Translation(s): 한국어(Korean) - 简体中文
How to make your own Debian package repository. For the format of a Debian repository, see DebianRepository/Format. To add a third-party repository to your system, see DebianRepository/UseThirdParty.
Care has been taken to provide the most accurate information at the time of writing. Please fix any identified mistakes.
Contents
Debian Repository Types
There are 2 kinds of repositories from a user's perspective:
archive style |
apt line |
status |
||
official archive |
"deb http://example.org/debian unstable main" |
Yes |
Yes |
preferred |
trivial archive |
"deb http://example.org/debian ./" |
No |
Yes |
deprecated |
Both can store actual package files, but trivial archives lack support for pinning, and should be avoided.
Whichever tool you use, please follow the best practices for creating repositories.
Debian Repository Generation Tools
Use one of these programs if you want to maintain your own repository with packages chosen by you.
Preferred for creating large official archives
These tools are designed to support very large repositories, but may be harder to use.
![/!\](/htdocs/debwiki/img/alert.png "/!\"){kind=small}
Consult your web hosting provider before running high-volume repositories!
dak (Debian Archive Kit)
Goals: Hosting the official Debian repositories
Pros:
- is the official solution
Cons:
- depends on python and PostgreSQL
- lacks documentation
- only designed for large repositories
Download: git repository.
Package: (not in Debian)
Dependencies:
postgresql (optional)
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: Yes
OpenPGP signing: Yes
Inclusion of .deb without .changes: No
Several versions of each package: not in the same Packages instance
Guides:
mini-dak
Goals: Hosting new Debian architectures (Partial and lightweight reimplementation of dak in shell script and with no database dependencies)
Pros:
- easy to setup: edit a config file and run a script to generate the whole structure
- no database (the pool is the database)
all .changes files kept for later importing into the master repository
- supports mail notifications
- extensive logging
- auto package obsoleting
- repository snapshotting
supports multiple suites from the Distribution field in the .changes file
- supports "multipool" (splitting each arch into its own pool, to ease partial mirroring)
- supports upload ACLs based on OpenPGP public keys
- mirror push via ssh
Cons:
- slow on huge repositories (mainly due to lack of a database)
- mainly written and tested as a slave archive
- might need to fix some hardcoded stuff to make it work as a master server
- still has some quirks to be fixed
Download: home page
Package: (not in Debian)
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: Yes
OpenPGP signing: Yes
Inclusion of .deb without .changes: No
Several versions of each package: ??
Sites using it:
Preferred for creating small personal archives
These tools are designed to support smaller personal repositories, and may not provide features needed at large scales.
reprepro
(formerly known as mirrorer)
Goals: local Debian package repository storing files in a pool/ directory
Pros:
- Strict checking of what comes in, no database server needed
Cons:
- Lots of different options and commands
- may be harder to learn
- Lots of different options and commands
Package: reprepro
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: Yes
OpenPGP signing: Yes
Inclusion of .deb without .changes: Yes
Several versions of each package: not in the same Packages instance
Guides:
installed at /usr/share/doc/reprepro/manual.html
Short HOWTO (official)
more guides available in the "See also" section
mini-dinstall
Goals: Miniature version of dak
Pros:
- doesn't require a PostgreSQL database
- small footprint
Cons:
- ?
Package: mini-dinstall
Feature support
Automatic repositories: Yes (?)
Incoming mechanism: Yes
Pools: No
OpenPGP signing: Yes (external script and setup example provided in documentation)
Inclusion of .deb without .changes: No
Several versions of each package: Yes (see keep_old option)
Guides:
dput + mini-dinstall to ease people.d.o uploads by Stefano Zacchiroli
for use on people.debian.org
supports secure apt and remote signing
Alternative tools
debarchiver
Goals: a simpler version of dak
Pros:
- easy to use incoming mechanism - even on remote systems - by using a cron-job
- packages can be moved into a distribution by
- reading the Distribution value from .changes file or
- directly putting the whole package into a distributions-incoming directory.
- standard repository (can be pinned)
Cons:
- no Pool-architecture
- some useful checks are missing
- cleaning needs to be done manually
Package: debarchiver
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: No (but suggested somewhere in BTS)
OpenPGP signing: Yes
Inclusion of .deb without .changes: ??
Several versions of each package: ??
Guides:
Italian howto for local Debian package mirroring (similar to apt-proxy)
dpkg-scanpackages and dpkg-scansources
Goals: generate Packages index files
Pros:
- provided by dpkg
can create Release and Contents files without providing *.changes with additional scripts
Cons:
- bare-bones tools
cannot create Release or Contents files by themselves
Package: dpkg
Feature support
Automatic repositories: No
Incoming mechanism: No
Pools: No
OpenPGP signing: No
Inclusion of .deb without .changes: Yes
Several versions of each package: Yes
mkdebidx is a shell (mksh) script that wraps dpkg-scanpackages and dpkg-scansources, generating Release and Release.gpg files, and producing a nice XHTML/1.1 index.
aptly
Goals: Swiss army knife for Debian repository management
Pros:
- supports multiple versions of package in one repo
- has supported for mirroring in the same tool
Cons:
- doesn’t support direct mirroring (publishing original metadata files), so currently there’s no way to preserve Debian signing key.
