What is RpmDeb

RpmDeb is a cloud-based service allowing creating and hosting private package repositories without the necessity to set up and maintain your own infrastructure.

Packages

A Package is a file containing a computer program plus some neccessary information about it, like its name, version, list of dependencies, etc. It serves as an essential part of installing, upgrading and removing software for an operating systems or applications.

Benefits

The major benefits of using packages and package management systems are:

  • consistency
  • predictability
  • immutability

Therefore, packages and package management systems (such as yum for Enterprise Linux, apt for Ubuntu/Debian, npm for NodeJS, etc) play a significant role in developing and maintaing scalable systems.

Packages at RpmDeb

At the moment, RpmDeb supports the following package formats:

  • RPM
  • DEB

Presently we are working to introduce support for NPM and Maven. Please do not hesitate to contact us for additional information.

Repositories

Also known as “repo” for short, a Repository is a named storage from which packages may be installed under certain conditions. A repository may also contain additional metadata, such as supported operating system version and/or architecture, access restrictions, etc. Typically repositories can contain multiple versions of the same package.

RpmDeb Repositories

At RpmDeb, repositories:

  • are compatible with YUM/APT-based package management systems
  • have digitally signed metadata
  • supplied with token-based permission system:
    • a repository can be private - a proper token must be used in order to upload and install packages to/from the repo
    • or public - anyone can install packages from the repo by its URL, however to modify repo packages a token is still required
  • can be supplied with a retention policy

Retention options

RpmDeb provides an option to set up a retention policy for a repository. The policy is a bunch of rules to automatically clean up repositories from ageing packages.

The retention rules are:

  • by age: removes all the package files updated earlier than X days before
  • by number of versions: keeps only N most recent versions for every package
  • or a combination of both

We are always open for any type of suggestion about our service. If you have a specific requirement or an idea, please do not hesitate to drop us a message.

Tokens

At RpmDeb, Tokens are 32-byte random strings and provide general access to repositories. The token access level is either PULL (enables installing packages from the repository), PUSH (enables adding new or updating existing packages), or both at the same time.

Tokens are team-level objects which means that a token will have access to all repositories within the team it was created for. If there is a need to be more specific in terms of access control, it is possible to create a new team.

Naming and access level

Tokens can be supplied with an optional name and description and it is considered to be a good idea to create one token per server/environment and name them accordingly, for example: ci, my-build-server-01, performance-testing, etc.

Be certain when setting up access level for a token, for example a deploy token can have PULL right only, and CI/build server token can have only PUSH.

Token rotation

RpmDeb provides an option to rotate any token from the Control Panel, in this case the token will be regenerated. Please advise to your security guidelines and policies for the rotation period.

Teams

At RpmDeb, Teams are named groups of repositories, supplied with a bunch of tokens and user management system. All teams share the same namespace, which means that it is not possible to create a team with the name already being used by someone. However, team can be renamed later by its owner, so there is no need to think a lot about naming conventions.

Team ownership

Every team has a single owner, the User who created the team and responsible for covering team’s expenses. The owner has full access to all the repositories and packages within the team. The transfer of an ownership can be done to a User with active subscription plan and via support request only.

Every User can be owner of as many teams as it’s required. At the end of the billing period all the teams expenses will sum up against the owner’s subscription plan.

Collaboration access

Team’s user management system allows to invite as many collaborators as it’s required by their email. If the invited User already had had an account with RpmDeb, the User will be able to start collaborating right away. Otherwise, firstly the User will have to register an account with RpmDeb using the link we have sent to the specified email.

Every collaborator could have either admin or member access level with the following permissions:

  • member - have full control of the team’s repositories, tokens and packages
  • admin - the same as above, plus also can manage team’s users except the owner

Every collaborator can leave the team on their own at any time. After leaving they will loose all the access and information about the team they left.

How to upload packages to RpmDeb

It is possible to upload a package via the Control Panel, by navigating to a repository page and hitting the Upload button.

Or via the command line, using curl-like tools with the following command:

curl -F package=@path/to/you/package/file -u "TOKEN" https://put.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/

Package of any supported format can be uploaded, RpmDeb will automatically recognize it and update the repository.

How to install packages from RpmDeb

RPM Packages

To install RPM packages from a repository, first create a .repo YUM repository configuration file in the /etc/yum.repos.d/ directory, using the following sample template defining my-repo repository:

[my-repo]
name=My RpmDeb Private Repository
baseurl=https://TOKEN@rpm.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://rpm.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/pub.gpg.key

After that all the packages in the repository can be listed with:

yum --enablerepo=my-repo --disablerepo=* list available

And installed with:

yum -y install package-name-here

DEB Packages

To install DEB packages from a repository, first install the GPG key used for repository metadata signing, with the following command:

curl -L https://deb.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/pub.gpg.key | sudo apt-key add -

Then create a .list file in the /etc/apt/sources.list.d/ directory, using the following sample command:

sudo echo "deb https://TOKEN@deb.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/ stable main" > /etc/apt/sources.list.d/rpmdeb.list

Refresh local package cache with:

sudo apt-get update

And install packages with:

sudo apt-get install package-name-here

Security

HTTPS/SSL

All repositories have their package files and metadata served via HTTPS protocol only in order to prevent Man In The Middle attacks.

GPG

All repositories have their metadata signed with a GPG key which can be found at:

https://get.rpmdeb.com/TEAM_NAME/REPOSITORY_NAME/pub.gpg.key

Hostnames and IP Ranges

In the case of access RpmDeb from behind a firewall, one may need to whitelist RpmDeb’s hostnames:

  • get.rpmdeb.com
  • put.rpmdeb.com
  • rpm.rpmdeb.com
  • deb.rpmdeb.com

Since RpmDeb uses AWS S3 service to store package files and repository metadata, you may also need to whitelist their IP Ranges.

The RpmDeb’s regions are: us-east-1, eu-west-1 and eu-central-1.

Troubleshooting

If you have any issues with RpmDeb please contact us here, or email support(at)rpmdeb.com.

Start a free non-obliging 30-day trial and create your private cloud package repository right away.

register free