Installing private DEB packages with APT

Once you have signed up for a Gemfury account, you can upload DEB packages, and install them onto your host with APT.

Uploading packages

There are a few guides on the web about creating a Debian “DEB” package. Once you have the package file, you can use the Dashboard, the Gemfury CLI, or cURL to upload the RPM package to your Gemfury account.

Your secret Repository URL

The secret repository URL is the APT endpoint for your Gemfury account and packages. Do not share this URL to keep your account private. Your Repo-URL has the following format:

https://TOKEN@apt.fury.io/USERNAME/

Setting up APT with Gemfury

To install your packages, you’ll need to configure APT to access your Gemfury repository. Secure access will require you to upload a GPG key that will be used by Gemfury to sign your repository metadata. You will need sudo access to make these changes.

First, download the public GPG keyring for your repository:

curl -fsSL https://TOKEN@apt.fury.io/USERNAME/gpg.key | sudo dd of=/usr/share/keyrings/fury-keyring.gpg
sudo chmod go+r /usr/share/keyrings/fury-keyring.gpg

Next, create a fury.list file in the /etc/apt/sources.list.d directory. Here is a basic template for /etc/apt/sources.list.d/fury.list:

deb [signed-by=/usr/share/keyrings/fury-keyring.gpg] https://TOKEN@apt.fury.io/USERNAME/ * *

Or use this command:

echo "deb [signed-by=/usr/share/keyrings/fury-keyring.gpg] https://TOKEN@apt.fury.io/USERNAME/ * *" > \
/etc/apt/sources.list.d/fury.list

You’re now ready to install packages from your Gemfury account.

Setting up APT with Gemfury (trusted)

For accounts without GPG signing, you can use the following template for /etc/apt/sources.list.d/fury.list:

deb [trusted=yes] https://TOKEN@apt.fury.io/USERNAME/ /

Or this command:

echo "deb [trusted=yes] https://TOKEN@apt.fury.io/USERNAME/ /" > \
/etc/apt/sources.list.d/fury.list

Using APT with Gemfury

To download and update the indexes of packages, please run the following commands now and every time you add a new package:

$ sudo apt update

Once this has succeeded, you can use apt and all related tools to install your private packages:

$ sudo apt install private-package-in-gemfury
...
The following NEW packages will be installed:
  private-package-in-gemfury
...
Setting up private-package-in-gemfury (0.1.0) ...

apt is the newer CLI for accessing APT functions in Debian-based packages. If you prefer or in older versions, you may use apt-get instead.

Keeping your credentials separate & secure

Although the method described above is the simplest, we strongly recommend that you separate the secret tokens so you can restrict access to that sensitive information.

APT has support for specifying authentication credentials in a separate file outside of sources.list by using a /etc/apt/auth.conf file or a .conf file inside /etc/apt/auth.conf.d. Learn more about this feature here.

Create fury.conf in /etc/apt/auth.conf.d:

machine apt.fury.io
  login TOKEN
  password NOPASS

Keep your credentials file secure by setting it to be readable only by the system user you intend to use APT with. Typically, this is root.

With the authentication configured, you can install private packages as you normally would using APT.

Requires APT version 0.7.25 or later. Please note that APT will ignore auth.conf config entirely if the password is omitted or left blank. Please use the keyword NOPASS in the password field to authenticate properly with Gemfury.

Since APT v2, a protocol may be specified for the machine specification to apply exact matching by transport protocol. If protocol is not specified, the entry only matches https and tor+https. When using your Gemfury account, it is recommended to not specify the protocol since https is the default protocol. Learn more about matching of credentials on the apt_auth.conf man page.