pve-docs/pve-package-repos.adoc

[[sysadmin_package_repositories]]
Package Repositories
--------------------
ifdef::wiki[]
:pve-toplevel:
endif::wiki[]

{pve} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its
package management tool like any other Debian-based system.

{pve} automatically checks for package updates on a daily basis. The `root@pam`
user is notified via email about available updates. From the GUI, the
'Changelog' button can be used to see more details about an selected update.

Repositories in {pve}
~~~~~~~~~~~~~~~~~~~~~

Repositories are a collection of software packages, they can be used to install
new software, but are also important to get new updates.

NOTE: You need valid Debian and Proxmox repositories to get the latest
security updates, bug fixes and new features.

APT Repositories are defined in the file `/etc/apt/sources.list` in the legacy
single-line format and in `.sources` files placed in `/etc/apt/sources.list.d/`
for the modern deb822 multi-line format, see
xref:sysadmin_apt_repo_formats[Repository Formats] for details.

[[_repository_management]]
Repository Management
^^^^^^^^^^^^^^^^^^^^^

[thumbnail="screenshot/gui-node-repositories.png"]

Since Proxmox VE 7, you can check the repository state in the web interface.
The node summary panel shows a high level status overview, while the separate
'Repository' panel shows in-depth status and list of all configured
repositories.

Basic repository management, for example, activating or deactivating a
repository, is also supported.

The available packages from a repository are acquired by running `apt update`.
Updates can be installed directly using `apt`, or via the GUI (Node -> Updates).

[[sysadmin_apt_repo_formats]]
Repository Formats
^^^^^^^^^^^^^^^^^^

Package repositories can be configured in the source list
'/etc/apt/sources.list' and the files contained in '/etc/apt/sources.list.d/'.

There are two formats supported:

single line::

In a single-line `sources.list` file, each line defines a package repository.
Empty lines are ignored. A `#` character anywhere on a line marks the remainder
of that line as a comment.
This is the legacy format. Since Debian 13 Trixie apt will complain about using
this format. You can automatically migrate most repositories using the `apt
modernize-sources` command.

deb822::

In the multi-line format `repo.sources` file each entry consists of multiple
lines of key-value pairs. A file can include multiple entries by separating each
group with a blank line. This is the modern format.

Available Repositories
^^^^^^^^^^^^^^^^^^^^^^

{pve} provides three different package repositories in addition to requiring the
base Debian repositories.


Debian Base Repositories
~~~~~~~~~~~~~~~~~~~~~~~~

.File `/etc/apt/sources.list.d/debian.sources`
----
Types: deb deb-src
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb deb-src
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
----


[[sysadmin_enterprise_repo]]
{pve} Enterprise Repository
~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is the recommended repository and available for all {pve} subscription
users. It contains the most stable packages and is suitable for production use.
The `pve-enterprise` repository is enabled by default:

.File `/etc/apt/sources.list.d/pve-enterprise.sources`
----
Types: deb
URIs: https://enterprise.proxmox.com/debian/pve
Suites: trixie
Components: pve-enterprise
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----

Please note that you need a valid subscription key to access the
`pve-enterprise` repository. We offer different support levels, which you can
find further details about at {pricing-url}.

NOTE: You can disable this repository by commenting out the above line using a
`#` (at the start of the line). This prevents error messages if your host does
not have a subscription key. Please configure the `pve-no-subscription`
repository in that case.

[[sysadmin_no_subscription_repo]]
{pve} No-Subscription Repository
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As the name suggests, you do not need a subscription key to access this
repository. It can be used for testing and non-production use. It's not
recommended to use this on production servers, as these packages are not always
as heavily tested and validated.

We recommend to configure this repository in
`/etc/apt/sources.list.d/proxmox.sources`.

.File `/etc/apt/sources.list.d/proxmox.sources`
----
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----

NOTE: Remember that you will always need the base Debian repositories in
addition to a {pve} Proxmox repository

[[sysadmin_test_repo]]
{pve} Test Repository
~~~~~~~~~~~~~~~~~~~~~~

This repository contains the latest packages and is primarily used by developers
to test new features. To configure it, add the following stanza to the file
`/etc/apt/sources.list.d/proxmox.sources`:

.File `/etc/apt/sources.list.d/proxmox.sources`
----
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-test
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----

WARNING: The `pve-test` repository should (as the name implies) only be used for
testing new features or bug fixes.


[[sysadmin_package_repositories_ceph]]
Ceph Repositories
~~~~~~~~~~~~~~~~~

Ceph-related packages are kept up to date with a preconfigured Ceph enterprise
repository. Preinstalled packages enable connecting to an external Ceph
cluster and adding its xref:ceph_rados_block_devices[RBD] or
xref:storage_cephfs[CephFS] pools as storage. You can also build a
xref:chapter_hyper_converged_infrastructure[hyper-converged infrastructure (HCI)]
by running xref:chapter_pveceph[Ceph] on top of the {pve} cluster.

