Lib.rs

Web programmingHTTP server | Network programming
#debian #proxy #apt #ubuntu #github

bin+lib inapt

A minimal Debian/Ubuntu APT repository proxy written in Rust. Exposes a valid APT repo structure over HTTP, sourcing .deb packages from GitHub Releases.

by Jérémie Drouet

9 releases

Uses new Rust 2024

0.1.8 Oct 5, 2025
0.1.7 Oct 5, 2025
0.1.0 Sep 29, 2025

#210 in HTTP server

Download history 179/week @ 2025-09-26 574/week @ 2025-10-03 64/week @ 2025-10-10 5/week @ 2025-10-17

822 downloads per month

AGPL-3.0

1MB
2.5K SLoC

Contains (debian package, 270KB) resources/curl_8.14.1-2_amd64.deb, (debian package, 265KB) resources/curl_8.14.1-2_arm64.deb, (debian package, 77KB) resources/htop_2.0.1-1ubuntu1_amd64.deb, (debian package, 89KB) zlib1g_1.3.dfsg+really1.3.1-1+b1_amd64.deb, (debian package, 86KB) zlib1g_1.3.dfsg+really1.3.1-1+b1_arm64.deb

inapt

A minimal Debian/Ubuntu APT repository proxy written in Rust. It exposes a valid APT repo structure over HTTP but sources .deb packages directly from GitHub Release assets. Useful for distributing packages without hosting your own artifact storage.

⚠️ The following readme is a goal, it's not yet implemented...

Features

  • Exposes a Debian repository structure over HTTP:
    • dists/<suite>/Release
    • dists/<suite>/<component>/binary-<arch>/Packages(.gz)
    • pool/main/.../*.deb
  • Dynamically builds Packages and Release from GitHub Release assets.
  • 302 redirects .deb downloads to GitHub (leverages GitHub CDN).
  • Supports multiple repositories (via REPOS=owner1/repo1,owner2/repo2).
  • Caches results in memory (configurable TTL).
  • Extracts control metadata from .deb to generate proper Packages entries.

⚠️ Signing (InRelease/Release.gpg) is not yet implemented.

Quick Start

  1. Clone & configure
git clone https://github.com/jdrouet/inapt.git
cd inapt

Edit .env to list the GitHub repos you want to expose, e.g.:

REPO_ORIGIN=My Origin
REPO_LABEL=Debian
REPO_SUITE=sable
REPO_VERSION=1.2.3
REPO_CODENAME=cucumber
REPO_DESCRIPTION=How you want to describe it
REPO_REPOSITORIES=myorg/myproject
  1. Run
cargo run

The proxy listens on 0.0.0.0:3000 by default.

  1. Configure APT client

For now, you must trust the repo (unsigned):

echo "deb [trusted=yes] http://localhost:3000 stable main" | sudo tee /etc/apt/sources.list.d/inapt.list
sudo apt update

Then you can install packages from your proxied repos:

sudo apt install mypackage

Configuration

The server is configured through environment variables:

Variable Description Default
REPO_REPOSITORIES Comma-separated owner/repo list to scan for releases
REPO_SUITE Distribution codename (e.g., stable) stable
GITHUB_TOKEN Optional token (higher rate limit, private repos) none

Roadmap

  • Add GPG signing for Release → InRelease.
  • ETag/If-None-Match against GitHub API for better efficiency.
  • On-disk cache of package metadata to avoid re-downloading assets.
  • Add by-hash support (by-hash/SHA256/...).
  • Multiple suites/components support.
  • Range proxy mode for private repositories (instead of redirect).

License

This project is licensed under the AGPL-3.0.

For companies or organizations that wish to use this software in a commercial context without the obligations of the AGPL, a commercial license is available. Please contact us at contact@jdrouet.fr for details.

Status

Draft/experimental. Tested with apt on Debian/Ubuntu for basic package installs. Needs signing and caching improvements for production use.

Dependencies

~27–48MB
~724K SLoC