
Aptly: Owning Your Debian Distribution - smira
http://www.aptly.info/doc/why/
======
vacri
I just finished putting together an aptly repo system on Friday, with a
'testing', 'staging', and 'production' repo. Buildbot dumps unsigned builds
into testing, and a meatspace process copies those builds into staging or
production when appropriate.

Aptly is a godsend to people who want to run .deb repos, as previously the
software was basically "run a full mirror" or "sucks to be you". Jordan Sissel
(fpm author) once remarked that 'there is a lot of silly ceremony in managing
.debs'. We were previously using reprepro, which was alright, but had the
glaring flaw of only allowing one version of a package to live in the repo. No
easy rollbacks or machines on different versions there.

Aptly is really flexible, and although it does have some corner cases or
slightly unintuitive behaviour (to me), it has excellent documentation and is
in heavy development. Kudos to you, smira.

------
zwilliamson
Aptly rocks. I put this together for those who use Vagrant and want to test
out some of Aptly's commands and functionality.

[https://github.com/sepulworld/aptly-
vagrant](https://github.com/sepulworld/aptly-vagrant)

It also sets up a Jenkins server so you can test out some build jobs that
interact with Aptly.

I am looking forward to Aptly's REST API. Also on the roadmap is the ability
to manage Yum repositories.

------
lamby
[https://apt-captain.readthedocs.org/en/latest/](https://apt-
captain.readthedocs.org/en/latest/)

Here's my solution to this. Love using .debs for distribution.

~~~
grosskur
Looks awesome! I'm actually working on a SaaS product along similar lines.
Right now it can build RPM and Debian packages directly from GitHub sources:

[https://www.packagelab.com/](https://www.packagelab.com/)

Sort of like a cross between Launchpad and Travis CI. If anyone's interested
in trying it out, I'd love feedback.

------
helper
We use deb-s3[1] to maintain a custom apt repository in s3. It supports signed
release files and does all the hard work for you.

[1]:
[https://github.com/krobertson/deb-s3](https://github.com/krobertson/deb-s3)

~~~
smira
aptly can do more much more than just S3 publishing: for example snapshotting,
combining packages from different sources.

------
jcapote
This looks neat, just in time for the weekend :)

I've been using the free plan at
[https://packagecloud.io](https://packagecloud.io) for my debs (handles my
rpms and gems too), and it's been working well so far.

------
dzderic
For anyone who has ever battled with maintaining their own apt/yum repos, this
seems like a godsend.

The most-used tools for getting a package into your repo involve scp'ing the
file to the repository server and running a command to update its index. It's
nice to have a proper toolset to do this, but it's too bad I spend most of my
time with YUM nowadays.

~~~
dima55
man dput

------
_qc3o
This is really cool. If you're using Ubuntu or Debian as your base OS then you
really should be managing your software with something like this and
offloading your deployment to it as well. The benefits of a setup like that
are dead-simple rollbacks and deployment scripts.

~~~
chrisan
I like the concept, but wouldnt it be better to offload deployment/rollbacks
to docker?

~~~
hosay123
Aptly is a repository manager, it works in terms of tightly defined package
versions and dependencies.

Docker is for deployment, it works in terms of graphs of filesystem images.
The tools do slightly overlap in use case, but they operate in entirely
different domains.

It wouldn't be unreasonable to mix both in the same project, but there is no
hard rule for when this would be appropriate.

~~~
qwerta
I think I will stick with a Docker. DEB packages are very complicated and this
tool does not really handle dependency conflits and so on that well. Plus it
does not work with RPM and other packages systems.

~~~
icebraining
_DEB packages are very complicated_

Not really, it's just a tar file with some metadata. Using fpm¹, making
packages from a directory is extremely simple. I've been building internal
packages from our different components, and the build script only has three or
four lines. And besides, even Dockerfiles often use apt/yum.

¹ [https://github.com/jordansissel/fpm](https://github.com/jordansissel/fpm)

~~~
smira
I use fpm to build aptly .deb packages, it is extremely simple to use compared
to usual source package + build path.

This is a problem for Go programs, due to multiple unversioned (usually)
dependencies on other Go libraries.

------
jvdb
This sounds really nice. I've been using apt as a deployment mechanism not
unlike the use-cases describe. While the whole thing's been rock solid, the
repo management could do with a cleaner interface. Looking forward to giving
it a go!

------
dozzie
Would be sensible, if only the installation procedure didn't cluelessly
combine downloading source with compiling it. Hey, some people want to build
binary packages out of the code out there!

------
robinson-wall
Props to smira + other contributors to aptly, it looks like it has come a long
way in a short time.

------
oblio
So, basically Nexus/Artifactory for deb. Cool.

------
Havvy
What does this give you over using NixOS?

~~~
smira
NixOS is aiming for the same goal, I believe. NixOS is built on top of
different package manager, Nix.

With aptly you're still using your favorite Debian/Ubuntu distro, installing
packages with apt-get and so on.

~~~
Dewie
How about using Nix on Debian/Ubuntu?

~~~
vertex-four
The issue with this setup is that you can't define "services" from within Nix
without NixOS. A service basically ties together a set of packages and
configuration and puts them in systemd.

At the moment, you'd have to use an external configuration management system
for actually defining your systemd services, etc.

~~~
pmahoney
I deploy a couple things via Nix package manger to non-NixOS systems, and I
manage my own system configs, etc. within Nix. My "external configuration
management system" is pared down to a small script that symlinks everything in
a directory into another directory (such as /etc/init).

One thing missing from Nix is ability to store passwords and the like in the
nix store, and from what I understand this applies to NixOS as well as using
Nix outside NixOS. For example, every file in the nix store is world readable.

[https://github.com/NixOS/nix/issues/8](https://github.com/NixOS/nix/issues/8)

~~~
vertex-four
NixOps gets around this to some extent by allowing you to define keys to be
copied to /run/keys when configuring a remote system. They thus never touch
the remote store.

------
Dewie
Half of the posts in this thread are about the author's English. I know that
clear communication and constructive feedback on one's command of a language
is good, but... come on.

------
pan69
I'm no grammar Nazi but the first sentence on this website had me completely
tripped up:

>> Linux distribution is well-tested collection of packages carefully
organized and supported by the vendor.

wat?

~~~
smira
Sorry for my bad English.

Does this sound better:

"Linux distribution is a well-tested collection of packages that are carefully
organized and supported by the vendor."

~~~
pluma
Grammar aside, I'd say the plural feels more natural in this case:

"Linux distributions are well-tested collections of packages …"

But for singular you need to qualify "Linux distribution":

"A Linux distribution is a well-tested collection of packages …"

And I'd probably say "by a vendor" instead of "by the vendor" as it's not
clear you're talking about a specific vendor.

Also, the "a" is wrong in this:

"There’s a support for …"

This should be: "There is support for …", in other words: "Support exists for
…". Support is non-countable (like water, peace or terrorism) in English.

As a rule of thumb:

* if it's non-countable, just leave it bare: "I bought water", "It has support", "This is murder". * if you're referring to a specific instance of something the audience knows about or you're going to qualify, use "the": "I bought the house [I previously told you about]", "I shot the gopher that kept digging up my lawn". * otherwise use "a": "I bought a house" (this is news to you), "I ran over a cat" (if you say "the cat", the listener would instantly think "which one?").

English is "fun".

~~~
pbhjpbhj
In English (en-gb) colloquialism "I ran over the cat" would be perfectly fine
as "the cat" is understood to mean "our/my cat". "Your dinner's in the dog",
"I locked the keys in the car", _et cetera_.

Similarly in a sentence like "Why don't you and the family come up to the
house sometime for tea.". "The house" substitutes for "our house". Now all you
need to work out is whether tea is afternoon tea, a cup of tea, or an evening
meal and if the offer is sincere. I gather the response is supposed to be
"That would be lovely." rather than actually trying to arrange the proffered
social meeting.

~~~
pluma
Sure, but presume neither the speaker nor the recipient owns a cat. Without an
obvious context ("the cat"? what cats could we both know of?), it's not
entirely clear.

Saying "the" instead of "a" generally assumes a context that has either been
established before during the conversation or outside of it.

Imagine a stranger telling you they "accidentally killed the koala". You'd be
confused. Not that strangers telling you about exotic animals they
accidentally killed wouldn't be confusing enough.

~~~
pbhjpbhj
I wasn't disagreeing I was just adding extra depth to what you said. Yes it's
not entirely clear language, that's why it's colloquialism rather than being
adopted as proper speech/writing.

Like you say "the item" means there should be an antecedent [previous
mention].

If someone said they'd "killed the koala" I'd assume it was a euphemism for
something!!

