reprepro --help

       reprepro [ options ] command [ per-command-arguments ]

       reprepro is a tool to manage a repository  of  Debian  packages  (.deb,
       .udeb,  .dsc,  ...).  It stores files either being injected manually or
       downloaded from some other repository (partially) mirrored into a pool/
       hierarchy.   Managed  packages  and  checksums of files are stored in a
       Berkeley DB database file, so no database server is  needed.   Checking
       signatures of mirrored repositories and creating signatures of the gen-
       erated Package indices is supported.

       Former working title of this program was mirrorer.

       Options can be specified before the command. Each affects  a  different
       subset of commands and is ignored by other commands.

       -h --help
              Displays a short list of options and commands with description.

       -v, -V, --verbose
              Be more verbose. Can be applied multiple times. One uppercase -V
              counts as five lowercase -v.

              Be less verbose. Can be applied multiple times. One -v  and  one
              -s cancel each other out.

       -f, --force
              This option is ignored, as it no longer exists.

       -b, --basedir basedir
              Sets the base-dir all other default directories are relative to.
              If none is supplied and the REPREPRO_BASE_DIR environment  vari-
              able is not set either, the current directory will be used.

       --outdir outdir
              Sets  the  base-dir  of the repository to manage, i.e. where the
              pool/ subdirectory resides. And in which the dists/ directory is
              placed by default.  If this starts with '+b/', it is relative to

              The default for this is basedir.

       --confdir confdir
              Sets the directory where the configuration is searched in.

              If this starts with '+b/', it is relative to basedir.

              If none is given, +b/conf (i.e. basedir/conf) will be used.

              Warning: Beware when changing this forth and  back  between  two
              values not ending in the same directory.  Reprepro only looks if
              files it wants are there. If nothing of the content changed  and
              there  is a file it will not touch it, assuming it is the one it
              wrote last time, assuming any different --distdir ended  in  the
              same  directory.   So  either  clean  a directory before setting
              --distdir to it or do an export with the new one first to have a
              consistent state.

       --logdir logdir
              The  directory  where  files generated by the Log: directive are
              stored if they have no absolute path.

              If this starts with '+b/', it is relative to basedir, if  start-
              ing  with  '+o/'  relative  to  outdir,  with  '+c/' relative to

              If none is given, +b/logs (i.e. basedir/logs) is used.

       --dbdir dbdir
              Sets the directory where reprepro keeps its databases.

              If this starts with '+b/', it is relative to basedir, if  start-
              ing  with  '+o/'  relative  to  outdir,  with  '+c/' relative to

              If none is given, +b/db (i.e. basedir/db) is used.

              Note: This is permanent data, no cache. One has almost to regen-
              erate the whole repository when this is lost.

       --listdir listdir
              Sets  the directory where downloads it downloads indices to when
              importing from other repositories. This is  temporary  data  and
              can be safely deleted when not in an update run.

              If  this starts with '+b/', it is relative to basedir, if start-
              ing with '+o/'  relative  to  outdir,  with  '+c/'  relative  to

              If none is given, +b/lists (i.e. basedir/lists) is used.

       --morguedir morguedir
              Files deleted from the pool are stored into morguedir.

              If  this starts with '+b/', it is relative to basedir, if start-
              ing with '+o/'  relative  to  outdir,  with  '+c/'  relative  to

              If none is given, deleted files are just deleted.

       --methoddir methoddir
              Look in methoddir instead of /usr/lib/apt/methods for methods to

       -A, --architecture architectures
              Limit  the  specified command to this architectures only.  (i.e.
              only list such packages, only remove packages from the specified
              architectures,  or  otherwise only look at/act on this architec-
              tures depending on the specific command).

              Multiple architectures are specified by separating them with  |,
              as in -A 'sparc|i386'.

              Note  that  architecture  all  packages  can be included to each
              architecture but are then handled separately.  Thus by using  -A
              in  a  specific way one can have different versions of an archi-
              tecture all package in different architectures of the same  dis-

       -T, --type dsc|deb|udeb
              Limit  the  specified  command to this packagetypes only.  (i.e.
              only list such packages, only remove such packages, only include
              such packages, ...)

       -S, --section section
              Overrides  the  section  of  inclusions. (Also override possible
              override files)

       -P, --priority priority
              Overrides the priority of inclusions.  (Also  override  possible
              override files)

              This option specify whether and how the high level actions (e.g.
              install, update, pull, delete) should export the index files  of
              the distributions they work with.

              In  this  mode  every  distribution  the  action handled will be
              exported, unless there was an error possibly corrupting it.
              Note that only missing files and files  whose  intended  content
              changed between before and after the action will be written.  To
              get a guaranteed current export, use the export action.
              For backwards compatibility, lookedat is  also  available  under
              the  old name normal.  The name normal is deprecated and will be
              removed in future versions.

              In  this  mode  every  distribution  actually  changed  will  be
              exported,  unless  there  was  an  error possibly corrupting it.
              (i.e. if nothing changed, not even missing files  will  be  cre-
              Note  that  only  missing files and files whose intended content
              changed between before and after the action will be written.  To
              get a guaranteed current export, use the export action.

              Always  export  all  distributions  looked at, even if there was

              When  running  update,  checkupdate or predelete do not download
              any Release or index files.  This is hardly useful  except  when
              you  just  run  one of those command for the same distributions.
              And even then reprepro is usually good in not downloading except
              Release and Release.gpg files again.

              If nothing was done, return with exitcode 1 instead of the usual

              Note that "nothing was done" means the primary  purpose  of  the
              action in question.  Auxillary actions (opening and closeing the
              database, exporting missing files with  --export=lookedat,  ...)
              usually  do  not  count.   Also  note that this is not very well
              tested.  If you find an action that claims to  have  done  some-
              thing in some cases where you think it should not, please let me

              Do not delete temporary .new files when exporting a distribution
              fails.  (reprepro first create .new files in the dists directory
              and only if everything is generated,  all  files  are  put  into
              their  final place at once.  If this option is not specified and
              something fails, all are deleted to keep dists clean).

              Do not delete files that are no longer used because the  package
              they  are from is deleted/replaced with a newer version from the
              last distribution it was in.

              The  include,  includedsc,  includedeb  and  processincoming  by
              default  delete  any  file  they  added  to the pool that is not
              marked used at the end of the operation.  While this  keeps  the
              pool  clean and allows changing before trying to add again, this
              needs copying and checksum calculation every time one  tries  to
              add a file.

              Do  not  try to rmdir parent directories after files or directo-
              ries have been removed from them.  (Do this if your  directories
              have  special  permissions  you  want  keep,  do  not want to be
              pestered with warnings about errors to remove them,  or  have  a
              buggy rmdir call deleting non-empty directories.)

              Ask  for passphrases when signing things and one is needed. This
              is a quick and dirty  implementation  using  the  obsolete  get-
              pass(3) function with the description gpgme is supplying. So the
              prompt will look quite funny and support  for  passphrases  with
              more  than  8  characters  depend on your libc.  I suggest using
              gpg-agent or something like that instead.

              out instantly.

       --spacecheck full|none
              The default is full:
              In the update commands, check for every to  be  downloaded  file
              which filesystem it is on and how much space is left.
              To disable this behaviour, use none.

       --dbsafetymargin bytes-count
              If  checking  for  free  space,  reserve byte-count bytes on the
              filesystem  containing  the  db/  directory.   The  default   is
              104857600  (i.e.  100MB), which is quite large.  But as there is
              no way to know in advance how large the databases will grow  and
              libdb  is  extremely  touchy in that regard, lower only when you
              know what you do.

       --safetymargin bytes-count
              If checking for free space, reserve byte-count bytes on filesys-
              tems  not  containing the db/ directory.  The default is 1048576
              (i.e. 1MB).

              Don't set the environment variable GPG_TTY, even when it is  not
              set,  stdin  is  terminal and /proc/self/fd/0 is a readable sym-
              bolic link.

              Set the GNUPGHOME evnironment variable to the given directory as
              argument  to this option.  And your gpg will most likely use the
              content of this variable instead of "~/.gnupg".  Take a look  at
              gpg(1)  to  be sure.  This option in the command line is usually
              not very useful, as it is possible to set the environment  vari-
              able  directly.  Its main reason for existance is that it can be
              used in conf/options.

       --gunzip gz-uncompressor
              While reprepro links against libz, it will look for the  program
              given  with  this  option  (or gunzip if not given) and use that
              when uncompressing index files  while  downloading  from  remote
              repositories.  (So that downloading and uncompression can happen
              at the same time).  If the program is not found or is NONE (all-
              uppercase)  then  uncompressing  will  always  be done using the
              built in uncompression method.  The program has  to  accept  the
              compressed  file  as  stdin and write the uncompressed file into

       --bunzip2 bz2-uncompressor
              When uncompressing downloaded index files  or  when  not  linked
              against libbz2 reprepro will use this program to uncompress .bz2
              files.  The default value is bunzip2.  If  the  program  is  not
              found  or is NONE (all-uppercase) then uncompressing will always
              be done using the built in uncompression method or not be possi-
              ble  when  not linked against libbz2.  The program has to accept
              the compressed file as stdin and  write  the  uncompressed  file
              gram  will  be used.  The default value is unxz.  If the program
              is not found or is NONE (all-uppercase)  then  uncompressing  xz
              files  will not be possible.  The program has to accept the com-
              pressed file as stdin and write the uncompressed file into  std-

       --lunzip lzip-uncompressor
              When  trying  to  uncompress or read lzip compressed files, this
              program will be used.  The default value is lunzip.  If the pro-
              gram  is not found or is NONE (all-uppercase) then uncompressing
              lz files will not be possible.  The program has  to  accept  the
              compressed  file  as  stdin and write the uncompressed file into

       --list-max count
              Limits the output of list, listmatched  and  listfilter  to  the
              first count results.  The default is 0, which means unlimited.

       --list-skip count
              Omitts  the  first  count results from the output of list, list-
              matched and listfilter.

       --list-format format
              Set the output format of list, listmatched and  listfilter  com-
              mands.   The  format  is  similar  to dpkg-query's --showformat:
              fields are specified  as  ${fieldname}  or  ${fieldname;length}.
              Zero length or no length means unlimited.  Positive numbers mean
              fill with spaces right, negative fill with spaces left.

              \n, \r, \t, \0  are  new-line,  carriage-return,  tabulator  and
              zero-byte.   Backslash  (\) can be used to escape every non-let-

              The special field names $identifier, $architecture,  $component,
              $type, $codename denote where the package was found.

              The  special  field  names $source and $sourceversion denote the
              source  and  source  version  a  package  belongs   to.    (i.e.
              ${$source}  will either be the same as ${source} (without a pos-
              sible version in parentheses at the end) or the same as  ${pack-

              The  special  field  names $basename, $filekey and $fullfilename
              denote the first package file part of this entry  (i.e.  usually
              the  .deb, .udeb or .dsc file) as basename, as filekey (filename
              relative to the  outdir)  and  the  full  filename  with  outdir
              prepended  (i.e.  as  relative  or  absolute  as your outdir (or
              basedir if you did not set outdir) is).

              When --list-format is not given or NONE,  then  the  default  is
              equivalent to
              ${$identifier} ${package} ${version}\n.

              Escaping  digits or letters not in above list, using dollars not
              pleted  package  downloads  together with the size of completely
              downloaded packages.  (Repeating this option increases the  fre-
              quency of this output).

              The  pull  and  update  commands will skip every distribution in
              which one target loses more than 20% of  its  packages  (and  at
              least 10).

              Using this option (or putting it in the options config file) can
              avoid removing large quantities of  data  but  means  you  might
              often give --noonlysmalldeletes to override it.

       --restrict src[=version|:type]
              Restrict  a  pull or update to only act on packages belonging to
              source-package src.  Any  other  package  will  not  be  updated
              (unless  it matches a --restrict-bin).  Only packages that would
              otherwise be updated or are at least marked with hold in a  Fil-
              terList or FilerSrcList will be updated.

              The  action  can be restricted to a source version using a equal
              sign or changed to another type (see FilterList) using a colon.

              This option can be given multiple times to list  multiple  pack-
              ages,  but  each package may only be named once (even when there
              are different versions or types).

       --restrict-binary name[=version|:type]
              Like --restrict  but  restrict  to  binary  packages  (.deb  and
              .udeb).   Source packages are not upgraded unless they appear in
              a --restrict.

       --restrict-file filename
              Like --restrict but read a whole file in the FilterSrcList  for-

       --restrict-file-bin filename
              Like --restrict-bin but read a whole file in the FilterList for-

       --endhook hookscript

              Run the specified hookscript once reprepro exits.  It  will  get
              the  usual  REPREPRO_*  environment variables set (or unset) and
              additionally a variable REPREPRO_EXIT_CODE that is the exit code
              with which reprepro would have exited (the hook is always called
              once the initial parsing of global options and the command  name
              is  done,  no matter if reprepro did anything or not).  Reprepro
              will return to the calling process with  the  exitcode  of  this
              script.   Reprepro  has closed all its databases and removed all
              its locks, so you can run reprepro again in this script  (unless
              someone else did so in the same repository before, of course).

              The  only  advantage  over  running that command always directly
                   exit "$REPREPRO_EXIT_CODE"

               echo "congratulations, reprepro with arguments: $*"
               echo "seems to have run successfully.  REPREPRO_  part  of  the
              environment is:"
               set | grep ^REPREPRO_

               exit 0

       --outhook hookscript
              hookscript is called with a .outlog file as argument (located in
              logdir) containing a description of all changes made to outdir.

              The script is supposed to be located relative to confdir, unless
              its  name  starts  with /, ./, +b/, +o/, or +c/ and the name may
              not start (except in the cases given before) with a +.

              For a format of the .outlog files generated for this script  see
              the manual.html shiped with reprepro.

       export [ codenames ]
              Generate all index files for the specified distributions.

              This  regenerates  all files unconditionally.  It is only useful
              if you want to be sure dists is up  to  date,  you  called  some
              other  actions  with --export=never before or you want to create
              an initial empty but fully equipped dists/codename directory.

        [ --delete ] createsymlinks [ codenames ]
              Creates suite symbolic links in the dists/-directory pointing to
              the corresponding codename.

              It  will  not create links, when multiple of the given codenames
              would be linked from the same suite name, or if the link already
              exists  (though  when  --delete  is given it will delete already
              existing symlinks)

       list codename [ packagename ]
              List all packages (source and binary, except when -T  or  -A  is
              given)  with the given name in all components (except when -C is
              given) and architectures (except when -A is given) of the speci-
              fied  distribution.   If  no  package name is given, list every-
              thing.  The format of the output can be changed with --list-for-
              mat.   To  only  get  parts  of  the  result, use --list-max and

       listmatched codename glob
              as list, but does not list a single package,  but  all  packages
              matching  the given shell-like glob.  (i.e. *, ? and [chars] are

              with an exclamation mark '!' (meaning not), a  pipe  symbol  '|'
              (meaning or) and a comma ',' (meaning and).  Additionally paren-
              theses can be used to change binding (otherwise '!'  binds  more
              than '|' than ',').

              The values given in the search expression are directly alphabet-
              ically compared to the headers in  the  respective  index  file.
              That  means  that each part Fieldname (cmp value) of the formula
              will be true for exactly those package that have in the  Package
              or  Sources  file  a line starting with fieldname and a value is
              alphabetically cmp to value.

              Additionally since reprepro 3.11.0, '%' can be used as  compari-
              son  operator, denoting matching a name with shell like wildcard
              (with '*', '?' and '[..]').

              The special field names starting with '$' have  special  meaning
              (available since 3.11.1):


              The  version  of  the package, comparison is not alphabetically,
              but as Debian version strings.


              The source name of the package.


              The source version of the package.


              The architecture the package is in (listfilter)  or  to  be  put


              The component the package is in (listfilter) or to be put into.


              The packagetype of the package.


              reprepro  -b  .  listfilter test2 'Section (== admin)' will list
              all packages in distribution test2 with a Section field and  the
              value of that field being admin.

              reprepro  -b  .  -T  deb  listfilter test2 'Source (== blub) | (
              !Source , Package (== blub) )' will find all .deb Packages  with
              either  a  Source  field  blub  or no Source field and a Package

       ls package-name
              List the versions of the the specified package in all  distribu-

       lsbycomponent package-name
              Like ls, but group by component (and print component names).

       remove codename package-names
              Delete  all  packages  in  the specified distribution, that have
              package name listed as argument.  (i.e. remove all packages list
              with  the  same arguments and options would list, except that an
              empty package list is not allowed.)

