Unified offline repository mirroring for RPM and APT
Project description
Chantal
Because every other name was already taken. - A unified CLI tool for offline repository mirroring.
What is Chantal?
A Python-based CLI tool for offline repository mirroring, inspired by pulp-admin, reposync, and aptly.
The Problem: Enterprise environments need offline mirrors of RPM/APT repositories with version control, efficient storage, RHEL subscription support, and simple management. Existing tools either:
- Support only one repository type (
reposyncfor RPM,apt-mirrorfor APT) - Require complex infrastructure (Pulp needs Celery, RabbitMQ, Redis, PostgreSQL)
- Lack proper snapshot and deduplication features
The Solution: One simple CLI tool. No daemons, no message queues, no complex setup. Just sync repositories, create snapshots, and publish static files. Works with any webserver (Apache, NGINX) - because it's just files.
Features
- ๐ Unified Mirroring - Multiple repository types in one tool (RPM, DEB/APT, Helm, Alpine APK)
- ๐ฆ Deduplication - Content-addressed storage (SHA256), packages stored once
- ๐ธ Snapshots - Immutable point-in-time repository states for patch management
- ๐ Views - Virtual repositories combining multiple repos (e.g., BaseOS + AppStream + EPEL)
- ๐ Modular - Plugin architecture for repository types
- ๐ซ No Daemons - Simple CLI tool (optional scheduler for future automation)
- ๐ Static Output - Serve with any webserver (Apache, NGINX)
- ๐ RHEL CDN Support - Client certificate authentication for Red Hat repos
- ๐ฏ Smart Filtering - Pattern-based package filtering with post-processing
- ๐ช Mirror, Filtered & Hosted Modes - Full metadata mirroring, filtered repos with regenerated metadata, or hosted repos built from your own uploaded packages
- โฌ๏ธ Custom Package Upload - Inject local packages into a repository's pool with
chantal package upload(RPM, DEB/APT, Helm) - ๐ Metadata Signing - Sign regenerated metadata in filtered mode: APT (InRelease/Release.gpg), RPM (repomd.xml.asc) and APK (RSA-signed APKINDEX) so clients can verify the repo
- โก Fast Updates - Check for updates without downloading (like
dnf check-update) - ๐ Metadata Caching - SHA256-based cache for RPM metadata (90-95% faster syncs for RHEL)
Supported Repository Types:
- โ RPM/DNF/YUM (RHEL, CentOS, Fedora, Rocky, AlmaLinux, EPEL)
- โ DEB/APT (Debian, Ubuntu)
- โ Helm Charts (Kubernetes, Bitnami, AWS EKS, Prometheus, GitLab)
- โ Alpine APK (Alpine Linux, container base images)
Quick Start
Installation
Option 1: Container (Recommended)
# Pull from GitHub Container Registry
docker pull ghcr.io/slauger/chantal:latest
# Run
docker run --rm \
-v $(pwd)/config:/etc/chantal:ro \
-v $(pwd)/data:/var/lib/chantal \
-v $(pwd)/repos:/var/www/repos \
ghcr.io/slauger/chantal:latest --help
Option 2: PyPI (Recommended for Python users)
pip install chantal
Option 3: From Source
git clone https://github.com/slauger/chantal.git
cd chantal
pip install -e .
Requirements: Python 3.12+, PostgreSQL or SQLite
Basic Usage
# 1. Initialize database schema
chantal db init
# 2. Configure repositories (see docs for examples)
vim /etc/chantal/config.yaml
# 3. Sync repository (RPM, Helm, or APK)
chantal repo sync --repo-id epel9-latest
# 4. Create snapshot
chantal snapshot create --repo-id epel9-latest --name 2025-01
# 5. Publish
chantal publish snapshot --snapshot epel9-latest-2025-01
Result: Published repository in /var/www/repos/ ready to serve with Apache/NGINX.
Database Management
Chantal uses Alembic for database schema migrations:
# Initialize database schema (first-time setup)
chantal db init
# Check current schema version
chantal db current
# Check schema status and pending migrations
chantal db status
# Upgrade to latest schema version
chantal db upgrade
# View migration history
chantal db history
# Database statistics and verification
chantal db stats
chantal db verify
Note: Storage directories are created automatically when needed. The db init command only initializes the database schema.
Key Features
Content-Addressed Storage
- SHA256-based deduplication (2-level directory:
ab/cd/sha256_file.rpm) - Packages stored once, shared across all repositories
- Typical deduplication: 60-80% across RHEL variants
Immutable Snapshots
- Point-in-time freezes for patch management
- Compare snapshots (
chantal snapshot diff) - Rollback to previous states
- Atomic view snapshots (freeze all repos simultaneously)
Virtual Repositories (Views)
- Combine multiple repos into one:
BaseOS + AppStream + CRB - Mixed repos:
RHEL + EPELin single repository - Stack-specific views: web server, monitoring, etc.
Smart Filtering
filters:
patterns:
include: ["^nginx-.*", "^httpd-.*"]
exclude: [".*-debug.*"]
metadata:
architectures:
include: ["x86_64", "noarch"]
post_processing:
only_latest_version: true
Zero-Copy Publishing
- Hardlinks (not copies) to published directories
- Instant publishing (milliseconds for thousands of packages)
- Atomic metadata updates
Architecture
/var/lib/chantal/pool/ # Content-addressed storage (SHA256)
โโโ ab/cd/sha256_package.rpm
โโโ ...
