[[sysadmin_package_repositories]] Package Repositories -------------------- ifdef::wiki[] :pve-toplevel: endif::wiki[] All Debian based systems use http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as package management tool. The list of repositories is defined in `/etc/apt/sources.list` and `.list` files found inside `/etc/apt/sources.d/`. Updates can be installed directly using `apt-get`, or via the GUI. Apt `sources.list` files list one package repository per line, with the most preferred source listed first. Empty lines are ignored, and a `#` character anywhere on a line marks the remainder of that line as a comment. The information available from the configured sources is acquired by `apt-get update`. .File `/etc/apt/sources.list` ---- deb http://ftp.debian.org/debian buster main contrib deb http://ftp.debian.org/debian buster-updates main contrib # security updates deb http://security.debian.org/debian-security buster/updates main contrib ---- // FIXME for 7.0: change security update suite to bullseye-security In addition, {pve} provides three different package repositories. [[sysadmin_enterprise_repo]] {pve} Enterprise Repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is the default, stable and recommended repository, available for all {pve} subscription users. It contains the most stable packages, and is suitable for production use. The `pve-enterprise` repository is enabled by default: .File `/etc/apt/sources.list.d/pve-enterprise.list` ---- deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise ---- As soon as updates are available, the `root@pam` user is notified via email about the available new packages. On the GUI, the change-log of each package can be viewed (if available), showing all details of the update. So you will never miss important security fixes. Please note that you need a valid subscription key to access this repository. We offer different support levels, and you can find further details at https://www.proxmox.com/en/proxmox-ve/pricing. NOTE: You can disable this repository by commenting out the above line using a `#` (at the start of the line). This prevents error messages if you do not have a subscription key. Please configure the `pve-no-subscription` repository in that case. [[sysadmin_no_subscription_repo]] {pve} No-Subscription Repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As the name suggests, you do not need a subscription key to access this repository. It can be used for testing and non-production use. Its not recommended to run on production servers, as these packages are not always heavily tested and validated. We recommend to configure this repository in `/etc/apt/sources.list`. .File `/etc/apt/sources.list` ---- deb http://ftp.debian.org/debian buster main contrib deb http://ftp.debian.org/debian buster-updates main contrib # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve buster pve-no-subscription # security updates deb http://security.debian.org/debian-security buster/updates main contrib ---- [[sysadmin_test_repo]] {pve} Test Repository ~~~~~~~~~~~~~~~~~~~~~~ Finally, there is a repository called `pvetest`. This one contains the latest packages and is heavily used by developers to test new features. As usual, you can configure this using `/etc/apt/sources.list` by adding the following line: .sources.list entry for `pvetest` ---- deb http://download.proxmox.com/debian/pve buster pvetest ---- WARNING: the `pvetest` repository should (as the name implies) only be used for testing new features or bug fixes. [[sysadmin_package_repositories_ceph]] {pve} Ceph Repository ~~~~~~~~~~~~~~~~~~~~~ This is {pve}'s main Ceph repository and holds the Ceph packages for production use. You can also use this repository to update only the Ceph client. .File `/etc/apt/sources.list.d/ceph.list` ---- deb http://download.proxmox.com/debian/ceph-nautilus buster main ---- {pve} Ceph Testing Repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This Ceph repository contains the Ceph packages before they are moved into the main repository and is used to test new Ceph release on {pve}. .File `/etc/apt/sources.list.d/ceph.list` ---- deb http://download.proxmox.com/debian/ceph-nautilus buster test ---- {pve} Ceph Luminous Repository For Upgrade ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a build of tje Ceph Luminous release for {pve} 6.0, this can be used to upgrade a {pve} cluster with Ceph Luminous deployed first to our 6.0 release, based on Debian Buster, and only afterwards upgrade the Ceph on it's own. .File `/etc/apt/sources.list.d/ceph.list` ---- deb http://download.proxmox.com/debian/ceph-luminous buster main ---- SecureApt ~~~~~~~~~ We use GnuPG to sign the `Release` files inside those repositories, and APT uses that signatures to verify that all packages are from a trusted source. The key used for verification is already installed if you install from our installation CD. If you install by other means, you can manually download the key with: # wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg Please verify the checksum afterwards: ---- # sha512sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg acca6f416917e8e11490a08a1e2842d500b3a5d9f322c6319db0927b2901c3eae23cfb5cd5df6facf2b57399d3cfa52ad7769ebdd75d9b204549ca147da52626 /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg ---- or ---- # md5sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg f3f6c5a3a67baf38ad178e5ff1ee270c /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg ---- ifdef::wiki[] // include note about older releases, but only for wiki {pve} 5.x Repositories ~~~~~~~~~~~~~~~~~~~~~~ {pve} 5.x is based on Debian 9.x (``stretch''). Please note that this release is out of date, and you should update your installation. Nevertheless, we still provide access to those repositories at our download servers. [width="100%",cols="