Upcoming Scheduled Maintenance on Jan 25, 2019
Jan 4, 2019 | announcements
UPDATE, Schedule Maintenance has been postponed! We’ve decided to postpone scheduled maintenance for 1 week. Scheduled maintenance will occur on: January 25, 2019 from 12pm to 3pm Pacific Standard Time (20:00 - 23:00 UTC). The original maitenance window has been canceled and the service will remain available as normal until the maintenance scheduled on January...
GPG Key Migration
Oct 17, 2018 | announcements
packagecloud is changing the way certain older repositories have their metadata signed with GPG keys. Only a small set of repositories on packagecloud with Debian and RPM packages are affected. All other repositories do not need migration. Any unmigrated repositories will be automatically migrated by our system on January 7, 2019. You can see...
Announcing packagecloud:enterprise 2.0!
Feb 26, 2018 | announcements
We’re excited to announce the release of our on-premises software packagecloud:enterprise 2.0! This new release includes a complete UI makeover, numerous performance improvements, support for Node.js packages and NPM registries, improved support for Android packages and much, much more. packagecloud:enterprise is run and managed by you, on your existing infrastructure, within your existing security...
Attacks against GPG signed APT repositories
Feb 21, 2018 | debian-guide
Updated January 22, 2019 to include a new remote code execution exploit. This blog post takes a closer look at some attacks against APT repositories outlined in the academic paper A Look In the Mirror: Attacks on Package Managers and how they apply to recent versions of APT software. It is a common misconception...
NPM registry internals
Jan 24, 2018 | npm-guide
This blog post dives in to the NPM registry metadata format and core APIs. We’ll cover the different metadata files that make up an NPM registry, what the files mean, and show how a user can inspect metadata using command lines tools. What is an NPM registry? An NPM registry is a collection of...
HOWTO: Inspect, Download and Extract NPM Packages
Jan 11, 2018 | npm-howto
This post outlines how to inspect the registry information of an NPM package using the npm view command, download an NPM package directly from a registry using the npm pack command, and extract the contents of the package tarball.
Announcing NPM registry support
Dec 27, 2017 | announcements
We are thrilled to announce that you can now upload Node.js packages to your packagecloud repositories! You can upload using npm publish, the packagecloud CLI or the packagecloud API. The NPM registry support added to packagecloud includes support for scoped Node.JS packages and the Yarn package manager right out of the box, with no...
Announcing Package Signing GPG Key Support
Jun 8, 2017 | announcements
You can now upload package signing GPG keys to packagecloud.io! Adding package signing keys will cause them to be automatically installed and prepared for use by users of your repositories. Your users will benefit from this feature because the package management system will now verify GPG signatures on the packages themselves using keys that...
Great Indian Developer Summit 2017 (GIDS 2017)
Apr 28, 2017 | talks-and-slides
These are the slides from Joe Damato’s talks at the Great Indian Developer Summit 2017 (GIDS 2017) titled: “Infrastructure as code might be literally impossible” and “All your network monitoring is (probably) wrong”. The talks cover: C, assembly, package managers, puppet, chef, scary stories, network monitoring, Linux and more!
All programmers MUST learn C and Assembly
Apr 21, 2017 | talks-and-slides
These are the slides from Joe Damato’s talk at Deconstruct 2017, titled “All programmers must learn C and Assembly.” This talk covers: C, assembly, system calls, operating systems, kernels, and more! Video Once Deconstruct posts videos, we’ll update this blog post! Slides
HOWTO: Private Maven Repositories
Mar 26, 2017 | maven-howto
This post will detail how to setup a private Maven repository in order to easily share Java, Scala, Clojure, and Android libraries with internal teams. Our example will use Jenkins CI to push an example library that will be used by an internal using Maven and an external team using Gradle. Overview As microservice...
HOWTO: Create debian repositories with reprepro
Mar 23, 2017 | debian-howto
This blog post will explain the steps needed for creating a Debian APT repository using command line tools. Quick start The fastest, easiest, and most secure way to create a Debian repository is to sign up at packagecloud.io. You will take advantage of numerous features like SSL and consistent APT repositories without needing to...
Extract python egg and python wheel
Mar 17, 2017 | python-howto
This post covers how to extract and list the contents of python eggs and python wheels on the command line. Extract python egg A python egg is a simple Zip file, so you can extract it using any program that reads Zip files: $ unzip /path/to/file.egg NOTE: You may need to rename the file...
Inspecting and extracting JAR files from the command line
Mar 15, 2017 | java-howto
This post covers how to extract and list the contents of JAR files using the command line. Extract JAR file $ jar xvf /path/to/file.jar Easy to use Maven repositories, free. Sign up! Extract JAR file without jar command line tool JAR files are Zip files but with a different name. You can use any...
Using strace to understand a 10x Java performance improvement
Mar 14, 2017 | maven-howto
In this blog post, we’ll examine the UseLinuxPosixThreadCPUClocks command line flag to the JVM. Starting in a patch update of the Sun JVM 1.6, the default value of this switch was changed to true, yielding a nice performance boost, roughly 10x in our test. Users of more recent JVMs get this behavior by default,...
How does a maven repository work?
Mar 9, 2017 | maven-guide
Similar to our APT Repository Internals and YUM Repository Internals posts, this post aims to illustrate the inner workings of a Maven repository. Read on if you have ever been curious as to how mvn compile figures out which dependencies to download and how to retrieve them in order to build your project.
Two frequently used system calls are ~77% slower on AWS EC2
Mar 8, 2017 | linux
This blog post dives into an interesting finding: two frequently used system calls (gettimeofday, clock_gettime) are much slower on AWS EC2. Linux provides a mechanism for speeding up those two frequently used system calls by implementing the system call code in userland and avoiding the switch to the kernel entirely. This is done via...
