You can set up the following repository types:
Follow the steps according to each repository type below. An Alpine Linux package (apk) is deployed to a local Alpine Linux repository, and resolved using all repository types.
You can download packages from a local, remote, or virtual Alpine Linux repository.
Alpine Linux requires RSA keys by default. To add RSA keys, please refer to RSA Key Pairs.
If you do not configure RSA keys, users have to use the
allow-untrusted flag as described in Resolving a Package.
Artifactory supports the signing of Alpine Linux index files, and not packages. To learn more about creating keys for Alpine Linux packages, click here.
Local repositories enable you to deploy Alpine Linux (.apk) packages. Artifactory calculates the metadata for all packages and indexes them to allow users to download these packages through the Alpine Linux client.
To create an Alpine Linux local repository, navigate to the Administration module, go to Repositories | Repositories | Local | New Local Repository and select Alpine as the Package Type.
In the Advanced tab, you can select an RSA key from the list to sign the Alpine Linux index file.
Remote Repositories enable you to proxy and cache Alpine Linux packages.
To specify that a Remote Repository supports Alpine Linux packages, you need to set its Package Type to Alpine when it is created.
When setting up a Remote Repository, you will have to retrieve the RSA keys manually and set it in the apk client.
You can avoid retrieving the keys manually by aggregating a Remote Repository in a Virtual Repository that will enable you to use the Virtual Repository's key-pair to re-sign the aggregated index file.
In order to do so, configure your Virtual repository with a key-pair and then use Set Me Up to retrieve the Virtual public key to your local machine.
A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories.
This allows you to access both locally hosted Alpine Linux packages and remote proxied Alpine Linux repositories from a single URL defined for the Virtual Repository.
To define a virtual Alpine Linux repository, do the following:
You can select an RSA key-pair from the list to sign the Alpine Linux packages.
The RSA key-pair defined for the virtual repository will be used to sign the virtual index file. In case local repositories are defined with RSA key-pairs, these keys will be ignored.
In order to use Artifactory with your Alpine Linux client, first you need to set Artifactory as an Alpine Linux repository, and then add the relevant RSA public key to verify the index signature. Then you can proceed to resolve and deploy the relevant Alpine Linux package.
In order to verify index signature you need to add the repository RSA public key into your
Copy the public RSA key retrieval command and run it.
If a local or virtual repository do not contain an RSA key-pair, you can either use the
--allow-untrusted flag or request form your Admin to set a key-pair for the repository.
For signed indexes of remote repositories, please refer to Setting up a Remote Repository.
To deploy an Alpine Linux package into an Artifactory repository you can use the following cURL with the relevant path parameters:
curl -H 'X-JFrog-Art-Api:<API_KEY>' -XPUT "https://localhost:8080/artifactory/alpine-local/<BRANCH>/<REPOSITORY>/<ARCHITECTURE>/<ALPINE_PACKAGE_NAME>" -T <PATH_TO_FILE>
To deploy an Alpine Linux package to Artifactory, do the following:
For your files to be indexed properly, it is very important to ensure that all deployment of Alpine Linux packages into Artifactory occurs under the
Artifactory writes several entries from the Alpine Linux package's metadata as properties on all of the artifacts.
These properties can be used to search for Alpine Linux packages more efficiently using the Artifacts Search, by Package type Alpine.
Alpine Linux package properties are the following:
The Artifactory REST API enables the recalculation of the repository index, as described in Calculate Alpine Repository Metadata.