You can only deploy Opkg packages to a local repository that has been created with the Opkg Package Type.
You can download packages from a local or a remote Opkg repository.
To create a new local repository that supports Opkg, in the Administration module, go to Repositories | Repositories | Local and set the Package Type to Opkg.
Artifactory supports the common Opkg index scheme which indexes each feed location according to all ipk packages in it.
Deploying a Package Using the UI
To deploy a Opkg package to Artifactory, go to the Artifactory Repository Browser and click the icon.
Select your Opkg repository as the Target Repository, and upload the file you want to deploy.
After you deploy the artifact, you need to wait about one minute for Artifactory to recalculate the repository index and display your upload in the Repository Browser.
You can download ipk packages from Local Opkg Repositories as described above, or from Remote Repositories specified as supporting Opkg packages.
To specify that a Remote Repository supports Opkg packages, set its Package Type to Opkg when it is created.
You can either point the remote to a specific feed (location of a Packages file), i.e.
Or you can specify some base level and point your client to the relevant feeds in it i.e. url is
http://downloads.openwrt.org/chaos_calmer/15.05/ and your
opkg.conf file has the entry
Note that the index files for remote Opkg repositories are stored and renewed according to the Retrieval Cache Period setting.
Configuring the Opkg Client to Work with Artifactory
As there is no "release" of the Opkg client, to support gpg signature verification and basic HTTP authentication that are provided by Artifactory it has to be compiled with the following options:
For example, to compile Opkg on Ubuntu to support these you can use:
Each Opkg feed corresponds to a path in Artifactory where you have chosen to upload ipk packages to. This is where the Packages index is written.
For example, you can add each such feed to your
opkg.conf (default location is /
etc/opkg/opkg.conffile) with entries like:
Signing Opkg Package Indexes
Artifactory uses your GPG public and private keys to sign and verify Opkg package indexes (note that Artifactory signs repository metadata, not packages).
To learn how to generate a GPG key pair and upload it to Artifactory, see Managing Signing Keys.
Once you have GPG key pair, to have Opkg verify signatures created with the private key you uploaded to Artifactory, you need to import the corresponding public key into Opkg's keychain (requires gnupg).
After the key is imported you need to add the
check_signature option in your
opkg.conf file by adding the following entry:
If resolving fails with the following errors:
"opkg_verify_gpg_signature: No sufficiently trusted public keys found." "pkg_src_verify: Signature verification failed for <repoName>."
One of the possible reasons can be that the trust level of the key.pub is not high enough, and should be upgraded.
Authenticated Access to Servers
If you need to access a secured Artifactory server that requires a username and password, you can specify these in your
opkg.conf file by adding the 'http_auth' option:
Encrypting your password
You can use your encrypted password as described in Using Your Secure Password.
REST API Support
The Artifactory REST API provides extensive support for signing keys and recalculating the repository index as follows: