• Upcoming Scheduled Maintenance on Jan 25, 2019

    Jan 4, 2019 |

    UPDATE, Schedule Maintenance has been postponed! We’ve decided to postpone scheduled maintenance for 1 week. Scheduled maintenance will occur on: January 25, 2019 from 12pm to 3pm Pacific Standard Time (20:00 - 23:00 UTC). The original maitenance window has been canceled and the service will remain available as normal until the maintenance scheduled on January...

  • GPG Key Migration

    Oct 17, 2018 |

    packagecloud is changing the way certain older repositories have their metadata signed with GPG keys. Only a small set of repositories on packagecloud with Debian and RPM packages are affected. All other repositories do not need migration. Any unmigrated repositories will be automatically migrated by our system on January 7, 2019. You can see...

  • Announcing packagecloud:enterprise 2.0!

    Feb 26, 2018 |

    We’re excited to announce the release of our on-premises software packagecloud:enterprise 2.0! This new release includes a complete UI makeover, numerous performance improvements, support for Node.js packages and NPM registries, improved support for Android packages and much, much more. packagecloud:enterprise is run and managed by you, on your existing infrastructure, within your existing security...

  • Attacks against GPG signed APT repositories

    Feb 21, 2018 |

    Updated January 22, 2019 to include a new remote code execution exploit. This blog post takes a closer look at some attacks against APT repositories outlined in the academic paper A Look In the Mirror: Attacks on Package Managers and how they apply to recent versions of APT software. It is a common misconception...

  • NPM registry internals

    Jan 24, 2018 |

    This blog post dives in to the NPM registry metadata format and core APIs. We’ll cover the different metadata files that make up an NPM registry, what the files mean, and show how a user can inspect metadata using command lines tools. What is an NPM registry? An NPM registry is a collection of...

  • HOWTO: Inspect, Download and Extract NPM Packages

    Jan 11, 2018 |

    This post outlines how to inspect the registry information of an NPM package using the npm view command, download an NPM package directly from a registry using the npm pack command, and extract the contents of the package tarball.

  • Announcing NPM registry support

    Dec 27, 2017 |

    We are thrilled to announce that you can now upload Node.js packages to your packagecloud repositories! You can upload using npm publish, the packagecloud CLI or the packagecloud API. The NPM registry support added to packagecloud includes support for scoped Node.JS packages and the Yarn package manager right out of the box, with no...

  • Announcing Package Signing GPG Key Support

    Jun 8, 2017 |

    You can now upload package signing GPG keys to packagecloud.io! Adding package signing keys will cause them to be automatically installed and prepared for use by users of your repositories. Your users will benefit from this feature because the package management system will now verify GPG signatures on the packages themselves using keys that...

  • Great Indian Developer Summit 2017 (GIDS 2017)

    Apr 28, 2017 |

    These are the slides from Joe Damato’s talks at the Great Indian Developer Summit 2017 (GIDS 2017) titled: “Infrastructure as code might be literally impossible” and “All your network monitoring is (probably) wrong”. The talks cover: C, assembly, package managers, puppet, chef, scary stories, network monitoring, Linux and more!

  • All programmers MUST learn C and Assembly

    Apr 21, 2017 |

    These are the slides from Joe Damato’s talk at Deconstruct 2017, titled “All programmers must learn C and Assembly.” This talk covers: C, assembly, system calls, operating systems, kernels, and more! Video Once Deconstruct posts videos, we’ll update this blog post! Slides

  • HOWTO: Private Maven Repositories

    Mar 26, 2017 |

    This post will detail how to setup a private Maven repository in order to easily share Java, Scala, Clojure, and Android libraries with internal teams. Our example will use Jenkins CI to push an example library that will be used by an internal using Maven and an external team using Gradle. Overview As microservice...

  • HOWTO: Create debian repositories with reprepro

    Mar 23, 2017 |

    This blog post will explain the steps needed for creating a Debian APT repository using command line tools. Quick start The fastest, easiest, and most secure way to create a Debian repository is to sign up at packagecloud.io. You will take advantage of numerous features like SSL and consistent APT repositories without needing to...

  • Extract python egg and python wheel

    Mar 17, 2017 |

    This post covers how to extract and list the contents of python eggs and python wheels on the command line. Extract python egg A python egg is a simple Zip file, so you can extract it using any program that reads Zip files: $ unzip /path/to/file.egg NOTE: You may need to rename the file...

  • Inspecting and extracting JAR files from the command line

    Mar 15, 2017 |

    This post covers how to extract and list the contents of JAR files using the command line. Extract JAR file $ jar xvf /path/to/file.jar Easy to use Maven repositories, free. Sign up! Extract JAR file without jar command line tool JAR files are Zip files but with a different name. You can use any...

  • Using strace to understand a 10x Java performance improvement

    Mar 14, 2017 |

    In this blog post, we’ll examine the UseLinuxPosixThreadCPUClocks command line flag to the JVM. Starting in a patch update of the Sun JVM 1.6, the default value of this switch was changed to true, yielding a nice performance boost, roughly 10x in our test. Users of more recent JVMs get this behavior by default,...

  • How does a maven repository work?

    Mar 9, 2017 |

    Similar to our APT Repository Internals and YUM Repository Internals posts, this post aims to illustrate the inner workings of a Maven repository. Read on if you have ever been curious as to how mvn compile figures out which dependencies to download and how to retrieve them in order to build your project.

  • Two frequently used system calls are ~77% slower on AWS EC2

    Mar 8, 2017 |

    This blog post dives into an interesting finding: two frequently used system calls (gettimeofday, clock_gettime) are much slower on AWS EC2. Linux provides a mechanism for speeding up those two frequently used system calls by implementing the system call code in userland and avoiding the switch to the kernel entirely. This is done via...

