Create an Alpine Repository

JFrog Artifactory Documentation
Products
JFrog Artifactory
Content Type
User Guide

This topic describes how to create an Alpine repository. This is required before deploying and resolving Alpine packages. There are three primary types of repositories:

  • Local repositories: Store and share first- and second-party packages with your organization

  • Remote repositories: Download packages from https://pkgs.alpinelinux.org/packages and other remote locations or Artifactory instances

  • Virtual repositories: Aggregate remote and local repositories, enabling your organization to scale by providing a single URL that provides access to multiple repositories and types

For more information on JFrog repositories, see Repository Management Overview.

Prerequisites:

  • You need Admin or Project Admin permissions in Artifactory to create a repository. If you don't have Admin permissions, the option will not be available.

  • Alpine Linux requires RSA keys by default. For more information on adding RSA keys, see RSA Key Pairs. If you do not configure RSA keys, you must use the --allow-untrusted flag.

    Note

    When running apk commands with the --allow-untrusted flag against a local or virtual Alpine repository, you may see the following warning:

    This apk-tools is OLD! Some packages might not function properly.

    This is an expected security warning from the Alpine package manager that appears only when package signature verification is disabled via the --allow-untrusted flag. The message has no impact on your system and can be safely ignored.

To create an Alpine repository:

  1. In the Administration tab, click Repositories | Create a Repository.

    CreateAnsibleLocal1.png

  2. Select the type of repository you want to create: local, remote, or virtual.

  3. Select the Alpine package type.

  4. Configure the required fields for the repository:

    • For local repositories, in the Repository Key field, type a meaningful name for the repository. For example, alpine-local. For more information on local repositories and their settings, see Local Repositories.

      In the Advanced tab, select an RSA key from the list to sign the APKINDEX.tar.gz index file.

    • For remote repositories, verify the Repository URL and update as needed. For more information on remote repositories and their settings, see Remote Repositories.

      To avoid manually managing keys for remote repositories, place them inside a virtual repository. Assign a key pair to the virtual repository, and Artifactory will re-sign all remote metadata. This way, your client only needs to trust the virtual repository's single public key.

    • For virtual repositories, select one or more local or remote repository types to include in the virtual repository. For more information on virtual repositories and their settings, see Virtual Repositories.

      The RSA key pair defined for the virtual repository will be used to sign the virtual index file. If local repositories are defined with RSA key pairs, these keys will be ignored.

  5. Click Create Repository. The repository is created and the Repositories window is displayed.