Apt Repositories

Available in Nexus Repository OSS and Nexus Repository Pro

Introduction

Debian and systems based on it like Ubuntu, Linux Mint, and Raspbian uses the same package management system. APT (Advanced Package Tool) is a set of tools for managing Debian packages, and therefore the applications installed on your Debian system. It provides a wide set of operations like searching repositories, installing packages with their dependencies, and managing upgrades.

Nexus Repository Manager supports the Apt repository format for proxy repositories as well as for hosted repositories. Proxy repositories give you several significant advantages. You are no longer dependent on the availability of public repositories and an external network connection. When packages are cached, you can snapshot metadata and be sure all packages will be available even when removed from the remote repository. With hosted repositories, you have reliable storage for your own and third-party packages.

This format is disabled by default in NXRM Pro HA-C environments.


Proxying Apt Repositories

You can set up a Apt proxy repository to access a remote repository location.

To proxy a Apt repository, you simply create a new apt (proxy) as documented in  Repository Management.

Minimal configuration steps are:

  • Define Name e.g. apt-proxy
  • Define URL for Remote storage, e.g. http://archive.ubuntu.com/ubuntu/
  • Pick a Blob store for Storage
  • If the remote repository has a flat format, set the Flat checkbox.
We do not create a default Apt proxy repository as there are many. Determine which repositories are appropriate for your environment.

Hosting Apt Repositories

A hosted repository for Apt can be used to upload your packages as well as third-party packages. To host Apt packages, create a new apt (hosted) repository as documented in Repository Management.

When creating a Apt Hosted repository you need to generate a PGP signing key pair or use an existing one. The current implementation of Apt hosted repository signs only metadata. Nexus Repository Manager does not sign packages. If you want to use signed .deb and .udeb packages, upload to the repository already signed files. 

Generate a key pair in a Linux system with the following commands:

apt-get update
apt-get install gpg
gpg --gen-key
gpg --list-keys
cd <path to the foolder to import the key pair>
gpg --armor --output public.gpg.key --export <gpg key Id>
gpg --armor --output private.gpg.key --export-secret-key <gpg key Id>

A key ID looks like: '515F58C16D58E682E91ACEFF17B5C97F9A816AD7'

Minimal configuration steps are:

  • Define Name e.g. apt-hosted
  • Put the private pgp key into Signing Key field, as described above
  • Put the passphrase for the private signing key into the  Passphrase field if you have defined one.
  • Pick a Blob store for Storage

To use an Apt hosted repository you need to export the gpg public key into your Linux system. Use the public key (public.gpg.key) from the key pair generated above.

apt-get update
apt-get install gnupg
apt-key add <full folder path in the container>/public.gpg.key

Deploying Packages to Apt Hosted Repositories

You can use HTTP PUT or use Upload in the UI, as documented here, to upload packages to Apt hosted repository.

The following example uses the  curl  command and example credentials of admin for user and admin123 for password to upload a test.deb file to a hosted Apt repository :

curl -u "admin:admin123" -X POST -H "Content-Type: multipart/form-data" --data-binary "./test.deb" "http://localhost:8081/repository/apt-hosted"

Browsing Apt Repositories and Searching Packages

You can browse Apt repositories in the user interface inspecting the components and assets and their details, as described in  Browsing Repositories and Repository Groups.

Searching for Apt packages can be performed in the user interface, too. It finds all packages that are currently stored in the repository manager, as described in  Searching for Components.

Configuring Apt Client

If you already loaded a metadata using apt update commands first clean it by removing all files from /var/lib/apt/lists/.

To configure the Apt client to work with Nexus Repository Manager edit the file /etc/apt/sources.list. Add the following line if you want to add the repository to the list, or replace the content of the file if you're going to use only your repository:

deb <repository URL> <distribution> main

For a hosted repository you should use the <distribution> from the repository properties. For a proxy repository, the <distribution> should be the same as in the original remote repository settings.

You can get the <repository URL> from the table in Browsing Repositories and Repository Groups via the UI.

Taking a Snapshot of a repository metadata

A snapshot in terms of the Apt repository is a named static copy of metadata of the repository. Changes in the repository will not cause any changes in the snapshot. A snapshot does NOT contain any binary files. So be ready if the content of the repository changed the snapshot can include some invalid metadata.

Available snapshots can be viewed in UI Browse in the /snapshots  folder. Files of a particular snapshot are available in /snapshots/<snapshot Id> folder.

Snapshots functionality is available for both proxy and hosted repositories.

You can use a snapshot to set up an apt client. The URL of the snapshot is <URL of the repository>/snapshots/<snapshot Id>.  For example:  http://localhost:8081/repository/apt-proxy/snapshots/release123.

Snapshots functionality is useful in following cases:

  • Create a snapshot and use it as a repository for a proxy repository. In this case, you are sure that packages will not be updated or removed because of changes in the remote repository. 

To use the removed in the remote repository package, this package must be cached in the proxy repository. If not, you are aware about changed remote repository, the updated package will not be installed.

  • Use snapshots for the hosted repository to freeze versions of all packages. If someone has changed the content of the repository, you are aware about changed remote repository, the updated package will not be installed.

There are two variants to create a snapshot:

  • To snapshot all metadata of the repository use a HTTP MKCOL request. The following example uses the  curl command and example credentials of admin for user and admin123 for password to create a snapshot with the id release123:
curl -u "admin:admin123" -X MKCOL "http://localhost:8081/repository/apt-proxy/snapshots/release123"
  • To snapshot filtered by architectures and components metadata use HTTP PUT requests with the appropriate data, as follows:
  1. Create a filter. This is a text file with the following format:

    Architectures: <list of architectures>
    Components: <list of components>

    For example: 

    Architectures: i386
    Components: restricted universe 
  2. Use HTTP PUT request to snapshot a filtered metadata. This example uses curl to create a snapshot of repository apt-proxy with filter stored in filter.txt and id filtered_snapshot:

    curl -u "admin:admin123" -X PUT -H "Content-Type: multipart/form-data" -T "filter.txt" "http://localhost:8081/repository/apt-proxy/snapshots/filtered_snapshot"