When changing or modifying any repository settings please be sure to click the green "Update" button to apply your changes - you may need to scroll down to see it!
You can change the name or description of a repository at any time.
Please be aware that the name is just a descriptive name, it is not the repository slug / identifier. Changing the name of the repository will not result in breaking any configurations used by client programs or other users.
To change the repository slug / identifier, see the section on Potentially Unsafe Actions.
Repository privileges allow you to configure what permissions are required to perform actions on the repository.
You assign a permission level to a Team or User when you grant them access to the repository (see Access Controls for information on granting access to a repository), and then you can set precisely what actions that permission level can perform using the repository privileges
If you wanted a Team or User to only be able to set or use Entitlement Tokens, then you could set the permission level required for Set/Use Entitlements to Read, and set all other action to Write or above.
Then in the repository Access Controls, you would set the Team or User to only have Read permissions on the repository. As a result, they would be able to set or use Entitlement Tokens, but would not have permission for any other repository actions.
User Entitlements Enabled
If checked, users can use and manage their own user-specific entitlement token for the repository (if the repository is a private repository).
If not checked, user-specific entitlement tokens are disabled for all users.
Copy / Move / Delete / Resync
If checked, users can copy/move/delete and resync packages that they have uploaded. This assumes that they still have write privileges for the repository. These override the repository privilege level setting for the repository.
Use/Configure NoArch Packages
Enables noarch packages (if supported by the package type) in installations/configurations. A noarch package is one that is not tied to a specific system architecture (like i686)
Index Package File Contents
Enables the indexing of files within a package. This will increase the synchronization time for a package but it is recommended to keep this enabled unless synchronization time is significantly impacted.
Proxy Python Packages
Enables automatic proxying from the public pypi.python.org registry for packages that are not present in the repository when requested by clients. If there is at least one version of a package, others will not be proxied.
Proxy Npm Packages
Enables automatic proxying from the public npmjs.org registry for packages that are not present in the repository when requested by clients. If there is at least one version of a package, others will not be proxied.
Serve index for raw packages
Enables the generation of HTML and JSON indexes that list all available raw packages in the repository
Always show Set Me Up for all formats
Enables the "Set Me Up" help documentation for all supported formats, even those formats that do not have packages currently present in the repository.
Use/Configure Source Packages
Enables source packages (if supported by the package type) in installations/configurations). A source package is one that contains source code rather than built binaries
Replace Packages By Default
Enables uploaded packages to overwrite/replace any others with the same attributes (e.g version) by default. This only applies if the user has the required privilege for the republishing AND has the required privilege to delete packages that they do not own.
Strict Npm Validation
Enables strict validation of npm packages to ensure that they match specification. If you have packages that are old or slightly off-spec you can disable this but we can't guarantee that the packages will work with the npm CLI or other tooling
Use crates.io as default Cargo upstream
Enables the assumption that Cargo crates which do not set an explicit value for 'registry' will be available from crates.io. If not enabled, dependencies with unspecified 'registry' values will be assumed to be available in the registry being uploaded to. Disable this if you want to ensure that dependencies are only ever installed from Cloudsmith unless explicitly specified as belong to another registry.
Docker Auth Refresh Enabled
Enables the issuing of refresh tokens in addition to access tokens for Docker authentication. This allows unlimited extension of the lifetime of access tokens
Use Debian Labels
Enables a 'Label' field in Debian-based repositories. It will contain a string that identifies the entitlement token used to authenticate the repository, in the form of 'source=t-'; or 'source=none' if no token was used. You can use this to help with pinning.
You can specify a custom GPG key for signing repository metadata and packages. We will automatically derive the public key and fingerprint for any custom GPG key specified.
If your custom GPG key is encrypted, please also provide the passphrase for it.
You can specify a custom RSA key for signing repository metadata and packages. We will automatically derive the public key and fingerprint for any custom RSA key specified. The private key must be in PKCS8 format.
If your custom RSA key is encrypted, please also provide the passphrase for it.
Adding a custom GPG or RSA key will take effect immediately, but will not affect any existing packages that were signed with the previous key. Packages signed with the previous key will still be available and the previous key can still be fetched.
When you initiate a repository transfer, the owner of the destination account/namespace will need to confirm that they accept the transfer.
The repository will then be transferred to the destination account/namespace immediately. The repository storage size will immediately count towards the storage limits for the destination account/namespace
Collaborators for the repository will be reset and any existing clients of the repository will need to update their URIs to point to the new location.
Updated 4 days ago