How to add an APT or DNF package repository

Topic: Servers linux

Add a third-party or vendor repository to APT (sources.list or .list in sources.list.d) or DNF (.repo in /etc/yum.repos.d) so you can install packages from it. Use this when you need software not in the default distro repos, and to keep repo config auditable and reversible.

Intent: How-to

Quick answer

  • APT: add a line to /etc/apt/sources.list or a file in /etc/apt/sources.list.d; format deb URL CODENAME COMPONENT (e.g. deb https://repo.example.com stable main). Run apt update.
  • DNF: create a .repo file in /etc/yum.repos.d with [name], name=, baseurl= (or metalink=), enabled=1, gpgcheck=1; add gpgkey= if needed. Run dnf makecache.
  • Prefer signed repos; add the vendor GPG key (apt-key or /usr/share/keyrings, or rpm --import); remove the repo file and run update to disable.

Prerequisites

Steps

  1. Add APT repo

    Create /etc/apt/sources.list.d/vendor.list with: deb [signed-by=/usr/share/keyrings/vendor.gpg] https://repo.example.com stable main. Add GPG key: wget -qO- URL | gpg --dearmor -o /usr/share/keyrings/vendor.gpg. Run apt update.

  2. Add DNF repo

    Create /etc/yum.repos.d/vendor.repo with [vendor], name=, baseurl=, enabled=1, gpgcheck=1, gpgkey=. Import key: rpm --import KEYURL or add gpgkey= in the repo. Run dnf makecache.

  3. Verify and secure

    apt policy PACKAGE or dnf repolist; install a test package. Prefer signed repos; remove the .list or .repo file and run update to stop using the repo.

Summary

Add an APT repo via sources.list.d or a DNF repo via a .repo file in yum.repos.d; add the vendor GPG key and run update or makecache. Use this to install packages from trusted third-party or vendor repositories.

Prerequisites

Steps

Step 1: Add APT repo

Add a file under /etc/apt/sources.list.d/ with deb and optional signed-by. Add the vendor GPG key to /usr/share/keyrings. Run apt update.

Step 2: Add DNF repo

Add a .repo file in /etc/yum.repos.d with [id], name, baseurl, enabled, gpgcheck, gpgkey. Import the key; run dnf makecache.

Step 3: Verify and secure

Use apt policy or dnf repolist; install a test package. Prefer signed repos; disable by removing the repo file and updating.

Verification

  • apt or dnf sees the new repo; you can install a package from it; repo can be disabled by removing the config.

Troubleshooting

GPG errors — Ensure the key is correct and signed-by (APT) or gpgkey (DNF) is set. 404 or mirror errors — Check URL and codename/release; some repos use different names. Conflict with distro — Pin (APT) or exclude (DNF) packages if the repo overrides distro packages.

Next steps

Continue to