              Note that like any other operation removing or replacing a pack-
              age,  the  old  package's files are unreferenced and thus may be
              automatically deleted if this was their last  reference  and  no
              --keepunreferencedfiles specified.

       removematched codename glob
              Delete  all  packages  listmatched with the same arguments would

       removefilter codename condition
              Delete all packages listfilter with  the  same  arguments  would

       removesrc codename source-name [version]
              Remove all packages in distribution codename belonging to source
              package source-name.  (Limited to those with source version ver-
              sion if specified).

              If  package  tracking is activated, it will use that information
              to find the packages, otherwise it traverses all package indices
              for the distribution.

       removesrcs codename source-name[=version] ...
              Like  removesrc,  but  can  be  given  multiple source names and
              source versions must be specified by appending '=' and the  ver-
              sion to the name (without spaces).

       update [ codenames ]
              Sync  the  specified distributions (all if none given) as speci-
              fied in the config with their upstreams. See the description  of
              conf/updates below.

       checkupdate [ codenames ]
              Same  like  update, but will show what it will change instead of
              actually changing it.

       dumpupdate [ codenames ]
              Same like checkupdate, but less suiteable for  humans  and  more
              suitable for computers.

              Delete all files in listdir (default basedir/lists) that do  not
              belong  to any update rule for any distribution.  I.e. all files
              are deleted in that directory that no update command in the cur-
              rent  configuration can use.  (The files are usually left there,
              so if they are needed again they do not need  to  be  downloaded
              again.  Though  in  many easy cases not even those files will be

       pull [ codenames ]
              pull in newer packages into the specified distributions (all  if
              none  given)  from  other  distributions in the same repository.
              See the description of conf/pulls below.

       checkpull [ codenames ]
              Same like pull, but will show what it  will  change  instead  of
              actually changing it.

       dumppull [ codenames ]
              Same  like  checkpull,  but  less  suiteable for humans and more
              suitable for computers.

       includedeb codename .deb-filename
              Include the given binary Debian package (.deb) in the  specified
              distribution,  applying  override  information  and guessing all
              values not given and guessable.

       includeudeb codename .udeb-filename
              Same like includedeb, but for .udeb files.

       includedsc codename .dsc-filename
              Include the given Debian source package (.dsc,  including  other
              files  like .orig.tar.gz, .tar.gz and/or .diff.gz) in the speci-
              fied distribution, applying override  information  and  guessing
              all values not given and guessable.

              Note that .dsc files do not contain section or priority, but the
              Sources.gz file needs them.  reprepro tries to parse  .diff  and
              .tar  files  for it, but is only able to resolve easy cases.  If
              reprepro fails to  extract  those  automatically,  you  have  to
              either specify a DscOverride or give them via -S and -P

       include codename .changes-filename
              Include  in  the  specified  distribution all packages found and
              suitable in the .changes  file,  applying  override  information
              guessing all values not given and guessable.

       processincoming rulesetname [.changes-file]
              Scan  an incoming directory and process the .changes files found
              there.  If a filename is supplied, processing is limited to that
              file.   rulesetname  identifies  which rule-set in conf/incoming
              determines which incoming directory to use and in what distribu-
              tions  to  allow packages into.  See the section about this file
              Calculate  all  supported  checksums  for all files in the pool.
              (Versions prior to 3.3 did only store md5sums, 3.3  added  sha1,
              3.5 added sha256).

              Remove  the  legacy files.db file after making sure all informa-
              tion is also found in the new checksums.db file.  (Alternatively
              you  can  call  collecnewchecksums  and  remove the file on your

              Forget which files are needed and recollect this information.

              Print out which files are marked to be needed by whom.

              Print a list of all filed believed to be in the pool,  that  are
              not known to be needed.

              Remove  all known files (and forget them) in the pool not marked
              to be needed by anything.

       deleteifunreferenced [ filekeys ]
              Remove the given files (and forget them) in the pool if they are
              not marked to be used by anything.  If no command line arguments
              are given, stdin is read and every line treated as one  filekey.
              This  is  mostly  useful  together  with  --keepunreferenced  in
              conf/options or in situations where one does  not  want  to  run
              deleteunreferenced,  which  removes  all  files  eligible  to be
              deleted with this command.

       reoverride [ codenames ]
              Reapply the override files to the given distributions  (Or  only
              parts thereof given by -A,-C or -T).

              Note:  only  the control information is changed. Changing a sec-
              tion to a value,  that  would  cause  another  component  to  be
              guessed, will not cause any warning.

       redochecksums [ codenames ]
              Readd  the  information  about  file  checksums  to  the package

              Usually the package's control information is created  at  inclu-
              sion  time  or  imported from some remote source and not changed
              later.  This command  modifies  it  to  readd  missing  checksum

              Only checksums already known are used.  To update known checkums
              about files run collectnewchecksums first.

       dumptracks [ codenames ]
              kept  because of tracking mode keep and files not otherwise used
              but kept due to includechanges or its relatives.  Before version
              3.0.0 such files were lost by running retrack).

       removealltracks [ codenames ]
              Removes  all  source  package tracking information for the given

       removetrack   codename   sourcename   version
              Remove the trackingdata of the given version of  a  given  sour-
              cepackage  from a given distribution. This also removes the ref-
              erences for all used files.

       tidytracks [ codenames ]
              Check all source package tracking information for the given dis-
              tributions for files no longer to keep.

       copy destination-codename source-codename packages...
              Copy  the  given packages from one distribution to another.  The
              packages are copied verbatim, no override files  are  consulted.
              Only  components and architectures present in the source distri-
              bution are copied.

       copysrc destination-codename source-codename source-package [versions]
              look at each package (where package means, as usual, every pack-
              age  be  it  dsc,  deb or udeb) in the distribution specified by
              source-codename and identifies the relevant source  package  for
              each.   All  packages matching the specified source-package name
              (and any version if specified) are copied  to  the  destination-
              codename  distribution.   The  packages  are copied verbatim, no
              override files are consulted.  Only components and architectures
              present in the source distribution are copied.

       copymatched destination-codename source-codename glob
              Copy packages matching the given glob (see listmatched).

              The  packages  are  copied  verbatim, no override files are con-
              sulted.  Only components and architectures present in the source
              distribution are copied.

       copyfilter destination-codename source-codename formula
              Copy packages matching the given formula (see listfilter).  (all
              versions if no version is specified).  The packages  are  copied
              verbatim,  no override files are consulted.  Only components and
              architectures present in the source distribution are copied.

       restore codename snapshot packages...

       restoresrc codename snapshot source-epackage [versions]

       restorefilter destination-codename snapshot formula
              Like the copy commands, but do not copy from  another  distribu-
              tion, but from a snapshot generated with gensnapshot.  Note that
              this blindly trusts the contents of the  files  in  your  dists/
              Generate a snapshot of the distribution specified by codename in
              the directory dists/codename/snapshots/directoryname/ and refer-
              ence all needed files in the pool as needed by that.  No Content
              files are generated and no export hooks are run.

              Note that there is currently no automated  way  to  remove  that
              snapshot  again  (not  even clearvanished will unlock the refer-
              enced files after the distribution itself vanished).   You  will
              have  to  remove  the  directory  yourself  and tell reprepro to
              _removereferences s=codename=directoryname before deleteunrefer-
              enced will delete the files from the pool locked by this.

              To  access such a snapshot with apt, add something like the fol-
              lowing to your sources.list file:
              deb method://as/without/snapshot codename/snapshots/name main

       rerunnotifiers [ codenames ]
              Run all external scripts specified in the Log:  options  of  the
              specified distributions.

       build-needing codename architecture [ glob ]
              List source packages (matching glob) that likely need a build on
              the given architecture.

              List all source package in  the  given  distribution  without  a
              binary package of the given architecture built from that version
              of the source, without a .changes or .log  file  for  the  given
              architecture,  with  an Architecture field including any, os-any
              (with os being the part before the hyphen in the architecture or
              linux if there is no hypen) or the architecture and at least one
              package in the Binary field not yet available.

              If instead of architecture the term any is used,  all  architec-
              tures  are  iterated  and  the architecture is printed as fourth
              field in every line.

              If the architecture is all, then only source  packages  with  an
              Architecture  field  including all are considered (i.e. as above
              with real architectures but any does not  suffice).   Note  that
              dpkg-dev << 1.16.1 does not both set any and all so source pack-
              ages building both architecture dependent and independent  pack-
              ages  will  never  show  up  unless  built  with  a  new  enough

              Translate the file list cache within  db/contents.cache.db  into
              the new format used since reprepro 3.0.0.

