Skip to main content

APT Repositories

Debian and systems based on it like Ubuntu, Linux Mint, and Raspbian use the same package management system. APT (Advanced Package Tool) is a set of tools for managing Debian packages, and therefore the applications installed on your Debian system. It provides a wide set of operations like searching repositories, installing packages with their dependencies, and managing upgrades.

Nexus Repository Manager supports the APT repository format for proxy and hosted repositories.

Proxying APT Repositories

You may set up an APT proxy repository to access a remote repository location.

Minimal configuration steps are:

  • Give the repository a name - apt-proxy

  • Define the URL of the location for the remote storage - http://archive.ubuntu.com/ubuntu/

  • Define the Distribution e.g. bionic

  • If the remote repository has a flat format, check the Flat checkbox

  • Pick a Blob store for storage

Flat Repository Formats

A flat repository does not use the dists hierarchy of directories and instead places meta index and indices directly into the archive root (or some part below it) In sources.list syntax, a flat repository is specified like this:

 deb uri directory/

Where URI specifies the archive root, and the directory specifies the position of the meta index and the indices relative to the archive root. In Flat repositories, the following indices are supported:

  • Packages (under the location directory/Packages)

  • Sources (under the location directory/Sources)

InRelease, Release, Release.gpg meta-information, and indices differences are supported as well. Translations and Contents indices are not defined for that repository format. Indices may be compressed just like in the standard Debian repository format.

source: https://wiki.debian.org/DebianRepository/Format#Flat_Repository_Format

Hosting Apt Repositories

You may use a hosted APT repository to upload internally developed and third-party packages.

When creating a hosted APT repository, you need to generate a GPG signing key pair or use an existing one. Hosted APT repositories only sign the metadata. Nexus Repository does not sign packages.

Generate a key pair in a Linux system with the following commands:

apt-get update
apt-get install gpg
gpg --gen-key
gpg --list-keys
cd <path to the folder to import the key pair>
gpg --armor --output public.gpg.key --export <gpg key Id>
gpg --armor --output private.gpg.key --export-secret-key <gpg key Id>

A key ID looks like: '515F58C16D58E682E91ACEFF17B5C97F9A816AD7'

Minimal configuration steps are:

  • Define Name e.g. apt-hosted

  • Define the Distribution e.g. bionic

  • Put the private PGP key into the Signing Key field, as described above

  • Put the passphrase for the private signing key into the Passphrase field

  • Pick a Blob store for storage

To use a hosted APT repository you need to export the GPG public key into your Linux system. Use the public key (public.gpg.key) from the key pair generated above.

apt-get update
apt-get install gnupg
apt-key add <full folder path in the container>/public.gpg.key

Deploying Packages to Hosted APT Repositories

You can use HTTP POST or Upload in the UI to upload packages to a hosted APT repository.

The following example uses a curl command to upload a test.deb file to a hosted APT repository:

curl -u "admin:admin123" -H "Content-Type: multipart/form-data" --data-binary "@./test.deb" "http://localhost:8081/repository/apt-hosted/"

Browsing APT Repositories and Searching Packages

You can browse APT repositories in the user interface inspecting the components and assets and their details, as described in Browsing Repositories and Repository Groups.

Searching for APT packages can be performed in the user interface, too. It finds all packages that are currently stored in the repository manager, as described in Searching for Components.

Configuring APT Client

If you already loaded a metadata using apt update commands first clean it by removing all files from /var/lib/apt/lists/.

To configure the APT client to work with Nexus Repository Manager edit the file /etc/apt/sources.list. Add the following line if you want to add the repository to the list, or replace the content of the file if you're going to use only your repository:

deb <repository URL> <distribution> main

For a hosted repository you should use the <distribution> from the repository properties. For a proxy repository, the <distribution> should be the same as in the original remote repository settings.

You can get the <repository URL> from the table inBrowsing Repositories and Repository Groups via the UI.

Taking a Snapshot of Repository Metadata

A snapshot in terms of the APT repository is a named static copy of the metadata of the repository. Changes in the repository will not cause any changes in the snapshot. A snapshot does NOT contain any binary files. So be ready if the content of the repository changes the snapshot can include some invalid metadata.

Available snapshots can be viewed in UI Browse in the/snapshots folder. Files of a particular snapshot are available in /snapshots/<snapshot Id> folder.

Snapshots functionality is available for both proxy and hosted repositories.

You can use a snapshot to set up an APT client. The URL of the snapshot is <URL of the repository>/snapshots/<snapshot Id>. For example http://localhost:8081/repository/apt-proxy/snapshots/release123.

Snapshot functionality is useful in the following cases:

  • Create a snapshot and use it as a repository for a proxy repository. In this case, you are sure that packages will not be updated or removed because of changes in the remote repository.

Note

To use the removed in the remote repository package, this package must be cached in the proxy repository. If not, you are aware of the changed remote repository, the updated package will not be installed.

  • Use snapshots for the hosted repository to freeze versions of all packages. If someone has changed the content of the repository, you are aware of the changed remote repository, the updated package will not be installed.

There are two variants to create a snapshot:

  • To snapshot all metadata of the repository use a HTTP MKCOL request. The following example uses the curlcommand and example credentials of admin for user and admin123 for password to create a snapshot with the idrelease123:

curl -u "admin:admin123" -X MKCOL "http://localhost:8081/repository/apt-proxy/snapshots/release123"

  • To snapshot filtered by architectures and components metadata use HTTP PUT requests with the appropriate data, as follows:

  1. Create a filter. This is a text file with the following format:

    Architectures: <list of architectures>
Components: <list of components>

    For example:

    Architectures: i386
Components: restricted universe

  2. Use HTTP PUT request to snapshot a filtered metadata. This example uses curl to create a snapshot of repository apt-proxy with filter stored in filter.txt and id filtered_snapshot:

    curl -u "admin:admin123" -X PUT -H "Content-Type: multipart/form-data" -T "filter.txt" "http://localhost:8081/repository/apt-proxy/snapshots/filtered_snapshot"