Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

 

 

Overview

From version 3.3, Artifactory supports Debian repositories whether they use the current Automatic Debian architecture or the deprecated Trivial architecture. As a fully-fledged Debian repository, Artifactory generates index files that are fully compliant with Debian clients.

Artifactory support for Debian provides:

  1. The ability to provision Debian packages from Artifactory to a Debian client from local and remote repositories.
  2. Calculation of Metadata for Debian packages hosted in Artiafctory's local repositories.
  3. Access to remote Debian resources (such as us.archive.ubuntu.com) through Remote Repositories which provide the usual proxy and caching functionality.
  4. Providing GPG signatures that can be used by Debian clients to verify packages.
  5. Complete management of GPG signatures using the Artifactory UI and the REST API.

Configuration

You can only deploy Debian packages to a local repository that has been created with the Debian Package Type.

You can download packages from a local or a remote Debian repository.

Page Contents

Local Repositories

To create a new local repository that supports Debian, under the Basic settings, set the Package Type to be Debian.

If you are using Debian with a Trivial layout, in the Debian Settings section, set the Trivial Layout checkbox.

Deploying a package using the UI

To deploy a Debian package to Artifactory, in the Artifactory Repository Browser, click Deploy.

Select your Debian repository as the Target Repository, upload the file you want to deploy.

Check the Deploy as Debian Artifact checkbox and fill in the Distribution, Component and Architecture fields in the Debian Artifact section. Notice that the Target Path is automatically updated to reflect your input.

 

Setting the target path manually? Be careful with spaces

We recommend using the fields in the Debian Artifact section to set your Target Path. Nevertheless, if you choose to specify the Target Path manually, make sure you don't enter any superfluous spaces.

For example to upload package planckdb-08-2015.deb, and specify that its layout is from the trusty distribution, in the main component and the i386 architecture, you would enter:

pool/planckdb-08-2015.deb;deb.distribution=trusty;deb.component=main;deb.architecture=i386


You can also deploy Debian packages to Artifactory with an explicit URL using Matrix Parameters.

After you deploy the artifact, you need to wait about one minute for Artifactory to recalculate the repository index and display your upload in the Repository Browser.

Once you have deployed your Debian package, and Artifactory has recalculated the repository index, your repository should be organized as displayed below:

Deploying a package using Matrix Parameters

The URL is built similarly to the Target Path format as follows:

 

Deploying a package using Matrix Parameters
PUT "http://$ARTIFACTORY_HOME/{debianRepoKey}/pool/{debianPackageName};deb.distribution={distribution};deb.component={component};deb.architecture={architecture}" 

For example, to upload package libatk1.0_i386.deb, and specify that its layout is from the wheezy distribution, in the main component and the i386 architecture, you would enter:

Example
PUT "http://localhost:8080/artifactory/debian-local/pool/libatk1.0_i386.deb;deb.distribution=wheezy;deb.component=main;deb.architecture=i386"

Setting the Target Path

The Target Path needs to be entered in a strict and specific format that uses system properties to define where the artifact will be stored and its specific layout as follows:

Target Path Format
[path];deb.distribution=[distribution];deb.component=[component];deb.architecture=[architecture]
path

The repository path where the package should be stored.

Artifactory supports storing Debian packages anywhere within the repository. The examples on this page show Debian packages stored under the pool folder in accordance with the Debian convention.

distribution
The value to assign to the deb.distribution property used to specify the Debian package distribution
component
The value to assign to the deb.component property used to specify the Debian package component name
architecture
The value to assign to the deb.architecture property used to specify the Debian package architecture

Adding Architecture Independent Packages

Uploading a Debian package with deb.architecture=all will cause it to appear in the Packages index of all the other architectures under the same Distribution and Component, as well as under a new index branch called binary-all which holds all Debian packages that are marked as "all'.
Removing an "all" Debian package will also remove it from all other indexes under the same Distribution and Component.
When the last Debian package in an architecture is removed but the Packages index still contains an "all" Debian package, it is preserved in the index. 
If you want such an architecture index removed you may do so via the UI or using Calculate Debian Repository Metadata in the REST API, which cleans up orphaned package files from the index.