  • Micro-optimizations matter: preventing 20 million system calls

    Mar 6, 2017 |

    This blog post is a followup on our previous post How setting the TZ environment variable avoids thousands of system calls. In this post, we’ll explore a particularly prominent case where a micro-optimization (like removing a system call in a hot path) had a drastic effect on software performance.

  • Announcing Android AAR Support

    Feb 22, 2017 |

    You can now upload your Android projects (AAR files) to packagecloud.io! Easily share them publicly or privately. Read on to find out the different ways to upload, download, and depend on AAR files. How to upload AAR files There are various ways to upload your Android project files to packagecloud.io. You can use Gradle/Maven...

  • How setting the TZ environment variable avoids thousands of system calls

    Feb 21, 2017 |

    This blog post explains how setting an environment variable can save thousands (or in some cases, tens of thousands) of unnecessary system calls that can be generated by glibc over small periods of time. This has been tested on Ubuntu Precise (12.04) and Ubuntu Xenial (16.04). It likely applies to other flavors of Linux,...

  • Monitoring and Tuning the Linux Networking Stack: Sending Data

    Feb 6, 2017 |

    This blog post explains how computers running the Linux kernel send packets, as well as how to monitor and tune each component of the networking stack as packets flow from user programs to network hardware.

  • Continuous Delivery of Python Applications using Travis CI and packagecloud

    Jan 17, 2017 |

    This post will go through the steps needed to implement an automated software pipeline for Python packages. On every tagged commit pushed to Github, Travis CI will automatically build this project and push it to packagecloud.

  • HOWTO: Build debian packages for simple shell scripts

    Dec 15, 2016 |

    This post goes over the creation of a debian package containing shell scripts using dh_make and debuild. Starting from structuring the packaging directory to building the final debian package, this tutorial covers the process of creating a debian package with just a few simple steps.

  • Announcing package promotion: easily move packages between repositories

    Nov 21, 2016 |

    We’re excited to announce that we’ve added support for package promotion, which allows repository owners and collaborators to easily move packages between repositories! This feature can be used via the package promote API or via the package_cloud command line tool.

  • Debugging SSL in Java using mitmproxy

    Nov 14, 2016 |

    In this post we’ll go over setting up the popular mitmproxy tool on an external host and configuring your Java programs to proxy traffic through it, allowing you to debug misbehaving HTTP clients and libraries.

  • Announcing official support for zypper

    Oct 17, 2016 |

    Summary We’re excited to announce that we’ve added official support for zypper, the package manager that is widely used on openSUSE and SUSE Enterprise Linux Server (SLES)! Create a package repository in less than 10 seconds, free. Sign up! Uploading packages To upload a package for openSUSE or SLES you can either upload via our...

  • APT 1.2.10 backport for Ubuntu Trusty (14.04) and Ubuntu Precise (12.04)

    Oct 17, 2016 |

    Summary We’re excited to announce that we’ve backported APT 1.2.10 to Ubuntu Trusty (14.04) and Ubuntu Precise (12.04)! This version of APT includes a new feature called Acquire-by-hash which completely eliminates the “Hash sum mismatch” errors. You can read more about this APT feature on our blog. Create an APT repository in less than 10...

  • Illustrated Guide to Monitoring and Tuning the Linux Networking Stack: Receiving Data

    Oct 11, 2016 |

    This blog post expands on our previous blog post Monitoring and Tuning the Linux Networking Stack: Receiving Data with a series of diagrams aimed to help readers form a more clear picture of how the Linux network stack works. Create a package repository in less than 10 seconds, free. Sign up! There are no...

  • Infrastructure as code might be literally impossible part 2

    Sep 28, 2016 |

    These are the the slides from Joe Damato’s keynote at Automacon 2016, titled “Infrastructure as code might be literally impossible part 2”. This talk covers: package managers, ssl, linux, scary stories, and more! Slides

  • Fixing APT Hash Sum Mismatch: Consistent APT Repositories

    Sep 27, 2016 |

    The APT repository metadata format is inherently racy. This bug makes it impossible to guarantee that: Frequently updated APT repositories will remain consistent for users Mirrors of APT repositories will be consistent A new feature has been added to APT 1.2.0 and newer to prevent this race condition. Support for this feature has been...

  • SBT SNAPSHOT Deploys and fatjar Support

    Aug 22, 2016 |

    You can now deploy your Scala packages directly from SBT to your packagecloud repositories (including SNAPSHOT versions)! Also, we’ve released support for deployment JARs, also known as “fatjars” or “uberjars” to the packagecloud CLI! Read on to find out how to take advantage of these new features.

  • IPv6 access for all APT, YUM, Maven, PyPI, and RubyGem repositories

    Aug 18, 2016 |

    IPv6 APT, YUM, PyPI, RubyGem and Maven package repositories We are pleased to announce that IPv6 support for packagecloud has now entered public beta! The changes have been rolled out site-wide. The website, all package repositories, and all API endpoints are now accessible with both IPv4 and IPv6. No changes are necessary for our users;...

  • Announcing Maven repository support

    Jul 7, 2016 |

    packagecloud now fully supports public and private maven2 repositories! Deploy releases and SNAPSHOTs right from your favorite build tool: Maven, Gradle, or Leiningen!

  • Monitorama 2016: All of Your Networking Monitoring is (probably) wrong

    Jun 29, 2016 |

    These are the slides from Joe Damato’s talk at Monitorama 2016 titled “All Your Networking Monitoring is (probably) Wrong”. This talk covers: parts of the Linux kernel, networking, and some tips and tricks for understanding and gathering network monitoring statistics.