Information from this chapter is helpful in the following cases:

Installing Ceph to build an HCI::
Decide on a below described repository and recent Ceph release, which you can
then select in the xref:pve_ceph_install_wizard[web-based wizard or the CLI tool].

Already running the HCI and want to upgrade to the succeeding _Ceph_ major release::
Please follow the related {webwiki-url}Category:Ceph_Upgrade[Ceph upgrade guide].

Already running the HCI and want to upgrade to the succeeding _{pve}_ major release::
In an HCI each {pve} major release requires a corresponding minimum Ceph major
release, please follow the related
{webwiki-url}Category:Upgrade[{pve} upgrade guide].

Not running an HCI but using an external Ceph cluster::
To install newer packages used to connect to Ceph, apply available system
updates, decide on a repository and Ceph release listed below, add it to your
node via the __xref:_repository_management[Repository]__ panel, apply newly
available system updates, verify the result by running `ceph --version` and
disable the old Ceph repository.

//TODO: At Ceph or PVE release changes, update:
//      - below variables (used in below headings and example ceph.sources files)
//      - the Ceph release table
:pve-version: 9
:ceph-release: ceph-squid
:suite: trixie

[[ceph_release_table]]
.Ceph releases available in {pve} {pve-version}

To read the latest version of the admin guide for your {pve} release, make sure
that all system updates are installed and that this page has been reloaded.

:u: unreleased
:t: tech preview
:a: available
:r: recommended
:eol: {cephdocs-url}/releases/[Estimated End-of-Life]

[caption="", cols="<8,^8,^6,^7,^5"]
|===
|                   | {eol}         |**`enterprise`**|**`no-subscription`**|**`test`**
|**`ceph-squid`**   |2026-09 (v19.2)|{r}|{a}|{a}
|===

//|**`ceph-tentacle`**|            {u}|{u}|{u}|{u}


.Ceph repositories for {pve} {pve-version}

The content of the `ceph.sources` file below serves as a reference (prior to
{pve} 9 the file `ceph.list` was used). To make changes, please follow the case
that applies to your situation as described at the beginning of this
subchapter. If you have disabled a repository in the web UI and also want to
delist it, you can manually remove the corresponding entry from the file.

====
**`enterprise`**

This repository is recommended for production use and contains the most stable
package versions. It is accessible if the {pve} node has a valid subscription
of any level. For details and included customer support levels visit:

{pricing-url}

.File `/etc/apt/sources.list.d/ceph.sources`
[subs="attributes"]
----
Types: deb
URIs: https://enterprise.proxmox.com/debian/{ceph-release}
Suites: {suite}
Components: enterprise
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----
====

====
**`no-subscription`**

This repository is suitable for testing and for non-production use. It is
freely accessible and does not require a valid subscription. After some time,
its package versions are also made available in the enterprise repository.

.File `/etc/apt/sources.list.d/ceph.sources`
[subs="attributes"]
----
Types: deb
URIs: http://download.proxmox.com/debian/{ceph-release}
Suites: {suite}
Components: no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----
====

====
**`test`**

This repository contains the latest package versions and is primarily used by
developers to test new features and bug fixes.

.File `/etc/apt/sources.list.d/ceph.sources`
[subs="attributes"]
----
Types: deb
URIs: http://download.proxmox.com/debian/{ceph-release}
Suites: {suite}
Components: test
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
----
====

WARNING: The Ceph **`test`** repository should (as the name implies) only be
used for testing new features or bug fixes.


[[sysadmin_debian_firmware_repo]]
Debian Firmware Repository
~~~~~~~~~~~~~~~~~~~~~~~~~~

Starting with Debian Bookworm ({pve} 8) non-free firmware (as defined by
https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the
newly created Debian repository component `non-free-firmware`.

Since {pve} 9 this repository is enabled by default for new installations to
ensure they can get xref:sysadmin_firmware_cpu[Early OS Microcode Updates].

You can also acquire need additional
xref:sysadmin_firmware_runtime_files[Runtime Firmware Files] not already
included in the pre-installed package `pve-firmware`.

To be able to install packages from this component, run
`editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each
`.debian.org` repository line and run `apt update`.

If you upgraded your {pve} 9 install from a previous version of {pve} and have
modernized your package repositories to the new deb822-style, you will need to
adapt `/etc/apt/sources.list.d/debian.sources` instead. Run `editor
/etc/apt/sources.list.d/debian.sources` and add `non-free-firmware` to the lines
starting with `Components:` of each stanza.

NOTE: Modernizing your package repositories is recommended. Otherwise, `apt` on
Debian Trixie will complain. You can run `apt modernize-sources` to do so.

[[repos_secure_apt]]
SecureApt
~~~~~~~~~

The 'Release' files in the repositories are signed with GnuPG. APT is using
these signatures to verify that all packages are from a trusted source.