Specifying multiple layouts

Whether uploading a package using the UI or Matrix Parameters, you can specify multiple layouts for any Debian package you upload, by including additional values for the distribution, component or architecture separated by a comma, 

For example, to upload package libatk1.0_i386.deb to both wheezy and trusty distributions, in both main and contrib components and both i386 and 64bit-arm architectures you would specify the following Target Path to upload using the UI:

Target path for multiple layouts
pool/libatk1.0_i386.deb;deb.distribution=wheezy;deb.distribution=trusty;deb.component=main;deb.component=contrib;deb.architecture=i386;deb.architecture=64bit-arm

Correspondingly, to upload the file using Matrix Parameters, you would use the following:

Multiple layouts using Matrix Parameters
PUT "http://localhost:8080/artifactory/debian-local/pool/libatk1.0_i386.deb;deb.distribution=wheezy;deb.distribution=trusty;deb.component=main;deb.component=contrib;deb.architecture=i386;deb.architecture=64bit-arm"

Artifact Metadata

From version 4.4, Artifactory writes several entries from the Debian package's metadata as properties on all of the artifacts (based on the control file's content).

These properties can be used to search for Debian packages more efficiently using Arifactory's Package Search.

Metadata properties are written for each new Artifact that is deployed to Artifactory.

To have these properties written to Debian artifacts that already exist in your repositories you need to call the Calculate Debian Repository Metadata REST API which writes the properties to all of the artifacts by default.

Metadata Validation

To ensure that Debian repositories are not corrupted by malformed packages, Artifactory first validates parts of the Debian metadata to make sure that none of the relevant metadata fields are empty. If the validation process indicates a malformed package, Artifactory provides several indications:

  • The package is not indexed
  • The package is annotated with the following property:
    • key: deb.index.status
    • value: the reason the package failed the validation process
  • If the package is selected in the Tree Browser, the Debian Info tab will display a message indicating that it was not indexed and why it failed the validation process

Debian Info

  • A message is logged in the Artifactory log file indicating that the package was not indexed and why it failed the validation process.

 

Disable validation

Debian package validation is controlled by the debian.metadata.validation system property. Package validation is enabled by default. To disable Debian package validation set:
debian.metadata.validation=false

Finding malformed packages

To easily find all malformed packages in your Debian repositories, you can use Property Search or run an AQL query with Properties Criteria on the deb.index.status property described above.


Remote Repositories

You can download Debian packages from Local Debian Repositories as described above, or from Remote Repositories specified as supporting Debian packages.

To specify that a Remote Repository supports Debian packages, you need to set its Package Type to Debian when it is created.

Note that the index files for remote Debian repositories (including the sources index) are stored and renewed according to the Retrieval Cache Period setting.


Signing Debian Packages

Artifactory supports signing Debian packages using a GPG key. This process will create a signed Release file named Release.gpg that will be shipped alongside the Release file. Artifactory will store and manage public and private keys that are used to sign and verify Debian packages.

To generate a pair of GPG keys and upload them to Artifactory, please refer to GPG Signing.


Adding MD5 Checksum to the Packages file

To support tools (e.g.  Aptly) that require Debian packages to include their MD5 checksum in their Packages metadata file for validation, you can configure Artifactory to add this value by setting the following system property in the artifactory.system.properties file:

## Add package MD5 checksum to Debian Packages file 
#artifactory.debian.metadata.calculateMd5InPackagesFiles=true

Artifactory needs to be restarted for this change to take efffect.


Authenticated Access to Servers

If you need to access a secured Artifactory server that requires a username and password, you can specify these in your Debian source.list file by prefixing the artifactory host name with the required credentials as follows:

Accessing Artifactory with credentials
http://user:password@$ARTIFACTORY_HOME/{repoKey} {distribution} {components}
For example:
http://admin:password@localhost:8081/artifactory/debian-local wheezy main restricted

Encrypting your password

You can use your encrypted password as described in Using Your Secure Password.


Compression Formats

Artifactory supports the following compression formats for Debian indices:

  • Gzip (.gz file extension)
  • Bzip2 (.bz2 file extension)

Acquiring Packages by Hash

From version 5.5.2, Artifactory supports the acquire-by-hash functionality of APT clients for Debian repositories laid out using the Automatic architecture (Trivial architecture is not supported for acquiring packages by hash). This feature is supported by two system properties:

debian.use.acquire.byhash

[default: true]

When true, the value of acquire-by-hash in Debian release files is set to true allowing APT clients to access Debian packages by their checksums (MD5, SHA1, SHA256). To allow this, Artifactory will add the "by-hash" layout to all Debian repositories

debian.packages.byhash.history.cycles.to.Keep

[default: 3]

Specifies the number of cycles of package file history to save when acquire-by-hash is enabled

 


REST API Support

The Artifactory REST API provides extensive support for Debian signing keys and recalculating the repository index as follows:


Watch the Screencast



 

  • No labels