              Make  sure  you  have  at least half of the space of the current
              db/contents.cache.db file size available in that partition.

       flood distribution [architecture]
              For each architecture of distribution (or for the one specified)
              add  architecture all packages from other architectures (but the

              There are mostly two use cases for this command: If you added an
              new architecture to an distribution and want to copy all  archi-
              tecture  all  packages to it.  Or if you included some architec-
              ture all packages only to some architectures using -A  to  avoid
              breaking  the  other architectures for which the binary packages
              were still missing and now want to copy it  to  those  architec-
              tures  were they are unlikely to break something (because a new-
              binary is already available).

       unusedsources [distributions]
              List all source packages for which no binary package build  from
              them is found.

       sourcemissing [distributions]
              List  all  binary  packages for which no source package is found
              (the source package must be in the same distribution, but source
              packages only kept by package tracking is enough).

       reportcruft [distributions]
              List all source package versions that either have a source pack-
              age and no longer a binary package or binary packages left with-
              out source package in the index. (Unless sourcemissing also list
              packages where the source package in only in  the  pool  due  to
              enabled tracking but no longer in the index).

       sizes [ codenames ]
              List  the size of all packages in the distributions specified or
              in all distributions.

              Each row contains 4 numbers, each being a number of bytes  in  a
              set  of  packages,  which are: The packages in this distribution
              (including anything only kept because of tracking), the packages
              only  in  this distribution (anything in this distribution and a
              snapshot of this distribution counts as only in  this  distribu-
              tion),  the packages in this distribution and its snapshots, the
              packages only in this distribution or its snapshots.

              If more than one distribution is selected, also list  a  sum  of
              those (in which 'Only' means only in selected ones, and not only
              only in one of the selected ones).

       repairdescriptions [ codenames ]
              Look for binary packages only having a short description and try
              to  get the long description from the .deb file (and also remove
              a possible Description-md5 in this case).

   internal commands
       These are hopefully never needed, but allow manual intervention.  WARN-
       ING:  Is  is  quite  easy  to get into an inconsistent and/or unfixable

       _detect [ filekeys ]
              Look for the files, which filekey is given as argument or  as  a

              Print a list of all known files and their recorded checksums.

              alias for the newer

              Add information of known files (without any check done)  in  the
              strict format of _listchecksums output (i.e. don't dare to use a
              single space anywhere more than needed).

       _dumpcontents identifier
              Printout all the stored information of the specified part of the
              repository.  (Or  in  other words, the content the corresponding
              Packages or Sources file would get)

       _addreference filekey identifier
              Manually mark filekey to be needed by identifier

       _addreferences identifier [ filekeys ]
              Manually mark one or more filekeys to be needed  by  identifier.
              If  no command line arguments are given, stdin is read and every
              line treated as one filekey.

       _removereferences identifier
              Remove all references what is needed by identifier.

       __extractcontrol .deb-filename
              Look what reprepro believes to be the  content  of  the  control
              file of the specified .deb-file.

       __extractfilelist .deb-filename
              Look what reprepro believes to be the list of files of the spec-
              ified .deb-file.

       _fakeemptyfilelist filekey
              Insert an empty filelist for filekey. This is a evil hack around
              broken .deb files that cannot be read by reprepro.

       _addpackage codenam filename packages...
              Add packages from the specified filename to part specified by -C
              -A and -T of the specified distribution.   Very  strange  things
              can happen if you use it improperly.

              List what compressions format can be uncompressed and how.

       __uncompress format compressed-file uncompressed-file
              Use  builtin  or external uncompression to uncompress the speci-
              fied file of the specified format into the specified target.

       _listconfidentifiers identifier [ distributions... ]
              Print - one per  line  -  all  identifiers  of  subdatabases  as

       reprepo  uses  three  config files, which are searched in the directory
       specified with --confdir or in the conf/ subdirectory of the basedir.

       If a file options exists, it is parsed line by line.  Each line can  be
       the  long  name of a command line option (without the --) plus an argu-
       ment, where possible.  Those are handled as if they were  command  line
       options  given  before (and thus lower priority than) any other command
       line option.  (and also lower priority than any environment variable).

       To allow command line options to override options  file  options,  most
       boolean options also have a corresponding form starting with --no.

       (The  only exception is when the path to look for config files changes,
       the options file will only opened once and of course before any options
       within the options file are parsed.)

       The  file  distributions  is always needed and describes what distribu-
       tions to manage, while updates is only needed when syncing with  exter-
       nal  repositories  and pulls is only needed when syncing with reposito-
       ries in the same reprepro database.

       The last three are in the format control files in Debian are  in,  i.e.
       paragraphs  separated  by  empty lines consisting of fields. Each field
       consists of a fieldname, followed by a colon, possible  whitespace  and
       the data. A field ends with a newline not followed by a space or tab.

       Lines  starting  with  # as first character are ignored, while in other
       lines the # character and everything after it till the newline  charac-
       ter are ignored.

       A  paragraph  can also consist of only a single field "!include:" which
       causes the named file (relative to confdir  unless  starting  with  ~/,
       +b/, +c/ or / ) to be read as if it was found at this place.

       Each  of the three files or a file included as described above can also
       be a directory, in which case all files it  contains  with  a  filename
       ending in .conf and not starting with .  are read.

              This  required  field is the unique identifier of a distribution
              and used as directory name within dists/ It is also copied  into
              the Release files.

              Note  that this name is not supposed to change.  You most likely
              never ever want a name like testing or stable  here  (those  are
              suite  names  and  supposed  to  point  to  another distribution

       Suite  This optional field is simply copied into the Release files.  In
              Debian  it  contains  names like stable, testing or unstable. To
              create symlinks from the Suite to the  Codename,  use  the  cre-
              atesymlinks command of reprepro.

               will create a Release file with
               Codename: bla
               Suite: foo
               Components: updates/main updates/bad
               in it, but otherwise nothing is changed, while
               Codename: bla/updates
               Suite: foo/updates
               FakeComponentPrefix: updates
               Components: updates/main updates/bad
               will also create a Release file with
               Codename: bla
               Suite: foo
               Components: updates/main updates/bad
               but  the  packages  will  actually   be   in   the   components
              updates/main  and updates/bad, most likely causing the same file
              using duplicate storage space.

              This makes the distribution look more like Debian's security ar-
              chive,  thus  work  around  problems  with apt's workarounds for

              A list of distribution names.  When a .changes file is  told  to
              be  included into this distribution with the include command and
              the distribution header of that file is  neither  the  codename,
              nor the suite name, nor any name from the list, a wrongdistribu-
              tion error is generated.  The process_incoming command will also
              use  this  field,  see the description of Allow and Default from
              the conf/incoming file for more information.

              This optional field is simply copied into the Release files.

       Origin This optional field is simply copied into the Release files.

       Label  This optional field is simply copied into the Release files.

              This optional field is simply copied  into  the  Release  files.
              (The  value  is  handled as an arbitrary string, though anything
              but yes does not make much sense right now.)

              This optional field is simply copied  into  the  Release  files.
              (The  value  is  handled as an arbitrary string, though anything
              but yes does not make much sense right now.)

              This optional field is simply copied into the Release files.

              This required field lists the binary architectures  within  this
              distribution and if it contains source (i.e. if there is an item
              source in this line this  Distribution  has  source.  All  other

              Components  with  a  debian-installer  subhierarchy   containing
              .udebs.  (E.g. simply "main")

       Update When  this field is present, it describes which update rules are
              used for this distribution. There also can be a magic rule minus
              ("-"), see below.

       Pull   When  this  field  is present, it describes which pull rules are
              used for this distribution.  Pull rules are like  Update  rules,
              but get their stuff from other distributions and not from exter-
              nal sources.  See the description for conf/pulls.

              When this field is present, a Release.gpg file  will  be  gener-
              ated.   If  the  value is "yes" or "default", the default key of
              gpg is used.  If the field starts with an exlamation mark ("!"),
              the  given  script is executed to do the signing.  Otherwise the
              value will be given to libgpgme to determine to key to use.

              If there are problems with signing, you can try
              gpg --list-secret-keys value
              to see how gpg could interprete the value.  If that command does
              not list any keys or multiple ones, try to find some other value
              (like the keyid), that gpg can  more  easily  associate  with  a
              unique key.

              If  this  key has a passphrase, you need to use gpg-agent or the
              insecure option --ask-passphrase.