Micro-optimizations matter: preventing 20 million system calls
Mar 6, 2017 | linux
This blog post is a followup on our previous post How setting the TZ environment variable avoids thousands of system calls. In this post, we’ll explore a particularly prominent case where a micro-optimization (like removing a system call in a hot path) had a drastic effect on software performance.
Announcing Android AAR Support
Feb 22, 2017 | announcements
You can now upload your Android projects (AAR files) to packagecloud.io! Easily share them publicly or privately. Read on to find out the different ways to upload, download, and depend on AAR files. How to upload AAR files There are various ways to upload your Android project files to packagecloud.io. You can use Gradle/Maven...
How setting the TZ environment variable avoids thousands of system calls
Feb 21, 2017 | linux
This blog post explains how setting an environment variable can save thousands (or in some cases, tens of thousands) of unnecessary system calls that can be generated by glibc over small periods of time. This has been tested on Ubuntu Precise (12.04) and Ubuntu Xenial (16.04). It likely applies to other flavors of Linux,...
Monitoring and Tuning the Linux Networking Stack: Sending Data
Feb 6, 2017 | linux
This blog post explains how computers running the Linux kernel send packets, as well as how to monitor and tune each component of the networking stack as packets flow from user programs to network hardware.
Continuous Delivery of Python Applications using Travis CI and packagecloud
Jan 17, 2017 | python-howto
This post will go through the steps needed to implement an automated software pipeline for Python packages. On every tagged commit pushed to Github, Travis CI will automatically build this project and push it to packagecloud.
HOWTO: Build debian packages for simple shell scripts
Dec 15, 2016 | debian-howto
This post goes over the creation of a debian package containing shell scripts using dh_make and debuild. Starting from structuring the packaging directory to building the final debian package, this tutorial covers the process of creating a debian package with just a few simple steps.
Announcing package promotion: easily move packages between repositories
Nov 21, 2016 | announcements
We’re excited to announce that we’ve added support for package promotion, which allows repository owners and collaborators to easily move packages between repositories! This feature can be used via the package promote API or via the package_cloud command line tool.
Debugging SSL in Java using mitmproxy
Nov 14, 2016 | maven-howto
In this post we’ll go over setting up the popular mitmproxy tool on an external host and configuring your Java programs to proxy traffic through it, allowing you to debug misbehaving HTTP clients and libraries.
Announcing official support for zypper
Oct 17, 2016 | announcements
Summary We’re excited to announce that we’ve added official support for zypper, the package manager that is widely used on openSUSE and SUSE Enterprise Linux Server (SLES)! Create a package repository in less than 10 seconds, free. Sign up! Uploading packages To upload a package for openSUSE or SLES you can either upload via our...
APT 1.2.10 backport for Ubuntu Trusty (14.04) and Ubuntu Precise (12.04)
Oct 17, 2016 | debian-howto
Summary We’re excited to announce that we’ve backported APT 1.2.10 to Ubuntu Trusty (14.04) and Ubuntu Precise (12.04)! This version of APT includes a new feature called Acquire-by-hash which completely eliminates the “Hash sum mismatch” errors. You can read more about this APT feature on our blog. Create an APT repository in less than 10...
Illustrated Guide to Monitoring and Tuning the Linux Networking Stack: Receiving Data
Oct 11, 2016 | linux
This blog post expands on our previous blog post Monitoring and Tuning the Linux Networking Stack: Receiving Data with a series of diagrams aimed to help readers form a more clear picture of how the Linux network stack works. Create a package repository in less than 10 seconds, free. Sign up! There are no...
Infrastructure as code might be literally impossible part 2
Sep 28, 2016 | talks-and-slides
These are the the slides from Joe Damato’s keynote at Automacon 2016, titled “Infrastructure as code might be literally impossible part 2”. This talk covers: package managers, ssl, linux, scary stories, and more! Slides
Fixing APT Hash Sum Mismatch: Consistent APT Repositories
Sep 27, 2016 | announcements
The APT repository metadata format is inherently racy. This bug makes it impossible to guarantee that: Frequently updated APT repositories will remain consistent for users Mirrors of APT repositories will be consistent A new feature has been added to APT 1.2.0 and newer to prevent this race condition. Support for this feature has been...
SBT SNAPSHOT Deploys and fatjar Support
Aug 22, 2016 | announcements
You can now deploy your Scala packages directly from SBT to your packagecloud repositories (including SNAPSHOT versions)! Also, we’ve released support for deployment JARs, also known as “fatjars” or “uberjars” to the packagecloud CLI! Read on to find out how to take advantage of these new features.
IPv6 access for all APT, YUM, Maven, PyPI, and RubyGem repositories
Aug 18, 2016 | announcements
IPv6 APT, YUM, PyPI, RubyGem and Maven package repositories We are pleased to announce that IPv6 support for packagecloud has now entered public beta! The changes have been rolled out site-wide. The website, all package repositories, and all API endpoints are now accessible with both IPv4 and IPv6. No changes are necessary for our users;...
Announcing Maven repository support
Jul 7, 2016 | announcements
packagecloud now fully supports public and private maven2 repositories! Deploy releases and SNAPSHOTs right from your favorite build tool: Maven, Gradle, or Leiningen!
Monitorama 2016: All of Your Networking Monitoring is (probably) wrong
Jun 29, 2016 | talks-and-slides
These are the slides from Joe Damato’s talk at Monitorama 2016 titled “All Your Networking Monitoring is (probably) Wrong”. This talk covers: parts of the Linux kernel, networking, and some tips and tricks for understanding and gathering network monitoring statistics.
- Page: 1 of 3 Next