From version 3.3, Artifactory supports Debian repositories whether they use the current Automatic Debian architecture or the deprecated Trivial architecture. As a fully-fledged Debian repository, Artifactory generates index files that are fully compliant with Debian clients.
Artifactory support for Debian provides:
- The ability to provision Debian packages from Artifactory to a Debian client from local and remote repositories.
- Calculation of Metadata for Debian packages hosted in Artiafctory's local repositories.
- Access to remote Debian resources (such as
us.archive.ubuntu.com) through Remote Repositories which provide the usual proxy and caching functionality.
- Providing GPG signatures that can be used by Debian clients to verify packages.
- Complete management of GPG signatures using the Artifactory UI and the REST API.
You can only deploy Debian packages to a local repository that has been created with the Debian Package Type.
You can download packages from a local or a remote Debian repository.
To create a new local repository that supports Debian, go to the Admin module under Repositories | Local and click "New". Under the Basic settings, set the Package Type to be Debian.
If you are using Debian with a Trivial layout, in the Debian Settings section, set the Trivial Layout checkbox.
Set the Optional Index Compression Formats with the index file formats you would like to create in addition to the default Gzip (.gzip extension) which is created for every Debian repository and cannot be disabled. Additional index file formats can also be created using the LocalRepository REST API.
Deploying a package using the UI
To deploy a Debian package to Artifactory, in the Artifactory Repository Browser, click Deploy.
Select your Debian repository as the Target Repository, upload the file you want to deploy.
Check the Deploy as Debian Artifact checkbox and fill in the Distribution, Component and Architecture fields in the Debian Artifact section. Notice that the Target Path is automatically updated to reflect your input.
Setting the target path manually? Be careful with spaces
We recommend using the fields in the Debian Artifact section to set your Target Path. Nevertheless, if you choose to specify the Target Path manually, make sure you don't enter any superfluous spaces.
For example to upload package planckdb-08-2015.deb, and specify that its layout is from the trusty distribution, in the main component and the i386 architecture, you would enter:
You can also deploy Debian packages to Artifactory with an explicit URL using Matrix Parameters.
After you deploy the artifact, you need to wait about one minute for Artifactory to recalculate the repository index and display your upload in the Repository Browser.
Once you have deployed your Debian package, and Artifactory has recalculated the repository index, your repository should be organized as displayed below:
Deploying a package using Matrix Parameters
The URL is built similarly to the Target Path format as follows:
For example, to upload package libatk1.0_i386.deb, and specify that its layout is from the wheezy distribution, in the main component and the i386 architecture, you would enter:
Setting the Target Path
The Target Path needs to be entered in a strict and specific format that uses system properties to define where the artifact will be stored and its specific layout as follows:
The repository path where the package should be stored.
Artifactory supports storing Debian packages anywhere within the repository. The examples on this page show Debian packages stored under the pool folder in accordance with the Debian convention.
|The value to assign to the |
|The value to assign to the |
|The value to assign to the |
Adding Architecture Independent Packages
deb.architecture=allwill cause it to appear in the Packages index of all the other architectures under the same Distribution and Component, as well as under a new index branch called
binary-allwhich holds all Debian packages that are marked as "all'.
Specifying multiple layouts
Whether uploading a package using the UI or Matrix Parameters, you can specify multiple layouts for any Debian package you upload, by including additional values for the distribution, component or architecture separated by a comma,
For example, to upload package libatk1.0_i386.deb to both wheezy and trusty distributions, in both main and contrib components and both i386 and 64bit-arm architectures you would specify the following Target Path to upload using the UI:
Correspondingly, to upload the file using Matrix Parameters, you would use the following:
From version 4.4, Artifactory writes several entries from the Debian package's metadata as properties on all of the artifacts (based on the control file's content).
These properties can be used to search for Debian packages more efficiently using Arifactory's Package Search.
Metadata properties are written for each new Artifact that is deployed to Artifactory.
To have these properties written to Debian artifacts that already exist in your repositories you need to call the Calculate Debian Repository Metadata REST API which writes the properties to all of the artifacts by default.
To ensure that Debian repositories are not corrupted by malformed packages, Artifactory first validates parts of the Debian metadata to make sure that none of the relevant metadata fields are empty. If the validation process indicates a malformed package, Artifactory provides several indications:
- The package is not indexed
- The package is annotated with the following property:
- key: deb.index.status
- value: the reason the package failed the validation process
- If the package is selected in the Tree Browser, the Debian Info tab will display a message indicating that it was not indexed and why it failed the validation process
- A message is logged in the Artifactory log file indicating that the package was not indexed and why it failed the validation process.
debian.metadata.validationsystem property. Package validation is enabled by default. To disable Debian package validation set:
Finding malformed packages
You can download Debian packages from Local Debian Repositories as described above, or from Remote Repositories specified as supporting Debian packages.
To specify that a Remote Repository supports Debian packages, you need to set its Package Type to Debian when it is created.
Note that the index files for remote Debian repositories (including the sources index) are stored and renewed according to the Retrieval Cache Period setting.
Signing Debian Packages
Artifactory supports signing Debian packages using a GPG key. This process will create a signed Release file named Release.gpg that will be shipped alongside the Release file. Artifactory will store and manage public and private keys that are used to sign and verify Debian packages.
To generate a pair of GPG keys and upload them to Artifactory, please refer to GPG Signing.
Adding MD5 Checksum to the Packages file
To support tools (e.g.
Aptly) that require Debian packages to include their MD5 checksum in their
Packages metadata file for validation, you can configure Artifactory to add this value by setting the following system property in the artifactory.system.properties file:
Artifactory needs to be restarted for this change to take efffect.
Authenticated Access to Servers
If you need to access a secured Artifactory server that requires a username and password, you can specify these in your Debian
source.list file by prefixing the artifactory host name with the required credentials as follows:
Encrypting your password
You can use your encrypted password as described in Using Your Secure Password.
Artifactory supports the following compression formats for Debian indices:
- Gzip (.gz file extension) - created by default for every Debian repository and cannot be disabled.
- Bzip2 (.bz2 file extension)
- LZMA (.lzma extension)
- XZ (.xz extension)
Acquiring Packages by Hash
From version 5.5.2, Artifactory supports the acquire-by-hash functionality of APT clients for Debian repositories laid out using the Automatic architecture (Trivial architecture is not supported for acquiring packages by hash). This feature is supported by two system properties:
When true, the value of acquire-by-hash in Debian release files is set to true allowing APT clients to access Debian packages by their checksums (MD5, SHA1, SHA256). To allow this, Artifactory will add the "by-hash" layout to all Debian repositories
Specifies the number of cycles of package file history to save when acquire-by-hash is enabled
REST API Support
The Artifactory REST API provides extensive support for Debian signing keys and recalculating the repository index as follows:
Watch the Screencast