Need help with other JFrog products?
Using the latest JFrog Artifactory version? See the documentation here.
Deploying a package using the UI
To deploy a Debian package to Artifactory, in the Artifactory Repository Browser, click Deploy.
Select your Debian repository as the Target Repository, upload the file you want to deploy.
Check the Deploy as Debian Artifact checkbox and fill in the Distribution, Component and Architecture fields in the Debian Artifact section. Notice that the Target Path is automatically updated to reflect your input.
Setting the target path manually? Be careful with spaces
We recommend using the fields in the Debian Artifact section to set your Target Path. Nevertheless, if you choose to specify the Target Path manually, make sure you don't enter any superfluous spaces.
For example to upload package planckdb-08-2015.deb, and specify that its layout is from the trusty distribution, in the main component and the i386 architecture, you would enter:
You can also deploy Debian packages to Artifactory with an explicit URL using Matrix Parameters.
After you deploy the artifact, you need to wait about one minute for Artifactory to recalculate the repository index and display your upload in the Repository Browser.
Once you have deployed your Debian package, and Artifactory has recalculated the repository index, your repository should be organized as displayed below:
Deploying a package using Matrix Parameters
The URL is built similarly to the Target Path format as follows:
For example, to upload package libatk1.0_i386.deb, and specify that its layout is from the wheezy distribution, in the main component and the i386 architecture, you would enter:
Setting the Target Path
The Target Path needs to be entered in a strict and specific format that uses system properties to define where the artifact will be stored and its specific layout as follows:
The repository path where the package should be stored.
Artifactory supports storing Debian packages anywhere within the repository. The examples on this page show Debian packages stored under the pool folder in accordance with the Debian convention.
|The value to assign to the |
|The value to assign to the |
|The value to assign to the |
Adding Architecture Independent Packages
deb.architecture=allwill cause it to appear in the Packages index of all the other architectures under the same Distribution and Component, as well as under a new index branch called
binary-allwhich holds all Debian packages that are marked as "all'.
Specifying multiple layouts
Whether uploading a package using the UI or Matrix Parameters, you can specify multiple layouts for any Debian package you upload, by including additional values for the distribution, component or architecture separated by a comma,
For example, to upload package libatk1.0_i386.deb to both wheezy and trusty distributions, in both main and contrib components and both i386 and 64bit-arm architectures you would specify the following Target Path to upload using the UI:
Correspondingly, to upload the file using Matrix Parameters, you would use the following:
From version 4.4, Artifactory writes several entries from the Debian package's metadata as properties on all of the artifacts (based on the control file's content).
These properties can be used to search for Debian packages more efficiently using Arifactory's Package Search.
Metadata properties are written for each new Artifact that is deployed to Artifactory.
To have these properties written to Debian artifacts that already exist in your repositories you need to call the Calculate Debian Repository Metadata REST API which writes the properties to all of the artifacts by default.
To ensure that Debian repositories are not corrupted by malformed packages, Artifactory first validates parts of the Debian metadata to make sure that none of the relevant metadata fields are empty. If the validation process indicates a malformed package, Artifactory provides several indications:
- The package is not indexed
- The package is annotated with the following property:
- key: deb.index.status
- value: the reason the package failed the validation process
- If the package is selected in the Tree Browser, the Debian Info tab will display a message indicating that it was not indexed and why it failed the validation process
- A message is logged in the Artifactory log file indicating that the package was not indexed and why it failed the validation process.
debian.metadata.validationsystem property. Package validation is enabled by default. To disable Debian package validation set:
Finding malformed packages
You can download Debian packages from Local Debian Repositories as described above, or from Remote Repositories specified as supporting Debian packages.
To specify that a Remote Repository supports Debian packages, you need to set its Package Type to Debian when it is created.
Note that the index files for remote Debian repositories (including the sources index) are stored and renewed according to the Retrieval Cache Period setting.
Calculating Debian Coordinates
You can extract the component/distribution/architecture coordinates from a remote repository and assign them as properties on the cached packages.
To do this, right click on the relevant remote Debian repository and and select ‘Calculate Debian Coordinates’. You can also use the Calculate Cached Remote Debian Repository Coordinates REST API.
This process may take some time for remote repositories with many packages. It is recommended running it only when needed. For example, before copying packages to a local repository.
The following executions will only calculate the newly added packages to the cache.
A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories.
This allows you to access both locally hosted Debian packages and remote proxied Debian repositories from a single URL defined for the virtual repository.
To define a virtual Debian repository, create a virtual repository, set the Package Type to be Debian, and select the underlying local and remote Debian repositories to include in the Basic settings tab.
Deprecated Trivial layout not supported
Only repositories with an Automatic Layout can be included in a virtual repositories. A deprecated Trivial layout is not supported for virtual repositories.
Indexed Remote Architectures
When creating a new virtual repository, the Indexed Remote Architectures field specifies the architectures which will be indexed for the included remote repositories.
Specifying these architectures will speed up Artifactory's initial metadata indexing process. The default architecture values are amd64 and i386.
Set the Optional Index Compression Formats with the index file formats you would like to create in addition to the default Gzip (.gzip extension).
Signing Debian Metadata
Artifactory supports signing Debian packages using a GPG key. This process will create a signed Release file named Release.gpg that will be shipped alongside the Release file. Artifactory will store and manage public and private keys that are used to sign and verify Debian packages.
To generate a pair of GPG keys and upload them to Artifactory, please refer to GPG Signing.
Adding MD5 Checksum to the Packages file
To support tools (e.g.
Aptly) that require Debian packages to include their MD5 checksum in their
Packages metadata file for validation, you can configure Artifactory to add this value by setting the following system property in the artifactory.system.properties file:
Artifactory needs to be restarted for this change to take effect.
Authenticated Access to Servers
If you need to access a secured Artifactory server that requires a username and password, you can specify these in your Debian
source.list file by prefixing the artifactory host name with the required credentials as follows:
Encrypting your password
You can use your encrypted password as described in Using Your Secure Password.
Artifactory supports the following compression formats for Debian indices:
- Gzip (.gz file extension) - created by default for every Debian repository and cannot be disabled.
- Bzip2 (.bz2 file extension)
- LZMA (.lzma extension)
- XZ (.xz extension)
Acquiring Packages by Hash
From version 5.5.2, Artifactory supports the acquire-by-hash functionality of APT clients for Debian repositories laid out using the Automatic architecture (Trivial architecture is not supported for acquiring packages by hash). This feature is supported by two system properties:
When true, the value of acquire-by-hash in Debian release files is set to true allowing APT clients to access Debian packages by their checksums (MD5, SHA1, SHA256). To allow this, Artifactory will add the "by-hash" layout to all Debian repositories
Specifies the number of cycles of package file history to save when acquire-by-hash is enabled
REST API Support
The Artifactory REST API provides extensive support for Debian signing keys and recalculating the repository index as follows: