Debian packages in the Package Registry (FREE)

WARNING: The Debian package registry for GitLab is under development and isn't ready for production use due to limited functionality. This epic details the remaining work and timelines to make it production ready.

NOTE: The Debian registry is not FIPS compliant and is disabled when FIPS mode is enabled.

Publish Debian packages in your project's Package Registry. Then install the packages whenever you need to use them as a dependency.

Project and Group packages are supported.

For documentation of the specific API endpoints that Debian package manager clients use, see the Debian API documentation.

Enable the Debian API (FREE SELF)

Debian repository support is still a work in progress. It's gated behind a feature flag that's disabled by default. GitLab administrators with access to the GitLab Rails console can opt to enable it.

To enable it:

Feature.enable(:debian_packages)

To disable it:

Feature.disable(:debian_packages)

Enable the Debian group API (FREE SELF)

The Debian group repository is also behind a second feature flag that is disabled by default.

To enable it:

Feature.enable(:debian_group_packages)

To disable it:

Feature.disable(:debian_group_packages)

Build a Debian package

Creating a Debian package is documented on the Debian Wiki.

Authenticate to the Package Registry

To create a distribution, publish a package, or install a private package, you need one of the following:

Create a Distribution

On the project-level, Debian packages are published using Debian Distributions. To publish packages on the group level, create a distribution with the same codename.

To create a project-level distribution:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/debian_distributions?codename=<codename>"

Example response with codename=unstable:

{
  "id": 1,
  "codename": "unstable",
  "suite": null,
  "origin": null,
  "label": null,
  "version": null,
  "description": null,
  "valid_time_duration_seconds": null,
  "components": [
    "main"
  ],
  "architectures": [
    "all",
    "amd64"
  ]
}

More information on Debian distribution APIs:

Publish a package

Once built, several files are created:

  • .deb files: the binary packages
  • .udeb files: lightened .deb files, used for Debian-Installer (if needed)
  • .tar.{gz,bz2,xz,...} files: Source files
  • .dsc file: Source metadata, and list of source files (with hashes)
  • .buildinfo file: Used for Reproducible builds (optional)
  • .changes file: Upload metadata, and list of uploaded files (all the above)

To upload these files, you can use dput-ng >= 1.32 (Debian bullseye):

cat <<EOF > dput.cf
[gitlab]
method = https
fqdn = <username>:<your_access_token>@gitlab.example.com
incoming = /api/v4/projects/<project_id>/packages/debian
EOF

dput --config=dput.cf --unchecked --no-upload-log gitlab <your_package>.changes

Install a package

To install a package:

  1. Configure the repository:

    If you are using a private project, add your credentials to your apt configuration:

    echo 'machine gitlab.example.com login <username> password <your_access_token>' \
      | sudo tee /etc/apt/auth.conf.d/gitlab_project.conf

    Download your distribution key:

    sudo mkdir -p /usr/local/share/keyrings
    curl --header "PRIVATE-TOKEN: <your_access_token>" \
         "https://gitlab.example.com/api/v4/projects/<project_id>/debian_distributions/<codename>/key.asc" \
         | \
         gpg --dearmor \
         | \
         sudo tee /usr/local/share/keyrings/<codename>-archive-keyring.gpg \
         > /dev/null

    Add your project as a source:

    echo 'deb [ signed-by=/usr/local/share/keyrings/<codename>-archive-keyring.gpg ] https://gitlab.example.com/api/v4/projects/<project_id>/packages/debian <codename> <component1> <component2>' \
      | sudo tee /etc/apt/sources.list.d/gitlab_project.list
    sudo apt-get update
  2. Install the package:

    sudo apt-get -y install -t <codename> <package-name>