/var/www/repos/ # Published repositories (hardlinks)
โโโ rhel9-baseos/
โ โโโ latest/ # Current state
โ โโโ snapshots/2025-01/ # Immutable snapshot
โโโ views/
โโโ rhel9-complete/ # Virtual repository
โโโ latest/
Database: PostgreSQL or SQLite (SQLAlchemy models) Plugins: Extensible architecture for repository types (RPM, DEB/APT, Helm, APK)
Documentation
๐ Full Documentation: https://slauger.github.io/chantal/
- Installation Guide
- Quick Start
- CLI Commands
- Configuration
- Views (Virtual Repositories)
- Architecture
- Plugin Development
Common Workflows
Patch Management
# Monthly cycle
chantal repo sync --all
chantal snapshot create --repo-id rhel9-baseos --name 2025-02
chantal snapshot diff --repo-id rhel9-baseos 2025-01 2025-02
chantal publish snapshot --snapshot rhel9-baseos-2025-02
RHEL Subscription
repositories:
- id: rhel9-baseos
feed: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os
ssl:
client_cert: /etc/pki/entitlement/1234567890.pem
client_key: /etc/pki/entitlement/1234567890-key.pem
Air-Gapped Environments
# Online system
chantal repo sync --all
tar czf export.tar.gz /var/lib/chantal /etc/chantal
# Offline system
tar xzf export.tar.gz
chantal publish repo --all
See Workflows Documentation for more examples.
Contributing
Contributions welcome! See GitHub Issues for planned features and improvements.
Development Setup
1. Clone and Setup Virtual Environment:
git clone https://github.com/slauger/chantal.git
cd chantal
# Create virtual environment
make venv
# OR manually: python3 -m venv venv
# Activate virtual environment
source venv/bin/activate
# Install dependencies
make install-dev
# OR manually: pip install -e ".[dev]"
2. Run Local Tests (CI/CD Checks):
# IMPORTANT: Always use the Makefile targets to ensure correct venv usage!
# Run all linters (same as CI/CD)
make lint
# Run all checks (linters + tests)
make check
# Individual checks
make ruff # Linting
make black # Code formatting check
make yamllint # YAML linting
make mypy # Type checking
make pytest # Unit tests
# Auto-format code
make format
3. Development Notes:
- โ ๏ธ Always activate the venv before running tests (
source venv/bin/activate) - โ
Use
make lintinstead of running tools directly - ensures venv usage - โ
CI/CD runs the same checks as
make lint- local = CI/CD - ๐ง All linters are pinned to specific versions for consistency
- ๐ See
Makefilefor all available targets
Read the Architecture Documentation before contributing.
License
MIT License - See LICENSE file for details.
Credits
Developed by Simon Lauger
Inspired by: pulp-admin, reposync, aptly, apt-mirror, bandersnatch
๐ฆ Container Images: ghcr.io/slauger/chantal:latest
๐ Documentation: https://slauger.github.io/chantal/
๐ Issues: https://github.com/slauger/chantal/issues
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file chantal-1.4.8.tar.gz.
File metadata
- Download URL: chantal-1.4.8.tar.gz
- Upload date:
- Size: 157.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4198c14a62b67698085067c1d5451fc9573a2b14d1e57cbcb82e085f2867188f
|
|
| MD5 |
2b21fdae49df24318b24c40e6dfebbac
|
|
| BLAKE2b-256 |
b30e26659e8b8a21d785d53e1b370d365fe32e926b958606768a2229f5fd1831
|
Provenance
The following attestation bundles were made for chantal-1.4.8.tar.gz:
Publisher:
release.yml on slauger/chantal
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
chantal-1.4.8.tar.gz -
Subject digest:
4198c14a62b67698085067c1d5451fc9573a2b14d1e57cbcb82e085f2867188f - Sigstore transparency entry: 1959467053
- Sigstore integration time:
-
Permalink:
slauger/chantal@d5e2fc6f89e2f73f09d620f5b2caced82f2869db -
Branch / Tag:
refs/heads/main - Owner: https://github.com/slauger
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@d5e2fc6f89e2f73f09d620f5b2caced82f2869db -
Trigger Event:
push
-
Statement type:
File details
Details for the file chantal-1.4.8-py3-none-any.whl.
File metadata
- Download URL: chantal-1.4.8-py3-none-any.whl
- Upload date:
- Size: 176.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f4c23d538a1e36ea26764940bf798ea877ec75b1fc4094b961fc483d2d4f76f
|
|
| MD5 |
0169258b2f411dae0cd0b7af7c50376b
|
|
| BLAKE2b-256 |
55088c8608a976f9f4e69c6e697dfb1754a4a2b3f39ef20d4d9f4dc25482b0e7
|
Provenance
The following attestation bundles were made for chantal-1.4.8-py3-none-any.whl:
Publisher:
release.yml on slauger/chantal
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
chantal-1.4.8-py3-none-any.whl -
Subject digest:
3f4c23d538a1e36ea26764940bf798ea877ec75b1fc4094b961fc483d2d4f76f - Sigstore transparency entry: 1959467195
- Sigstore integration time:
-
Permalink:
slauger/chantal@d5e2fc6f89e2f73f09d620f5b2caced82f2869db -
Branch / Tag:
refs/heads/main - Owner: https://github.com/slauger
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@d5e2fc6f89e2f73f09d620f5b2caced82f2869db -
Trigger Event:
push
-
Statement type: