from Hacker News

Show HN: Attune - Build and publish APT repositories in seconds

by ilikebits on 4/18/25, 4:14 PM with 31 comments

Hey HN, we're Eliza and Xin, and we’ve been working on Attune. Attune is a tool for publishing Linux packages.

Previously, we worked at other startups building open source developer tools that ran on our customers’ CI and development machines. For many of them, being able to `apt-get install` our tools was a requirement.

When we went to actually set up APT repositories, we were really surprised by the state of tooling around package publishing. The open source tools we found were old, slow, and difficult to figure out how to run in CI. The commercial tools we found were not much better. The cloud-hosted vendors required us to provide our signing keys to a cloud vendor (which was a non-starter), while the self-hosted vendors required us to operate our own specialized hosting servers.

We just wanted something simple: sign locally, run quickly, be easy to use, and deploy to managed object storage.

We couldn’t find it, so we built it. If you want to try it out, you can create a repository with three commands:

    attune repo create --uri https://apt.releases.example.com
    attune repo pkg add --repo-id 123 package.deb
    attune repo sync --repo-id 123
You can get the tool at https://github.com/attunehq/attune. There are a lot of rough edges right now since it's so new - sorry in advance, we're working on sanding those down.

It’s fully open source under Apache 2. We’re also working with some early customers to build enterprise features like audit logging, RBAC, and HSM integrations, and we’re thinking about building a managed cloud hosting service as well.

We’d love your feedback on whether this is useful for you, and what you’d like to see next. We’re well aware that publishing is a small piece of CI/CD, but we think a lot of the tooling in this area (publishing, artifact registries, package repositories) could really use some love.

What do you think? Comment here, or email us at founders@attunehq.com.

  • by yjftsjthsd-h on 4/18/25, 5:14 PM

    It's probably intuitive to anybody who's tried to do this the hard way, but if your target is people without that experience, you might want to dumb it down even more. So this is from your readme:

      attune repo create -u 'http://localhost:9000/debian' -d bookworm
  attune repo pkg -r 1 add -c stable/v17 ~/Downloads/teleport_17.4.4_arm64.deb
    And I think I know what `-d bookworm` must be, but I've no clue what -r or -c are doing in the second command.

    Also, from your post here (and why are the quick start steps different here?),

      attune repo create --uri https://apt.releases.example.com
    What is that URI supposed to be? Is that where the thing will eventually get served from and I have to run this on the server, or synchronize an output directory to the server, or is that going to do some sort of magic upload itself?

  • by pabs3 on 4/19/25, 4:06 AM

    Lots more options listed on the Debian wiki, I've added Attune to the list.

    https://wiki.debian.org/DebianRepository/Setup

  • by Hackbraten on 4/18/25, 5:17 PM

    How is this different to aptly, especially if one already has object storage?

  • by benwilber0 on 4/18/25, 5:31 PM

    Maybe I'm wrong, but aren't apt repositories just files in a web root? There are many scripts in the Debian ecosystem to generate and maintain such web directories. Maybe the actual package building would be interesting, but I don't know about just "we'll host your .deb files and keep the index updated"

  • by frabona on 4/18/25, 7:18 PM

    Curious how different is this from mise and ubi? https://github.com/jdx/mise

    I have a few pain points with that for installing cua (https://github.com/trycua/cua/issues/27), so if it can remove the initial friction happy to chat!

  • by 3np on 4/18/25, 10:14 PM

    Looks neat!

    What would be really valuable for us would be future support for other distros/repos.

    A more unified interface for synchronized publishing across say dep/rpm/archlinux/alpine when we have multi-distro packages to build and publish.

  • by rurban on 4/20/25, 1:28 PM

    Happy to test this out, because I'm really unhappy with aptly quirks

  • by powerawq103846 on 4/18/25, 6:58 PM

    very cool stuff!

  • by jauntywundrkind on 4/18/25, 5:36 PM

    Yes, it's Rust ;). Sign of quality to me.

    Excited to try. I ran a reprepo for a couple of years & it wasn't the worst to run, but not fun either. My confidence in efficiently publishing packages was super low, never improved much.

    It also mandated running a web server (configuring my nginx to point at the repo filesystem), not very batteries included.

    https://wiki.debian.org/DebianRepository/SetupWithReprepro