[edit on GitHub]

Use the apt_repository resource to specify additional APT repositories. Adding a new repository will update APT package cache immediately.


An apt_repository resource specifies APT repository information and adds an additional APT repository to the existing list of repositories:

apt_repository 'nginx' do
  uri        'http://nginx.org/packages/ubuntu/'
  components ['nginx']


  • apt_repository is the resource
  • name is the name of the APT repository, or the name of the resource block. Must not contain spaces.
  • uri is a base URI for the distribution where the APT packages are located at
  • components is an array of package groupings in the repository

The full syntax for all of the properties that are available to the apt_repository resource is:

apt_repository 'name' do
   repo_name             String
   uri                   String
   distribution          String
   components            Array
   arch                  String
   trusted               True, False
   deb_src               True, False
   keyserver             String
   key                   String, Array
   key_proxy             String
   cookbook              String
   cache_rebuild         True, False
   sensitive             True, False


  • apt_repository is the resource
  • name is the name of the resource block
  • repo_name, uri, distribution, components, arch, trusted, deb_src, keyserver, key, key_proxy, cookbook, cache_rebuild, and sensitive are properties of this resource, with the Ruby type shown. See “Properties” section below for more information about all of the properties that may be used with this resource.


This resource has the following actions:

Default. Creates a repository file at /etc/apt/sources.list.d/ and builds the repository listing.
Removes the repository listing.


This resource has the following properties:


Ruby Type: String

The name of the repository to configure, if it differs from the name of the resource block. The value of this setting must not contain spaces.


Ruby Type: String

The base of the Debian distribution.


Ruby Type: String

Usually a distribution’s codename, such as trusty, xenial or bionic. Default value: the codename of the node’s distro.


Ruby Type: Array

Package groupings, such as ‘main’ and ‘stable’. Default value: empty array.


Ruby Type: String

Constrain packages to a particular CPU architecture such as 'i386' or 'amd64'. Default value: nil.


Ruby Type: True, False

Determines whether you should treat all packages from this repository as authenticated regardless of signature. Default value: false.


Ruby Type: True, False

Determines whether or not to add the repository as a source repo as well. Default value: false.


Ruby Type: String

The GPG keyserver where the key for the repo should be retrieved. Default value: “keyserver.ubuntu.com”.


Ruby Type: String, Array

If a keyserver is provided, this is assumed to be the fingerprint; otherwise it can be either the URI of GPG key for the repo, or a cookbook_file. Default value: empty array.

New in Chef client 13.4.


Ruby Type: String

If set, a specified proxy is passed to GPG via http-proxy=. Default value: nil.


Ruby Type: String

If key should be a cookbook_file, specify a cookbook where the key is located for files/default. Default value is nil, so it will use the cookbook where the resource is used.


Ruby Type: True, False

Determines whether to rebuild the APT package cache. Default value: true.


Ruby Type: True, False

Determines whether sensitive resource data (such as key information) is not logged by the chef-client. Default value: false.


Add repository with basic settings

apt_repository 'nginx' do
  uri        'http://nginx.org/packages/ubuntu/'
  components ['nginx']

Enable Ubuntu multiverse repositories

apt_repository 'security-ubuntu-multiverse' do
  uri          'http://security.ubuntu.com/ubuntu'
  distribution 'trusty-security'
  components   ['multiverse']
  deb_src      true

Add the Nginx PPA, autodetect the key and repository url

apt_repository 'nginx-php' do
  uri          'ppa:nginx/stable'

Add the JuJu PPA, grab the key from the keyserver, and add source repo

apt_repository 'juju' do
  uri 'http://ppa.launchpad.net/juju/stable/ubuntu'
  components ['main']
  distribution 'trusty'
  key 'C8068B11'
  keyserver 'keyserver.ubuntu.com'
  action :add
  deb_src true

Add repository that requires multiple keys to authenticate packages

apt_repository 'rundeck' do
  uri 'https://dl.bintray.com/rundeck/rundeck-deb'
  distribution '/'
  key ['379CE192D401AB61', 'http://rundeck.org/keys/BUILD-GPG-KEY-Rundeck.org.key']
  keyserver 'keyserver.ubuntu.com'
  action :add

Add the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64

apt_repository 'cloudera' do
  uri          'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'
  arch         'amd64'
  distribution 'precise-cdh4'
  components   ['contrib']
  key          'http://archive.cloudera.com/debian/archive.key'

Remove a repository from the list

apt_repository 'zenoss' do
  action :remove