Skip to content

no42-org/packyard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
.github
.github
 
 
aptly
aptly
 
 
auth
auth
 
 
backup
backup
 
 
deb
deb
 
 
docs
docs
 
 
rpm
rpm
 
 
rustfs
rustfs
 
 
scripts
scripts
 
 
src
src
 
 
static
static
 
 
tests
tests
 
 
traefik
traefik
 
 
zot
zot
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASING.md
RELEASING.md
 
 
compose.override.arm64.yml
compose.override.arm64.yml
 
 
compose.override.ci.yml
compose.override.ci.yml
 
 
compose.override.dev.yml
compose.override.dev.yml
 
 
compose.yml
compose.yml
 
 
docusaurus.config.ts
docusaurus.config.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sidebars.ts
sidebars.ts
 
 
tsconfig.json
tsconfig.json
 
 
verify.sh
verify.sh
 
 

Repository files navigation

Packyard

Packyard is a self-hosted, authenticated distribution platform for LTS releases. It serves RPM, DEB, and OCI packages behind subscription key authentication, with a promotion pipeline that signs and publishes artifacts from CI.

Architecture

Subscriber
    │
    ▼
Traefik (TLS termination, forwardAuth, routing)
    │
    ├── /rpm/   → nginx (RPM repodata + packages)
    ├── /deb/   → nginx → Aptly (signed DEB snapshots)
    ├── /oci/   → Zot (OCI registry, cosign signatures)
    ├── /gpg/   → nginx (public keys — unauthenticated)
    └── /api/   → auth service (admin API, internal :8088)
         │
         └── auth service (forwardAuth + key management)
                  │
                  └── SQLite (subscription key store)

Promotion pipeline (GitHub Actions):
    RustFS (staging) → sign → publish → rpm/deb/zot

Services:

Service Image Role
traefik traefik:3.6.12 TLS, routing, forwardAuth middleware
auth built from ./auth Subscription key validation, admin API, Prometheus metrics
rpm built from ./rpm nginx serving signed RPM repos
deb nginx:alpine nginx serving Aptly-published DEB repos
zot ghcr.io/project-zot/zot-linux-amd64:v2.1.2 OCI registry with cosign signatures
aptly ghcr.io/no42-org/packyard-aptly:1.6.2 DEB repo management and signing (multi-arch)
rustfs rustfs/rustfs:latest S3-compatible staging storage for promotion pipeline
static nginx:alpine Public GPG/cosign key hosting
backup keinos/sqlite3:latest Daily SQLite backup of the key store

Documentation

Full documentation: https://no42-org.github.io/packyard/

Local Development

Requires Docker Compose v2, curl, jq.

git clone https://github.com/no42-org/packyard.git
cd packyard
bash verify.sh

See Getting Started for the full walkthrough.

Repository Layout

auth/               Go service — subscription key auth + admin API
aptly/              Aptly configuration and DEB repo scripts
deb/                nginx configuration for DEB serving
rpm/                nginx + createrepo_c for RPM serving
zot/                Zot OCI registry configuration
traefik/            Traefik static and dynamic configuration
rustfs/             RustFS staging storage configuration
static/             Public static files (GPG/cosign keys)
scripts/            Operator scripts (backup, stage-artifact, health-check)
docs/ops/           Operational runbooks
tests/e2e/          End-to-end subscriber tests (RPM, DEB, OCI, observability)
tests/load/         k6 load tests for NFR validation
.github/workflows/  Promotion pipeline (RPM, DEB, OCI)

About

Packyard — An Open Source package delivery framework for LTS releases

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.2.0 — Component Visibility Latest
Apr 14, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages