debian Reference (sarge)" and "APT HOWTO (sarge)") address creation of a "trivial archive" and are problematic since the "trivial archive" lacks support for apt-pinning and modern secure APT due to the collision of 2 types of Release files.

For creating something similar to the official archive, there are some good packages to help you but they tend to require a database server.

Available Tools

anonftpsync

• Goals: Painless partial or complete mirroring
• Pro: Ease of use and few dependencies, bash script

• Con: Lacks flexibility and does not implement latest, 2012 A.D., mirror features, documentation are comments in the script, update requires up to 80GB free disk space, does not automatically notify remote repository, obsoleted by vastly superior ftpsync

• Download: anonftpsync

• Distributions: not in Debian
• Dependencies: rsync
• Automatic repositories: Yes
• Incoming mechanism: No
• Pools: Yes
• GPG signing: No

dak (Debian Archive Kit)

• Goals: Packaging of the tools handling the official Debian repositories.
• Pro: Real stuff.
• Cons: Depends on python and PostgreSQL (even if on an other host), lack of documentation, designed for large repositories.

• Download: git repository.

• Distributions: not in Debian
• Dependencies:
  • python
  • postgresql (optional)
• Automatic repositories: Yes
• Incoming mechanism: Yes
• Pools: Yes
• GPG signing: Yes

• Wiki Page: dak

mini-dak

• Goals: Partial and lightweight reimplementation of dak in shell script and with no database dependencies, "designed" to host new Debian architectures.
• Pro:
  • easy to setup: edit a config file and run a script to generate the whole structure
  • no database (the pool is the database)
  • all .changes files kept for later possible importing into the master repository
  • supports mail notifications and does extensive logging
  • auto package obsoleting
  • repository snapshotting
  • supports multiple suites from the Distribution field on the .changes file
  • additionally supports multipool (splitting each arch into its own pool, to ease partial mirroring)
  • supports upload ACLs based on gpg public keys
  • mirror push via ssh
• Cons:
  • slow on huge repositories (due to not using a real db mainly)
  • has been written and tested mainly as a slave archive, so might have some hardcoded stuff which should be fixed to make it work as a master server
  • still has some quirks to be fixed

• Download: http://www.hadrons.org/~guillem/debian/mini-dak/

• Distributions: not in Debian
• Dependencies: ('grep Requires: *' on the source tree)
  • apt-utils
  • procmail
  • gnupg
  • wget
  • ssh (optional)
  • bzip2 (optional)
  • quinn-diff (optional)
• Automatic repositories: Yes
• Incoming mechanism: Yes
• Pools: Yes
• GPG signing: Yes
• Sites using it:

  • debian-ports

  • debian-avr32

  • nexenta

reprepro (formerly known as mirrorer)

• Goals: Local Debian package repository storing files in a pool/ directory.
• Pro: Strict checking of what comes in, no database server needed.
• Cons: ?

• Package: reprepro

• Distributions: stable, testing, unstable and squeeze-backports

• Dependencies: unstable/utils/reprepro

• Automatic repositories: Yes
• Incoming mechanism: Yes
• Pools: Yes
• GPG signing: Yes

• Manual: Yes

• HOWTOs:

  • Setting up signed apt repository with reprepro

  • Setting up your own automatic Debian repository see this article on reprepro. The link is rather outdated, but still contains some useful information.

  • Setting up reprepro with apache2 and sign key (in italian language) http://www.biziowp.it/reprepro-repository-debian-329/

  • Creating your own Signed APT Repository and Debian Packages by Jon Cowie

mini-dinstall

• Goals: Miniature version of dak.
• Pro:
  • Doesn't require a PostgreSQL database.
  • small footprint

• Package: mini-dinstall

• Distributions: stable, testing, unstable

• Dependencies: unstable/devel/mini-dinstall

  • apt-utils
  • python2.3
  • python-apt
• Automatic repositories: Yes (?)
• Incoming mechanism: Yes
• Pools: No
• GPG signing: Yes (external script and setup example provided in documentation)

apt-ftparchive

• Goals: Superset of dpkg-scanpackages and dpkg-scansources.
• Pro: Does not rely on any external programs aside from gzip. Creates Release and Contents files.
• Cons:

• Package: apt

• Distributions: oldstable, stable, testing, unstable, experimental

• Dependencies: unstable/admin/apt-utils

• Automatic repositories: No (Yes with dupload)
• Incoming mechanism: No (Yes with custom move cron script with dupload)
• Pools: Yes
• GPG signing: No (Yes with dupload with script)
• HOWTOs:

  • Debian Reference (lenny) -- SecureAPT in combination with dupload (aimed at someone who has shell access to a web server)

  • apt-ftparchive generate Roberto Sanchez how-to -- he now recommends to use reprepro

debarchiver

• Goals: Make a simpler version of dak.
• Pro:
  • easy to use incoming mechanism - even on remote systems - by using a cron-job
  • packages can be moved into a distribution by
    1. reading the Distribution value from .changes file or
    2. directly putting the whole package into a distributions-incoming directory.
  • standard repository (can be pinned)
• Cons:
  • no Pool-architecture at the moment
  • some useful checks are missing
  • cleaning needs to be done manually

• Package: debarchiver

• Distributions: oldstable, stable, testing, unstable

• Dependencies: unstable/devel/debarchiver

  • adduser
  • apt-utils (recommended) | dpkg-dev
  • opalmod (Perl modules)
  • gnupg (optional)
• Automatic repositories: Yes
• Incoming mechanism: Yes

• Pools: No (but suggested somewhere at BTS).

• GPG signing: Yes (with gnupg, post-Sarge feature).

• A debarchiver how-to. An other nice debarchiver how-to (in German). An Italian howto for local Debian package mirroring (similar to apt-proxy).

• An example of a repository produced with debarchiver.

dpkg-scanpackages and dpkg-scansources

• Goals:
• Pro:
• Cons: Cannot create Release nor Contents files.

• Package: dpkg

• Distributions: oldstable, stable, testing, unstable

• Dependencies: unstable/utils/dpkg-dev

• Automatic repositories: No
• Incoming mechanism: No
• Pools: No
• GPG signing: No

• HOWTO: Aaron Isotton how-to

debpool

• Goals: Lightweight replacement for dak using a pool layout.
• Pro:
  • No external dependencies.
  • easy to use incoming mechanism
  • standard repository (can be pinned)
• Cons:

  • not actively maintained since 2008-10-30 (see latest development)

  • no checking of older packages being replaced with new ones
  • no notification of what is going on (no mails when new packages are added)

• Package: debpool

• Distributions: experimental

• Dependencies:
  • perl
  • gnupg (optional)
• Automatic repositories: Yes
• Incoming mechanism: Yes
• Pools: Yes
• GPG signing: Yes (with gnupg).

• Wiki page: debpool

DebMarshal

• Goals: Maintain multiple snapshots from upstream distros, to permit staging.
• Pro: Fast, no database server needed (BerkeleyDB).
• Cons: Lack of documentation. Hasn't been released (No version available, SVN repo has only trunk).

• Download: http://code.google.com/p/debmarshal/

• Distributions: not in Debian
• Automatic repositories: Yes
• Incoming mechanism: Yes
• Pools: Yes
• GPG signing: Yes

Built by Google for their use.

Related software

• netselect selects the fastest mirrors from a list you give, and netselect-apt does the same from all existing mirrors.

• apt-spy does something similar with a different method.

• dput uploads one or more Debian packages into a repository.

• parse-apt-files.inc PHP-script by Jarno Elonen produces a nice XHTML-summary of available packages in a repository - enhanced version for special usage with (but not limited to) debarchiver. There seems to be some efforts to develop a wordpress-plugin based on these scripts.

• mkdebidx is a shell (mksh) script wrapping dpkg-scanpackages, dpkg-scansources, generating Release and Release.gpg files, and producing a nice XHTML/1.1 index (currently only package-centric view, but dist-/suite-centric views planned) of packages in a full, pinnable, repository with multiple dists and suites (only scales up to a hundred or two packages though; with 904 packages in a repository at the employer, 900 of them in one dist+suite, it takes a while to finish but still works). There may be plans to write a FusionForge plugin for repository handling based on this.

HowTos

How to setup a mini-dinstall repository on people.debian.org

• A howto is available for quickly setting up mini-dinstall on people.debian.org. It supports secure apt and remote signing.

See also

• software-properties-gtk

CategoryPackageManagement