OS package registry (Ubuntu, Debian, Alpine)

Many applications and build dependencies are installed from your operating system's package repository, for example in a Dockerfile:

RUN apt update && apt install -y curl

When you aim for reliable and stable builds this is problematic:

  1. This will install the latest version of the package. These package registries constantly update, and the command above will install the version of curl that was available whenever the container was built. This makes it impossible to have deterministic builds: packages will change whenever the build cache is empty (e.g. when you add a new build server); and your developers will all have a different set of packages, depending on when they built their containers.

  2. Packages might be removed. E.g. Chromium used to be available on Ubuntu through apt, but was removed in favor of a snap version (which you can't easily install in a container).

  3. Pinning of packages does not work, as older versions of packages are actively deleted from package registries. E.g.: apt install -y curl=7.68.0-1ubuntu2.20 Might work today, but will fail when a new version of curl is released.

StableBuild solves all of these problems by creating a daily copy of the complete Ubuntu, Debian and Alpine Linux package registries - plus the most popular registries operated by others. You can thus pin your package list to a specific date, and this will return the exact same packages, regardless whether packages were modified or removed upstream. Example for Ubuntu:

ARG SB_API_KEY=your-api-key
ARG APT_PIN_DATE=2023-11-10T10:40:01Z

# Configure your OS to use StableBuild as the package registry
COPY ./sb-apt.sh /opt/sb-apt.sh
RUN bash /opt/sb-apt.sh load-apt-sources ubuntu

# Install your packages as usual, this'll always install curl 7.68.0 
RUN apt update && apt install -y curl

We have daily copies going back to Sept. 6, 2023 (Ubuntu/Debian) and Dec. 17, 2023 (Alpine). You can browse the registry here: http://debmirror.stablebuild.com/.

And that's it. Your package list is now stable and reliable. 🎉

What repositories are you mirroring?

The following repositories are mirrored:

Ubuntu

  • Official Ubuntu package repository for Ubuntu 18.04, 20.04 and 22.04, for amd64, arm64 and armhf.

  • Nvidia CUDA repository for Ubuntu 18.04, 20.04 and 22.04, for amd64 and arm64.

  • Deadsnakes PPA (with up-to-date Python versions) for Ubuntu 18.04, 20.04 and 22.04, for amd64, arm64 and armhf.

  • NodeSource PPA (with up-to-date Node.js versions) for Ubuntu 18.04, 20.04 and 22.04, for amd64, arm64 and armhf.

  • Docker CE PPA (with the Docker community edition) for Ubuntu 18.04, 20.04 and 22.04, for amd64, arm64 and armhf.

  • Chromium (from the official Debian package repository) for Ubuntu 18.04, 20.04 and 22.04, for amd64 and arm64.

Debian

Alpine Linux

You can easily configure which sources to load in the dashboard. Select your operating system in the navigation bar, and then follow the instructions in the UI.

We're happy to mirror any other (publicly available) repositories. Just email us at support@stablebuild.com and we'll add them.

How about existing artifict management tools?

Existing artifact management tools try to deal with this problem by looking at all the packages that would be installed, downloading and mirroring the corresponding .deb or .apk files, and then installing those files instead of using the package manager. That works, but is problematic on a few levels:

  1. When you want to modify your package list. E.g. you have curl 7.65 in cache. Months later you want to add a new package, but it's not in the cache yet, and the current version is dependent on curl 7.69 (and old versions are removed from the registry). Now you also need to update your existing package list - which might break your application.

  2. When you want to move architectures. You have x86 packages cached, but now your developers are switching to macOS. You don't have the aarch64 packages in cache, so need to fully update all dependencies.

Because StableBuild has the complete historic package registry this is not an issue. You just add the new package to your apt install list and the version compatible with curl 7.65 will be fetched. And because we mirror all architectures, you can run the same command on aarch64 or armv7 - and get the same package list back for that architecture.

Application specific notes

Installing Chromium on Ubuntu

Chromium used to be available through apt on Ubuntu systems, but now throws:

Command '/usr/bin/chromium-browser' requires the chromium snap to be installed.
Please install it with:

snap install chromium

StableBuild fixes this by installing the apt-compatible version of Chromium from the Debian registry. Under 'Which package repositories to include', choose "Chromium" and follow the instructions. Afterwards you can install Chromium again via apt (ran on Ubuntu 20.04):

$ apt install -y chromium
...
$ chromium --version
Chromium 120.0.6099.224 built on Debian 11.8, running on Debian bullseye/sid

The exact version of Chromium depends on the pin date.

For example:

To install chromedriver, for example to run integration tests, run:

$ apt install -y chromium-driver
...
$ chromedriver --version
ChromeDriver 120.0.6099.224 (3587067cafd6f5b1e567380acb485d96e623ef39-refs/branch-heads/6099@{#1761})

Tips & tricks

Manually changing apt sources

You don't need to use sb-apt.sh. You can also manually update your sources.list files. Sources lines typically look like this:

deb [trusted=yes] http://your-domain.debmirror.stablebuild.com/2023-11-19T10:40:01Z/archive.ubuntu.com/ubuntu/ focal main restricted

Easiest is to open sb-apt.sh in your favourite editor, and you'll see how we add the source lines for all supported repositories.

PreviousPinning your first containerNextDocker mirror

Last updated