LinuxCommandLibrary

repo-add

Add packages to a local repository

TLDR

Create an empty repository

$ repo-add [path/to/database.db.tar.gz]
copy

Add packages to the repository
$ repo-add [path/to/database.db.tar.gz] [package1.pkg.tar.zst package2.pkg.tar.zst ...]
copy

Add all package binaries in the current directory and remove any outdated package files
$ repo-add [[-R|--remove]] [path/to/database.db.tar.gz] [*.pkg.tar.zst]
copy

Add all package binaries in the current directory in silent mode except for warning and error messages
$ repo-add [[-q|--quiet]] [path/to/database.db.tar.gz] [*.pkg.tar.zst]
copy

Add all package binaries in the current directory without showing color
$ repo-add --nocolor [path/to/database.db.tar.gz] [*.pkg.tar.zst]
copy

SYNOPSIS

repo-add [options] <database-file> <package-file>...

PARAMETERS

<database-file>
    The path to the repository database file to create or update (e.g., custom.db.tar.zst).

<package-file>...
    One or more paths to Pacman package files (e.g., package-1.0-1-x86_64.pkg.tar.zst) to add to the database.

-d, --delta
    Generate delta files for packages. This creates small files representing differences between package versions, useful for efficient updates.

-f, --force
    Force package recreation; overwrite existing package entries in the database even if the package version is not newer.

-q, --quiet
    Suppress output messages, showing only errors.

-n, --new
    Only add new packages to the database. Do not update existing package entries, even if the provided package is a newer version.

-s, --sign
    Sign the repository database using GnuPG. This provides integrity and authenticity verification for users.

-k <keyid>, --key <keyid>
    Specify the GnuPG key ID to use for signing the database. Only valid when --sign is also used.

-p, --prevent-update
    Do not update the timestamp of existing packages in the database if their version hasn't changed.

--skip-pgp-check
    Skip PGP signature checks on package files being added. Use with caution, as it bypasses a security measure.

--zstd
    Compress the database using Zstandard (zstd) compression. This is often the default for recent pacman-utils versions.

--gz
    Compress the database using gzip compression.

--xz
    Compress the database using xz compression.

--bz2
    Compress the database using bzip2 compression.

-v, --version
    Display the version information for repo-add.

-h, --help
    Display a help message and exit.

DESCRIPTION

repo-add is a utility from the pacman-utils package designed to create or update a Pacman package repository database. This database, typically ending with .db.tar.gz or .db.tar.zst, contains metadata about packages (such as name, version, architecture, dependencies, and file listings) that Pacman uses to manage software. When invoked, repo-add takes the path to a database file and one or more Pacman package files (e.g., .pkg.tar.zst).

If the specified database file does not exist, repo-add creates it. If it already exists, it updates existing package entries with newer versions or adds new package entries. It extracts the necessary metadata directly from the package files, ensuring the repository database accurately reflects the available packages. This command is indispensable for maintaining local or remote custom package repositories, allowing users to distribute their own packages or mirror official repositories effectively.

CAVEATS

repo-add is part of the pacman-utils package and is primarily used on Arch Linux and its derivatives.

The database file must typically end with a compression suffix (e.g., .db.tar.zst, .db.tar.gz). If the suffix doesn't match the desired compression, you might need to specify the compression type explicitly with options like --zstd or --gz.

For signing the repository database with --sign, GnuPG must be installed and properly configured with the signing key available in your keyring.

REPOSITORY STRUCTURE

A typical Pacman repository consists of a directory containing the package files themselves (.pkg.tar.zst) and the corresponding repository database file (e.g., custom.db.tar.zst and its signature custom.db.tar.zst.sig if signed). When adding packages, ensure they are placed in the same directory as, or a directory accessible by, the repo-add command, and that the <database-file> path points to the desired location within that repository structure.

DATABASE SIGNING AND TRUST

Signing the repository database with GnuPG (using the --sign option) is a critical security practice. When users add a repository to their pacman.conf and import the repository maintainer's public key, Pacman can verify the integrity and authenticity of the database before trusting the package information. This prevents malicious actors from tampering with the repository database and serving compromised packages.

HISTORY

repo-add has been an integral part of the Arch Linux packaging ecosystem since the early days of pacman. It has evolved alongside pacman itself, adapting to new package formats, compression methods (such as the shift from gzip to xz and later to zstd for package and database compression), and security features like GnuPG signing for repository integrity. Its development reflects the ongoing efforts to make package management robust, secure, and efficient for Arch Linux users and developers.

SEE ALSO

pacman(8), repo-remove(8), makepkg(8), namcap(1)

Copied to clipboard