              A '!' hook script is looked for in the confdir, unless it starts
              with  ~/,  ./,  +b/, +o/, +c/ or / .  Is gets three command line
              arguments: The filename to sign, an empty argument or the  file-
              name  to create with an inline signature (i.e. InRelease) and an
              empty argument or the filename to create an  detached  signature
              (i.e. Release.gpg).  The script may generate no Release.gpg file
              if it choses to (then the repository will look like unsigned for
              older  clients),  but  generating  empty  files  is not allowed.
              Reprepro waits for the script  to  finish  and  will  abort  the
              exporting of the distribution this signing is part of unless the
              scripts returns normally with exit code 0.  Using a space  after
              ! is recommended to avoid incompatibilities with possible future

              When this field is present, it describes the override file  used
              when including .deb files.

              When  this field is present, it describes the override file used
              when including .udeb files.

              When this field is present, it describes the override file  used
              be executed after all index files are generated.  (See the exam-
              ples for what argument this gets).  The default is:
              DebIndices: Packages Release . .gz
              UDebIndices: Packages . .gz
              DscIndices: Sources Release .gz

              Options to modify how and if exporting is done:
              noexport  Never export this distribution.  That means there will
              be no directory below dists/ generated and the  distribution  is
              only useful to copy packages to other distributions.
              keepunknown Ignore unknown files and directories in the exported
              directory.  This is currently the only available option and  the
              default,  but  might  change in the future, so it can already be
              requested explicitely.

              Enable the creation of Contents  files  listing  all  the  files
              within  the  binary packages of a distribution.  (Which is quite
              slow, you have been warned).

              In earlier versions, the first argument was a rate at  which  to
              extract file lists.  As this did not work and was no longer eas-
              ily possible after some factorisation, this is  no  longer  sup-

              The  arguments  of  this  field  is  a  space  separated list of
              options.  If there is a udebs keyword, .udebs  are  also  listed
              (in a file called uContents-architecture.)  If there is a nodebs
              keyword, .debs are  not  listed.   (Only  useful  together  with
              udebs)  If  there  is  at  least one of the keywords ., .gz, .xz
              and/or  .bz2,  the  Contents  files  are  written  uncompressed,
              gzipped and/or bzip2ed instead of only gzipped.

              If  there is a percomponent then one Contents-arch file per com-
              ponent is created.  If there is a allcomponents then one  global
              Contents-arch  file  is  generated.  If both are given, both are
              created.  If none of both  is  specified  then  percomponent  is
              taken as default (earlier versions had other defaults).

              The  switches compatsymlink or nocompatsymlink (only possible if
              allcomponents was not specified explicitly)  control  whether  a
              compatibility  symlink  is  created  so old versions of apt-file
              looking for the component independent filenames at least see the
              contents of the first component.

              Unless  allcomponents  is given, compatsymlinks currently is the
              default, but that will change in some future (current  estimate:
              after wheezy was released)

              Limit  generation  of Contents files to the architectures given.
              If this field is not there, all architectures are processed.  An
              empty  field means no architectures are processed, thus not very
              the udebs keyword in the Contents field, all .udebs of all  com-
              ponents  are  put in the uContents.arch files.  If this field is
              not there and there is no udebs keyword in the  Contents  field,
              no  uContents-arch  files  are  generated  at  all.  A non-empty
              fields implies generation of uContents-arch files (just like the
              udebs  keyword in the Contents field), while an empty one causes
              no uContents-arch files to be generated.

              Specifies a file (relative to confdir if not starting  with  ~/,
              +b/,  +c/  or  / ) to specify who is allowed to upload packages.
              Without this there are no limits, and this file can  be  ignored
              via --ignore=uploaders.  See the section UPLOADERS FILES below.

              Enable  the  (experimental)  tracking  of  source packages.  The
              argument list needs to contain exactly one of the following:
              keep Keeps all files of a given source package,  until  that  is
              deleted  explicitly  via removetrack. This is currently the only
              possibility to keep older packages around when all indices  con-
              tain newer files.
              all Keep all files belonging to a given source package until the
              last file of it is no longer used within that distribution.
              minimal Remove files no longer included in the tracked distribu-
              tion.   (Remove  changes,  logs  and includebyhand files once no
              file is in any part of the distribution).
              And any number of the following (or none):
              includechanges Add the .changes file to the tracked files  of  a
              source package.  Thus it is also put into the pool.
              includebyhand  Add  byhand  and raw-* files to the tracked files
              and thus in the pool.
              includelogs Add log files to the tracked files and thus  in  the
              pool.   (Not that putting log files in changes files is a repre-
              pro extension not found in normal changes files)
              embargoalls Not yet implemented.
              keepsources Even when using minimal mode, do not  remove  source
              files until no file is needed any more.
              needsources Not yet implemented.

       Log    Specify  a  file to log additions and removals of this distribu-
              tion into and/or external scripts  to  call  when  something  is
              added  or  removed.   The rest of the Log: line is the filename,
              every following line (as usual, have  to  begin  with  a  single
              space) the name of a script to call.  The name of the script may
              be preceded with  options  of  the  form  --type=(dsc|deb|udeb),
              --architecture=name  or --component=name to only call the script
              for some parts of the distribution.   An  script  with  argument
              --changes is called when a .changes file was accepted by include
              or processincoming (and with other  arguments).   Both  type  of
              scripts  can have a --via=command specified, in which case it is
              only called when caused by reprepro command command.

              For information how it is called and some examples take  a  look
              at manual.html in reprepro's source or /usr/share/doc/reprepro/
              m  or  y,  where  d  means days, m means 31 days and y means 365
              days.   So  ValidFor:  1m  11  d  causes  the  generation  of  a
              Valid-Until:  header  in  Release files that points 42 days into
              the future.

              Disallow all modifications of this distribution or its directory
              in  dists/codename  (with  the exception of snapshot subdirecto-

              This species hooks to call for handling byhand/raw files by pro-
              cessincoming (and in future versions perhaps by include).

              Each  line  consists  out of 4 arguments: A glob pattern for the
              section (clasically byhand, though Ubuntu uses  raw-*),  a  glob
              pattern  for the priority (not usually used), and a glob pattern
              for the filename.

              The 4th argument is the script to be  called  when  all  of  the
              above match.  It gets 5 arguments: the codename of the distribu-
              tion, the section (usually byhand), the priority  (usually  only
              -), the filename in the changes file and the full filename (with
              processincoming in the secure TempDir).

       Name   The name of this update-upstream as it can be used in the Update
              field in conf/distributions.

       Method An    URI    as    one    could   also   give   it   apt,   e.g.
     which is simply given to the  corre-
              sponding apt-get method. (So either apt-get has to be installed,
              or you have to point with --methoddir  to  a  place  where  such
              methods are found.

              (Still  experimental:) A fallback URI, where all files are tried
              that failed the first one. They are given to the same method  as
              the  previous  URI  (e.g. both http://), and the fallback-server
              must have everything at the same  place.   No  recalculation  is
              done, but single files are just retried from this location.

       Config This can contain any number of lines, each in the format apt-get
              --option would expect. (Multiple lines - as always - marked with
              leading spaces).

       For example: Config: Acquire::Http::Proxy=

       From   The  name  of  another update rule this rules derives from.  The
              rule containing the From may not  contain  Method,  Fallback  or
              Config.   All  other fields are used from the rule referenced in
              From, unless found in this containing the From.  The rule refer-
              enced  in  From  may  itself contain a From.  Reprepro will only
              assume two remote index files are the same, if  both  get  their
              If this field is not there, all components from the distribution
              to update are tried.

              An  empty  field means no source or .deb packages are updated by
              this rule, but only .udeb packages, if there are any.

              A rule might list components not available in all  distributions
              using  this  rule.  In this case unknown components are silently
              ignored.  (Unless you start reprepro with the --fast option,  it
              will  warn  about components unusable in all distributions using
              that rule. As exceptions, unusable components  called  none  are
              never  warned  about,  for  compatibility with versions prior to
              3.0.0 where and empty field had a different meaning.)

              The architectures to update. If omitted all from  the  distribu-
              tion  to  update  from.  (As with components, you can use ">" to
              download from one architecture and add into another  one.  (This
              only determine in which Package list they land, it neither over-
              writes the Architecture line in its description, nor the one  in
              the  filename determined from this one. In other words, it is no
              really useful without additional filtering))

              Like Components but for the udebs.

              Download the Release.gpg file and check if it is a signature  of
              the  Releasefile with the key given here. (In the Format as "gpg
              --with-colons --list-key" prints it, i.e. the last 16 hex digits
              of the fingerprint) Multiple keys can be specified by separating
              them with a "|" sign. Then finding a signature from one  of  the
              will  suffice.   To  allow  revoked  or  expired keys, add a "!"
              behind a key.  (but to accept such signatures,  the  appropriate
              --ignore  is also needed).  To also allow subkeys of a specified
              key, add a "+" behind a key.

       IgnoreRelease: yes
              If this is present, no InRelease or Release file will  be  down-
              loaded and thus the md5sums of the other index files will not be

       GetInRelease: no
              IF this is present, no InRelease file  is  downloaded  but  only
              Release (and Release.gpg ) are tried.

       Flat   If  this field is in an update rule, it is supposed to be a flat
              repository, i.e. a repository without a dists dir and no  subdi-
              rectories   for   the   index   files.   (If  the  corresponding
              sources.list line has the suite end with a slash, then you might
              need  this one.)  The argument for the Flat: field is the Compo-
              nent to put those packages into.  No  Components  or  UDebCompo-
              nents  fields  are allowed in a flat update rule.  If the Archi-
              tecture field has any > items, the  part  left  of  the  ">"  is
              Possible values are currently md5, sha1 and sha256.

              Note that this does not speed anything up in any measurable way.
              The only reason to specify this if the Release file of the  dis-
              tribution you want to mirror from uses a faulty algorithm imple-
              mentation.  Otherwise you will gain nothing and only lose  secu-

              This  can  be a formula to specify which packages to accept from
              this source. The format is  misusing  the  parser  intended  for
              Dependency  lines.  To  get  only  architecture all packages use
              "architecture (== all)", to get only at least important packages
              use "priority (==required) | priority (==important)".

              See  the description of the listfilter command for the semantics
              of formulas.

       FilterList, FilterSrcList
              These take at least two arguments: The first one is the  default
              action  when  something is not found in the list, then a list of
              filenames (relative to --confdir, if not starting with ~/,  +b/,
              +c/ or / ) in the format of dpkg --get-selections and only pack-
              ages listed in there as install or that are  already  there  and
              are  listed with upgradeonly will be installed. Things listed as
              deinstall or purge will be ignored.  Packages  having  supersede
              will  not be installed but instead cause the removal of packages
              with strictly smaller  version  (i.e.  if  a  package  would  be
              replaced by this package if this was install, it will be removed
              instead and no new package being installed).  Things listed with
              warning  are  also  ignored, but a warning message is printed to
              stderr.  A package being hold will not be upgraded but also  not
              downgraded  or  removed  by previous delete rules.  To abort the
              whole  upgrade/pull  if  a  package  is  available,  use  error.
              Instead  of  a  keyword  you  can  also use "= version" which is
              treated like install if the version matches and like no entry if
              it does not match.  Only one such entry per package is currently
              supported and the version is currently compared as string.

              If there is both FilterList and FilterSrcList then the first  is
              used  for  .deb  and .udeb and the second for .dsc packages.  If
              there is only FilterList that  is  applied  to  everything.   If
              there  is only FilterSrcList that is applied to everything, too,
              but the source package name (and source version) is used  to  do
              the lookup.

              This  field  controls whether source packages with Extra-Source-
              Only set are ignore when getting source packages.  Withouth this
              option  or  if  it  is  true, those source packages are ignored,
              while if set to no or false, those source packages are also con-
              didates  if no other filter excludes them.  (The default of true
              will likely change once reprepro supports multiple versions of a
              package or has other means to keep the source packages around).
              causing it.

              This  is  like  ListHook, but the whole argument is given to the
              shell as argument, and the input and output file are  stdin  and

              ListShellHook: cat
              works but does nothing but useless use of a shell and cat, while
              ListShellHook:  grep-dctrl -X -S apt -o -X -S dpkg || [ $? -eq 1
              will limit the update rule to packages from the specified source

              The  arguments  of this field specify which index files reprepro
              will download.

              Allowed values  are  .,  .gz,  .bz2,  .lzma,  .xz,  .lz,  .diff,
              force.gz,   force.bz2,   force.lzma,   force.xz,  force.lz,  and

              Reprepro will try the first supported variant in the list given:
              Only  compressions  compiled in or for which an uncompressor was
              found are used.  Unless the value starts with force., it is only
              tried if if is found in the Release or InRelease file.

              The  default value is .diff .xz .lzma .bz2 .gz ., i.e.  download
              Packages.diff if listed in the Release file, otherwise or if not
              usable download .xz if listed in the Release file and there is a
              way to uncompress it, then .lzma if usable, then .bz2 if usable,
              then .gz and then uncompressed).

              Note  there  is  no way to see if an uncompressed variant of the
              file is available (as the Release file always lists their check-
              sums,  even  if  not  there), so putting '.' anywhere but as the
              last argument can mean trying to download a file that  does  not

              Together  with IgnoreRelease reprepro will download the first in
              this list that could be unpacked (i.e. force is always  assumed)
              and the default value is .gz .bzip2 . .lzma .xz.

       This file contains the rules for pulling packages from one distribution
       to another.  While this can also be done with update  rules  using  the
       file  or  copy method and using the exported indices of that other dis-
       tribution, this way is faster.  It also ensures the current  files  are
       used  and  no copies are made.  (This also leads to the limitation that
       pulling from one component to another is not possible.)

       Each rule consists out of the following fields:

              using  this  rule.  In this case unknown components are silently
              ignored.  (Unless you start reprepro with the --fast option,  it
              will  warn  about components unusable in all distributions using
              that rule.  As exception, unusable components  called  none  are
              never  warned  about,  for  compatibility with versions prior to
              3.0.0 where and empty field had a different meaning.)

              The architectures to update.  If omitted all from the  distribu-
              tion to pull from.  As in conf/updates, you can use ">" to down-
              load from one architecture and add into another one. (And again,
              only  useful  with  filtering to avoid packages not architecture
              all to migrate).

              Like Components but for the udebs.



              The same as with update rules.

       The format of override files  used  by  reprepro  should  resemble  the
       extended ftp-archive format, to be specific it is:

       packagename field name new value

       For example:
       kernel-image-2.4.31-yourorga Section protected/base
       kernel-image-2.4.31-yourorga Priority standard
       kernel-image-2.4.31-yourorga Maintainer That's me <me@localhost>
       reprepro Priority required

       All  fields of a given package will be replaced by the new value speci-
       fied in the override file with the exception of special fields starting
       with a dollar sign ($).  While the field name is compared case-insensi-
       tive, it is copied in exactly the form  in  the  override  file  there.
       (Thus I suggest to keep to the exact case it is normally found in index
       files in case some other tool confuses them.)  More than copied is  the
       Section header (unless -S is supplied), which is also used to guess the
       component (unless -C is there).

       Some values like Package, Filename, Size or MD5sum  are  forbidden,  as
       their usage would severly confuse reprepro.

       As  an  extension  reprepro  also supports patterns instead of package-
       names.  If the package name contains '*', '[' or '?', it is  considered
       a  pattern  and applied to each package that is not matched by any non-
       pattern override nor by any previous pattern.

       Fieldnames starting with a dollar ($) are not be placed in the exported
       package can be removed, too).

       Every  chunk  is a rule set for the process_incoming command.  Possible
       fields are:

       Name   The name of the rule-set, used as argument to the  scan  command
              to specify to use this rule.

              The Name of the directory to scan for .changes files.

              A  directory  where  the  files listed in the processed .changes
              files are copied into before they are read.  You can avoid  some
              copy  operatations  by  placing  this  directory within the same
              moint point the pool hierarchy is (at least partially) in.

       LogDir A directory where  .changes  files,  .log  files  and  otherwise
              unused .byhand files are stored upon procession.

       Allow  Each  argument is either a pair name1>name2 or simply name which
              is short for name>name.  Each name2 must  identify  a  distribu-
              tion,  either  by  being  Codename,  a unique Suite, or a unique
              AlsoAcceptFor from conf/distributions.   Each  upload  has  each
              item  in  its  Distribution:  header compared first to last with
              each name1 in the rules and is put in the  first  one  accepting
              this package.  e.g.:
              Allow: local unstable>sid
              Allow: stable>security-updates stable>proposed-updates
              (Note  that  this makes only sense if Multiple is set to true or
              if there are people only allowed to upload  to  proposed-updates
              but not to security-updates).

       Default distribution
              Every  upload  not put into any other distribution because of an
              Allow argument is put into distribution if that accepts it.