If you install {pve} from an official ISO image, the key for verification is
already installed.

If you install {pve} on top of Debian, download and install
the key with the following commands:

----
 # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O /usr/share/keyrings/proxmox-archive-keyring.gpg
----

NOTE: The `wget` command above adds the keyring for Proxmox releases based on
Debian Trixie. Once the `proxmox-archive-keyring` package is installed, it will
manage this file. At that point, the hashes below may no longer match the hashes
of this file, as keys for new Proxmox releases get added or removed. This is
intended, `apt` will ensure that only trusted keys are being used.
*Modifying this file is discouraged once `proxmox-archive-keyring` is installed.*

Verify the checksum afterwards with the `sha512sum` CLI tool:

----
# sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45 /usr/share/keyrings/proxmox-archive-keyring.gpg
----

or the `md5sum` CLI tool:

----
# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg
----

NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
in your repository stanzas.

ifdef::wiki[]

// include note about older releases, but only for wiki

{pve} 8 Repositories
~~~~~~~~~~~~~~~~~~~~

{pve} 8 is based on Debian 12 (``bookworm''). Please note that this release
is not the newest stable release anymore, for details see the
xref:faq-support-table[FAQ support table]. Existing installations should be
updated. Nevertheless access to these repositories is still provided.

[width="100%",cols="<d,3m",options="header"]
|===========================================================
|Repository               | sources.list entry
|{pve} 8 Enterprise       |
deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
|{pve} 8 No-Subscription  |
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
|{pve} 8 Test             |
deb http://download.proxmox.com/debian/pve bookworm pvetest
|===========================================================

Release key URL: https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg

Release key hash sums:

----
sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87

md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
41558dc019ef90bd0f6067644a51cf5b
----


{pve} 7 Repositories
~~~~~~~~~~~~~~~~~~~~

{pve} 7 is based on Debian 11 (``bullseye''). Please note that this release
is out of date (see the xref:faq-support-table[FAQ support table]). Existing
installations should be updated. Nevertheless access to these repositories is
still provided.

[width="100%",cols="<d,3m",options="header"]
|===========================================================
|Repository               | sources.list entry
|{pve} 7 Enterprise       |
deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise
|{pve} 7 No-Subscription  |
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
|{pve} 7 Test             |
deb http://download.proxmox.com/debian/pve bullseye pvetest
|===========================================================

Release key URL: https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg

Release key hash sums:

----
sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
7fb03ec8a1675723d2853b84aa4fdb49a46a3bb72b9951361488bfd19b29aab0a789a4f8c7406e71a69aabbc727c936d3549731c4659ffa1a08f44db8fdcebfa

md5sum /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
bcc35c7173e0845c0d6ad6470b70f50e
----


{pve} 6.x Repositories
~~~~~~~~~~~~~~~~~~~~~~

{pve} 6.x is based on Debian 10.x (``buster''). Please note that this release is
out of date. Existing installations should be updated. Nevertheless access to
these repositories is still provided.

[width="100%",cols="<d,3m",options="header"]
|===========================================================
|Repository                 | sources.list entry
|{pve} 6.x Enterprise       |
deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise
|{pve} 6.x No-Subscription  |
deb http://download.proxmox.com/debian/pve buster pve-no-subscription
|{pve} 6.x Test             |
deb http://download.proxmox.com/debian/pve buster pvetest
|===========================================================


Outdated: {pve} VE 1 to 5 Repositories
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

{pve} releases 1 (based on Debian 5.0 ``lenny''), 2 (based on Debian 6
``squeeze''), 3 (based on Debian 7 ``wheezy''), 4 (based on Debian 6
``jessie''), and 5 (based on Debian 8 ``stretch'') are very outdated.

For {pve} 3 and newer repositories are still available, but they might be
archived at any time. See the shipped version of the reference documentation on
your installation for details about the repositories.

Please upgrade to latest version as soon as possible!

endif::wiki[]
ifdef::manvolnum[]
include::pve-copyright.adoc[]
endif::manvolnum[]