Developing for OpenWrt? Bintray Has an Opkg For You

Opkg280x215OpenWrt is typically associated with network routers and similar equipment, and indeed the official OpenWrt website lists overs 1200 devices on which it runs. Network routers may sound boring (well, to some of us), but as the Internet of Things (IoT) continues its crusade around the world, many people don’t know that OpenWrt is also used on other devices such as phones, robots, sensor networks and more. To accommodate these more glamorous devices, and implement their cool features and functionality, and to give a network router an edge beyond the basic functions, you need a bit more than the Linux kernel on which OpenWrt is based. This good stuff comes in the form of over 3,500 Opkg packages which are available for download from public repositories. The good news is that JFrog Artifactory and JFrog Bintray together offer developers an end-to-end solution to manage their Opkg packages from development through to distributing them automatically to all those routers and robots alike.

While you can use Bintray to distribute your Opkg packages independently of Artifactory, using Artifactory for your OpenWrt development, can speed up your development cycles. For example, Artifactory support for Opkg gives you local repositories for the components you are developing, remote repositories to proxy remote ipk packages and get all those dependencies you need, and it even handles GPG signatures to verify packages. Once your packages are ready to go, use Artifactory’s Distribution Repository and push them to Bintray.

Bintray support for Opkg lets you work transparently with the Opkg client to resolve packages from Bintray and to upload them for distribution. As a mature and universal cloud platform for the distribution of software, Bintray can deliver software updates to users and devices alike over fast CDN, with advanced security features like access entitlements, detailed download stats and logs and more.

Uploading files is easy as 1-2-Oh-there-isn’t-even-a-3

  1. Create an Opkg repository and package in Bintray
  2. Upload your “ipk” file using Bintray’s REST API.
    For example, to upload kool-bot-utils to my robot-utils package in repository opkg-distributions with cURL, I would use:
curl -T kool-bot-utils.ipk -ujaycroaker:myapikey https://api.bintray.com/content/jaycroaker/opkg-distributions/robot-utils/1.0/.

Once your file is uploaded, Bintray will calculate the repository-wide Opkg metadata to maintain compatibility with the Opkg client.

If the version specified in the command don’t exist, Bintray will create it for you. And of course, you can do all of this through Bintray’s REST API, or through the JFrog CLI and in that case, you can do the above and publish the file in a single call.

Downloading is also a snap

The Opkg client works transparently with Bintray. You just need to define Bintray as a feed in your opkg.config file:

echo 'src bintray-feeds https://dl.bintray.com/jaycroaker/opkg-distributions/.' >> /etc/opkg/opkg.conf

Now you just install …

opkg install robot-utils

And if you need authenticated access to the repository, you can just add your Bintray credentials to the config file:

echo 'option http_auth jaycroaker:myapikey' >> /etc/opkg/opkg.conf

You don’t even need to memorize these lines. Bintray has a cool Set Me Up feature for every repository type that displays these code snippets for you to copy and paste into your scripts.

OpkgSetMeUp

So if routers, robots, and OpenWrt are what make your day, have a look at Bintray’s support for Opkg. Need private repositories? Check out Bintray Premium where you can use signed URLs and access entitlements for fine-grained control over who (or what) can download your ipk files. We envision the day when, not only routers and robots, but all devices get their software updates from Bintray.

 

Geo Restriction Lets You Control Where Your Content Can Be Downloaded From

geolocation1When you publish software for distribution on Bintray, you generally want to give it as wide a reach as possible and expose it to as many potential users as you can. But there are also cases in which you have to restrict access to certain countries. For example, government security or export regulations may forbid you from doing business with certain countries, or your own company may even restrict your particular organization to distributing your software in your own local region of the world. This is where Bintray’s Geo Restriction feature saves the day.

White lists and black lists

Bintray’s Geo Restriction feature works by letting you define a whitelist or a blacklist per repository. If you create a whitelist, only users from countries entered in the list will be able to download software from the repository. A black list works the opposite way; users from countries in the list are forbidden from downloading software. Bintray determines where a download request is coming from by passing the request IP to a GeoIP provider who determines the country from which the request originated. Then, if a Geo Restriction is applied to the target repository, Bintray will make sure the request can be honored according to the whitelist or blacklist defined. For download requests from countries restricted from accessing a repository, Bintray will respond with an error.