Download & Documentation: www.aptly.info
Package: aptly
Source: GitHub
Feature support
Automatic repositories: Yes (?)
Incoming mechanism: Yes (inoticoming -> aptly repo include)
Pools: Yes
OpenPGP signing: Yes
Inclusion of .deb without .changes: Yes
Several versions of each package: Yes
Guides:
tutorials (official)
local-apt-repository
Goal: create repo from packages dropped into a directory
Pros:
- simple to use
Cons:
- repository available only to the local host, not to other machines
Package: local-apt-repository
Feature support
Automatic repositories: Yes
Incoming mechanism: Not needed. Packages are added by putting them into a fixed directory
Pools: No
OpenPGP signing: No
Inclusion of .deb without .changes: Yes
Several version of each pacakge: ?
laniakea
Source: GitHub
Pulp
Supports various packaging formats via plugins, including one for Debian.
Website: pulpproject.org
Attune
Website: www.attunehq.com
Source: GitHub
Deprecated tools
debpool
Goals: Lightweight replacement for dak using a pool layout
Pros:
- no external dependencies
- easy to use incoming mechanism
- standard repository (can be pinned)
Cons:
not actively maintained since 2008-10-30 (see latest development)
- no checking of older packages being replaced with new ones
- no notification of what is going on (no mails when new packages are added)
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: Yes
OpenPGP signing: Yes (with gnupg).
Inclusion of .deb without .changes: ??
Several versions of each package: ??
Guides:
DebMarshal
Goals: Maintain multiple snapshots from upstream distros, to permit staging
- built by Google for their use
Pros:
- fast
- no database server needed (BerkeleyDB)
Cons:
- lack of documentation
- hasn't been released (No version available, SVN repo has only trunk)
Download: Google Code
Distributions: (not in Debian)
Feature support
Automatic repositories: Yes
Incoming mechanism: Yes
Pools: Yes
OpenPGP signing: Yes
Inclusion of .deb without .changes: ??
Several versions of each package: ??
Guides:
apt-ftparchive
Goals: superset of dpkg-scanpackages and dpkg-scansources
Pros:
- does not rely on any external programs aside from gzip
creates Release and Contents files without providing *.changes
Cons:
can be slow on large repositories, unless the input file (FileList) is sorted first (e.g. with sort)
Package: apt
Feature support
Automatic repositories: No (Yes with dupload)
Incoming mechanism: No (Yes with custom move cron script with dupload)
Pools: Yes
OpenPGP signing: No (Yes with dupload with script)
Inclusion of .deb without .changes: Yes
Several versions of each package: Yes
debify
Goal: create a signed and properly-structured Debian repository
- wrapper around aptly
Download: https://hub.docker.com/r/spotify/debify/ (docker container)
Source: GitHub
- archived by the owner on Jul 17, 2019
dr
Goals: manage small Debian repositories
Source: GitHub
Documentation: wiki
Package: (not in Debian)
Feature support
Automatic repositories:
Incoming mechanism:
Pools:
OpenPGP signing:
Inclusion of .deb without .changes:
Several versions of each package:
Guides:
Debian Repository Mirroring Tools
Use one of these tools if you need to create a local copy of an existing repo (e.g. because you build a lot of systems and want to reduce bandwidth).
ftpsync
Goals: official archive mirroring tool
Pros:
- is the official solution
- Mirroring with the rsync protocol is strongly recommend
git repository: git clone https://ftp-master.debian.org/git/archvsync.git
Guides:
reprepro
Description: Debian package repository producer
Package: reprepro
Guides:
debmirror
Description: Debian partial mirror script, with ftp and package pool support
Package: debmirror
apt-mirror
Description: APT sources mirroring tool
Package: apt-mirror
debpartial-mirror
Description: tools to create partial Debian mirrors
Package: debpartial-mirror
apt-move
Description: Maintain Debian packages in a package pool
Package: apt-move
anonftpsync (deprecated)
Description: previous official mirroring tool
Pros:
- ease of use and few dependencies
- bash script
Cons:
- lacks flexibility
- does not implement latest (2012 A.D.) mirror features (deprecated)
Download: anonftpsync
Package: (not in Debian)
Related software
netselect selects the fastest mirrors from a list you give
netselect-apt does the same from all existing mirrors
apt-spy does something similar with a different method.
parse-apt-files.inc produces a nice XHTML summary of available packages in a repository
enhanced version for special usage with (but not limited to) debarchiver
See also
Package signing in Debian (DDP: Securing Debian Manual)
Debian package management internals (DDP: Debian Reference)
debian-administration.org - Setting up a personal secure apt repository (archived)
CategoryPackageManagement | CategoryDeveloper | CategoryPackaging
aptly
Description: Swiss army knife for Debian repository management
Download & Documentation: aptly.info
Package: aptly
Source: GitHub
Guides:
presentation (PDF)