              Old form of Options: multiple_distributions.

              A list of options
              Allow including a upload in multiple distributions.

              If a .changes file lists multiple distributions,  then  reprepro
              will  start  with  the  first  name  given, check all Accept and
              Default options till it finds a distribution this upload can  go

              If  this  found  no  distribution  or  if this option was given,
              reprepro will then do the same with the second distribution name
              Ignore  a  package not added because there already is a strictly
              newer version available instead of treating this as an error.
              Do not abort with an error if  a  .changes  file  contains  .deb
              files that are not listed in the Binaries header.

       Cleanup options
              A  list of options to cause more files in the incoming directory
              to be deleted:
              If there is unused_files in Permit then also delete those  files
              when the package is deleted after successful processing.
              If  a .changes file is denied processing because of missing sig-
              natures or allowed distributions to be put in, delete it and all
              the files it references.
              If a .changes file causes errors while processing, delete it and
              the files it references.

              Note that allowing cleanup  in  publically  accessible  incoming
              queues  allows  a denial of service by sending in .changes files
              deleting other peoples files before they are  completed.   Espe-
              cially  when .changes files are handled directly (e.g. by inoti-

              If files are to be deleted by Cleanup, they are instead moved to
              a  subdirectory  of  the directory given as value to this field.
              This directory has to be on the same partition as  the  incoming
              directory  and  files  are moved (i.e. owner and permission stay
              the same) and never copied.

       These files specified by the Uploaders header in the distribution defi-
       nition  as  explained  above describe what key a .changes file as to be
       signed with to be included in that distribution.

       Empty lines and lines starting with a hash  are  ignored,  every  other
       line  must  be  of one of the following nine forms or an include direc-

       allow condition by anybody
              which allows everyone to upload packages matching condition,

       allow condition by unsigned
              which allows everything matching that has no pgp/gpg header,

       allow condition by any key
              which allows everything matching with any valid signature in or

       allow condition by key key-id
              which allows everything matching signed by this  key-id  (to  be
              specified  without  any  spaces).   If  the key-id ends with a +

       group groupname add key-id
              to add a key-id (see above for details) to this group, or

       group groupname contains groupname
              to add a whole group to a group.

              To avoid warnings in incomplete config files there is also

       group groupname empty
              to declare a group has no members (avoids warnings  that  it  is
              used without those) and

       group groupname unused
              to  declare that a group is not yet used (avoid warnings that it
              is not used).

       A line starting with include causes the rest of the line to  be  inter-
       preted  as  filename,  which is opened and processed before the rest of
       the file is processed.

       The only conditions currently supported are:

       *      which means any package,

       source 'name'
              which means any package with source name.  ('*', '?' and  '[..]'
              are treated as in shell wildcards).

       sections 'name'(|'name')*
              matches an upload in which each section matches one of the names
              given.  As upload conditions are checked very early, this is the
              section  listed in the .changes file, not the one from the over-
              ride file.  (But this might change in the future,  if  you  have
              the need for the one or the other behavior, let me know).

       sections contain 'name'(|'name')*
              The  same,  but not all sections must be from the given set, but
              at least one source or binary package needs to have one of those

       binaries 'name'(|'name')*
              matches  an  upload  in  which  each  binary  (type deb or udeb)
              matches one of the names given.

       binaries contain 'name'(|'name')*
              again only at least one instead of all is required.

       architectures 'architecture'(|'name')*
              matches an upload in which each package has  only  architectures
              from the given set.  source and all are treated as unique archi-
              tectures.  Wildcards are not allowed.

       architectures contain 'architecture'(|'architecture')*
              which means any package when it is to be included  in  codename.
              As  the  uploaders  file  is given by distribution, this is only
              useful to reuse a complex uploaders file for multiple  distribu-

       Putting  not in front of a condition, inverses it's meaning.  For exam-
       allow not source 'r*' by anybody
       means anybody may upload packages which source name does not start with
       an 'r'.

       Multiple  conditions  can be connected with and and or, with or binding
       stronger (but both weaker than not).  That means
       allow source 'r*' and source '*xxx' or source '*o' by anybody
       is equivalent to
       allow source 'r*xxx' by anybody
       allow source 'r*o' by anybody

       (Other conditions will follow once somebody tells me what  restrictions
       are useful.  Currently planned is only something for architectures).

       With  --ignore  on  the  command  line or an ignore line in the options
       file, the following type of errors can be ignored:

       brokenold (hopefully never seen)
              If there are errors parsing an installed version of package,  do
              not  error  out,  but assume it is older than anything else, has
              not files or no source name.

              If a .changes or .dsc file contains at least one invalid  signa-
              ture and no valid signature (not even expired or from an expired
              or revoked key), reprepro assumes the  file  got  corrupted  and
              refuses to use it unless this ignore directive is given.

       brokenversioncmp (hopefully never seen)
              If  comparing  old  and new version fails, assume the new one is

              If a .changes file has an explicit Source version that  is  dif-
              ferent  the  to  the  version  header of the file, than reprepro
              assumes it is binary non maintainer upload (NMU).  In that case,
              source  files  are  not permitted in .changes files processed by
              include or processincoming.  Adding --ignore=dscinbinnmu  allows
              it for the include command.

       emptyfilenamepart (insecure)
              Allow  strings to be empty that are used to construct filenames.
              (like versions, architectures, ...)

              Allow to includedeb files that do not end with .deb, to  includ-
              Allow 8-bit characters not looking like overlong UTF-8 sequences
              in filenames and things used as parts of filenames.   Though  it
              hopefully rejects overlong UTF-8 sequences, there might be other
              characters your filesystem  confuses  with  special  characters,
              thus   creating   filenames   possibly   equivalent   to   /mir-
              ror/pool/main/../../../etc/shadow (Which should be safe, as  you
              do  not  run  reprepro  as root, do you?)  or simply overwriting
              your conf/distributions file adding some commands in  there.  So
              do  not  use  this  if you are paranoid, unless you are paranoid
              enough to have  checked  the  code  of  your  libs,  kernel  and

       ignore (for forward compatibility)
              Ignore unknown ignore types given to --ignore.

       flatandnonflat (only supresses a warning)
              Do  not  warn  about a flat and a non-flat distribution from the
              same source with the same name when updating.  (Hopefully  never
              ever needed.)

       malformedchunk (I hope you know what you do)
              Do not stop when finding a line not starting with a space but no
              colon(:) in it. These are otherwise rejected  as  they  have  no
              defined meaning.

       missingfield (safe to ignore)
              Ignore  missing  fields in a .changes file that are only checked
              but not processed.  Those include: Format, Date, Urgency,  Main-
              tainer, Description, Changes

       missingfile (might be insecure)
              When  including  a  .dsc  file  from a .changes file, try to get
              files needed but not listed in  the  .changes  file  (e.g.  when
              someone  forgot  to  specify  -sa to dpkg-buildpackage) from the
              directory the .changes file  is  in  instead  of  erroring  out.
              (--delete will not work with those files, though.)

       spaceonlyline (I hope you know what you do)
              Allow  lines  containing only (but non-zero) spaces. As these do
              not separate chunks as thus will cause reprepro to behave  unex-
              pected, they cause error messages by default.

              Do  not  reject a .changes file containing files for a architec-
              ture not listed in the Architecture-header within it.

              Do not reject a .changes file containing .deb  files  containing
              packages  whose  name  is  not listed in the "Binary:" header of
              that changes file.

       undefinedtarget (hope you are not using the wrong db directory)
              Do not stop when the packages.db  file  contains  databases  for
              codename/packagetype/component/architectures  combinations  that
              This allows you to temporarily remove some distribution from the
              config files, without having to remove the packages in  it  with
              the  clearvanished  command.  You might even temporarily disable
              tracking in some distribution,  but  that  is  likely  to  cause
              inconsistencies  in  there,  if  you  do  not know, what you are

       unknownfield (for forward compatibility)
              Ignore unknown fields in the config files, instead  of  refusing
              to run then.

       unusedarch (safe to ignore)
              No  longer reject a .changes file containing no files for any of
              the architectures listed in the Architecture-header within it.

              Do not complain about command line options not used by the spec-
              ified action (like --architecture).

              The  include  command  will accept packages that would otherwise
              been rejected by the uploaders file.

       wrongarchitecture (safe to ignore)
              Do not warn about  wrong  "Architecture:"  lines  in  downloaded
              Packages  files.   (Note  that  wrong  Architectures  are always
              ignored when getting stuff from flat  repostories  or  importing
              stuff from one architecture to another).

       wrongdistribution (safe to ignore)
              Do not error out if a .changes file is to be placed in a distri-
              bution not listed in that files' Distributions: header.

              Do not reject a .changes file containing .deb files with a  dif-
              ferent opinion on what the version of the source package is.
              (Note: reprepro only compares literally here, not by meaning.)

              Do  not reject a .changes file containing .dsc files with a dif-
              ferent version.
              (Note: reprepro only compares literally here, not by meaning.)

       expiredkey (I hope you know what you do)
              Accept signatures with expired keys.  (Only if the  expired  key
              is explicitly requested).

       expiredsignature (I hope you know what you do)
              Accept  expired  signatures with expired keys.  (Only if the key
              is explicitly requested).

       revokedkey (I hope you know what you do)
              Accept signatures with revoked keys.  (Only if the  revoked  key
              is explicitly requested).

       NOTE: Always specify main as the first component, if you want things to
       end up there.

       NOTE: unlike in dak, non-US and non-us are different things...

       Codename  the primary identifier of a given distribution. This are nor-
       mally things like sarge, etch or sid.

              the name of a file without any directory information.

       byhand Changes files can have files with section 'byhand'  (Debian)  or
              'raw-'  (Ubuntu).   Those  files are not packages but other data
              generated (usually together with  packages)  and  then  uploaded
              together with this changes files.

              With  reprepro  those  can  be  stored in the pool next to their
              packages whith tracking, put in some log  directory  when  using
              processincoming, or given to an hook script (currently only pos-
              sible with processincoming).

              the position relative to the outdir.  (as found  in  "Filename:"
              in Packages.gz)

       full filename
              the position relative to /

              The  term  like sparc, i386, mips, ... .  To refer to the source
              packages, source is sometimes also treated as architecture.

              Things like main, non-free and contrib (by policy and some other
              programs also called section, reprepro follows the naming scheme
              of apt here.)

              Things like base, interpreters, oldlibs  and  non-free/math  (by
              policy and some other programs also called subsections).

       md5sum The  checksum  of a file in the format "<md5sum of file> <length
              of file>"

Some note on updates
   A version is not overwritten with the same version.
       reprepro will never update a package with a  version  it  already  has.
       This  would  be  equivalent to rebuilding the whole database with every
       single upgrade.  To force the new same version in, remove it  and  then
       update.  (If files of the packages changed without changing their name,
       make sure the file  is  no  longer  remembered  by  reprepro.   Without
       --keepunreferencedfiled  and  without  errors  while deleting it should
       Thus  the line "Update: - rules " will cause all packages to be exactly
       the highest Version found in rules.  The line "Update: near -  rules  "
       will  do  the  same,  except if it needs to download packages, it might
       download it from near except when too confused. (It will get  too  con-
       fused e.g. when near or rules have multiple versions of the package and
       the highest in near is not the first one in rules, as it never remember
       more than one possible spring for a package.

       Warning:  This rule applies to all type/component/architecture triplets
       of a distribution, not only those some other update  rule  applies  to.
       (That means it will delete everything in those!)

       Environment  variables  are always overwritten by command line options,
       but overwrite options set in the options file. (Even when  the  options
       file  is  obviously parsed after the environment variables as the envi-
       ronment may determine the place of the options file).

              The directory in this variable is used instead  of  the  current
              directory, if no -b or --basedir options are supplied.
              It  is also set in all hook scripts called by reprepro (relative
              to the current directory or absolute, depending on how  reprepro
              got it).

              The directory in this variable is used when no --confdir is sup-
              It is also set in all hook scripts called by reprepro  (relative
              to  the current directory or absolute, depending on how reprepro
              got it).

              This is not used, but only set in hook scripts called by  repre-
              pro  to  the  directory  in  which the pool subdirectory resides
              (relative to the current directory or absolute, depending on how
              reprepro got it).

              This  is not used, but only set in hook scripts called by repre-
              pro to the dists directory (relative to the current directory or
              absolute, depending on how reprepro got it).

              This  is not used, but only set in hook scripts called by repre-
              pro to the value setable by --logdir.


              Those two environment variable are set (or unset)  in  Log:  and
              ByHandHooks:  scripts and hint what command and what file caused
              the hook to be called (if there is some).



              Set in FilterList: and FilterSrcList:  scripts.

              Not  used  by  reprepro  directly.   But reprepro uses libgpgme,
              which calls gpg for signing and verification of signatures.  And
              your  gpg  will  most  likely  use  the content of this variable
              instead of "~/.gnupg".  Take a look at gpg(1) to be  sure.   You
              can also tell reprepro to set this with the --gnupghome option.

              When  there  is  a  gpg-agent  running  that  does  not have the
              passphrase cached yet, gpg will most likely try  to  start  some
              pinentry program to get it.  If that is pinentry-curses, that is
              likely to fail without this variable, because it cannot  find  a
              terminal  to  ask on.  In this cases you might set this variable
              to something like the value of $(tty) or  $SSH_TTY  or  anything
              else  denoting  a  usable terminal. (You might also want to make
              sure you actually have a terminal available.  With ssh you might
              need  the  -t  option to get a terminal even when telling gpg to
              start a specific command).

              By default, reprepro will set this variable to what the symbolic
              link  /proc/self/fd/0  points to, if stdin is a terminal, unless
              you told with --noguessgpgtty to not do so.

       Increased verbosity always shows those things  one  does  not  want  to
       know.  (Though this might be inevitable and a corollary to Murphy)

       Reprepro  uses berkeley db, which was a big mistake.  The most annoying
       problem not yet worked around is database corruption when the disk runs
       out  of space.  (Luckily if it happens while downloading packages while
       updating, only the files database is affected, which  is  easy  (though
       time  consuming)  to  rebuild, see recovery file in the documentation).
       Ideally put the database on another partition to avoid that.

       While the source part is mostly considered as the  architecture  source
       some parts may still not use this notation.

       gpgme returned an impossible condition
              With  the  woody  version  this normally meant that there was no
              .gnupg directory in $HOME, but it created one and reprepro  suc-
              ceeds  when called again with the same command.  Since sarge the
              problem sometimes shows up, too. But  it  is  no  longer  repro-
              ducible  and  it  does  not fix itself, neither. Try running gpg
              --verify file-you-had-problems-with manually as the user  repre-
              pro is running and with the same $HOME. This alone might fix the
              error.  This can be worked around by:
              call dpkg-buildpackage with -sa (recommended)
              copy the .orig.tar.gz file to  the  proper  place  in  the  pool
              call reprepro with --ignore=missingfile (discouraged)

       leftover files in the pool directory.
              reprepro  is  sometimes  a bit too timid of deleting stuff. When
              things go wrong and there have been  errors  it  sometimes  just
              leaves  everything  where  it  is.   To  see what files reprepro
              remembers to be in your pool directory but does  not  know  any-
              thing needing them right know, you can use
              reprepro dumpunreferenced
              To delete them:
              reprepro deleteunreferenced

       Interrupting  reprepro  has  its  problems.  Some things (like speaking
       with apt methods, database stuff) can cause problems  when  interrupted
       at  the  wrong time.  Then there are design problems of the code making
       it hard to distinguish if the current state is dangerous or non-danger-
       ous  to interrupt.  Thus if reprepro receives a signal normally sent to
       tell a process to terminate itself softly, it continues its  operation,
       but  does  not  start  any  new operations.  (I.e. it will not tell the
       apt-methods any new file to download, it will not replace a package  in
       a target, unless it already had started with it, it will not delete any
       files gotten dereferenced, and so on).

       It only catches the first signal of each type. The second signal  of  a
       given  type  will terminate reprepro. You will risk database corruption
       and have to remove the lockfile manually.

       Also note that even normal  interruption  leads  to  code-paths  mostly
       untested and thus expose a multitude of bugs including those leading to
       data corruption.  Better think a second more before issuing  a  command
       than risking the need for interruption.

       Report bugs or wishlist requests to the Debian BTS
       (e.g. by using reportbug reprepro under Debian)
       or directly to

       Copyright (C) 2004,2005,2006,2007,2008,2009,2010,2011,2012 Bernhard R.
       Link <>
       This is free software; see the source for copying conditions. There  is
       NO  warranty;  not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR

reprepro                          2013-05-04                       REPREPRO(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2019 Hurricane Electric. All Rights Reserved.