Geo Restriction is available for repositories in an Enterprise account. Gold account users can also see how this feature works, but are limited to one country in the list.

It’s so easy

You can define a whitelist or blacklist by selecting the Geo Restriction tab in the Edit Repository page for each of your repositories. Note that you can only edit the repository if you own it, or if it’s owned by an organization of which you are a member and have the required authorization to do so.

GeoRestriction

Geo restrictions come first

A Geo Restriction overrides any other form of “permission” in Bintray. In other words, even if a user is a member of your team and has “permission” to download a file, or even if you’ve provided someone with a signed URL or an entitlement  to download a file, if their request comes from a restricted country, it will be blocked.

Enjoy!

 

Keep Your Secrets Safe by Serving Encrypted Files

encrypted_280x215aOnce you have uploaded your content into Bintray private repositories, it’s pretty safe through Bintray’s management of users, organizations, and teams. But what happens when you need to send a private file to someone else? Signed URLs give you an easy way to do that. Just generate your URL signing key and use the URL signing API call to create the URL. You can even make the URL valid for only a limited period of time. Now all you need to do is send the URL to the right person.

But what happens if the URL or the downloaded file gets into the wrong hands? Suddenly the file containing a license key/sensitive company information/anything-else-you-badly-wanted-to-keep-private is exposed..

Well, worry no more.  Bintray can now protect you from that kind of unwanted exposure.

On-the-fly file encryption

Bintray can now encrypt your file, on-the-fly, before it is downloaded through the signed URL. It works like this:

  • Upload your file (either manually through the website or using the REST API) into one of your private repositories.
  • Now you can generate the signed URL which will download the file.
    Nothing new yet, but here’s the thing.
    Now you can also attach a secret to the signed URL and tell Bintray to encrypt the file before it is downloaded. Bintray uses AES 256 CBC encryption for which you can provide your own secret key or ask Bintray to create one for you.
  • Now you can provide your customer with your secret through an alternative communications channel.
  • Once your customer has downloaded the file, they can use the secret key to decrypt the file using an OpenSSL command line. In other words, they need both the signed URL and the secret key.

Let’s See It In Action

Let’s assume we have a top secret “message.txt” file in a repo. We’ll use the REST API to create the signed URL:

curl -X POST -H "Content-Type: application/json" https://bintray.com/api/v1/signed_url/bintray/repo/message.txt?encrypt=true --data '{"valid_for_secs": 3600, "secret" : "my secret"}'

200 OK
{
"url": "https://dl.bintray.com/bintray/repo/message.txt?expiry=1461681694199&id=fHObRX27TU3EEpjQYIj9HFhbthU%2BPkkD4iXkRibKBYQvTFqlXP9tPUGlk5Xm3qE3&signature=nDt3t7Wj%2BP1B6chQ3AEt8iwaeowWuK66eQTP2tvgfa3AfmSAvR3IrPuVkP3tx90ihT2vMT9m1trJQ6IJZiVdSA%3D%3D"
}

If you don’t supply a secret, Bintray will create one for you and return it as an Http header: X-Bintray-Secret. Note that for that extra bit of security we limited the validity of the URL to 3600 seconds.

Your customer can now download the file from the returned URL:

curl -o message.txt "https://dl.bintray.com/bintray/repo/message.txt?expiry=1461681694199&id=fHObRX27TU3EEpjQYIj9HFhbthU%2BPkkD4iXkRibKBYQvTFqlXP9tPUGlk5Xm3qE3&signature=nDt3t7Wj%2BP1B6chQ3AEt8iwaeowWuK66eQTP2tvgfa3AfmSAvR3IrPuVkP3tx90ihT2vMT9m1trJQ6IJZiVdSA%3D%3D"

You can choose any secured way to send the user the secret. For example: phone or text message.

Now, to decrypt the file, your customer can use OpenSSL:

$ openssl enc -aes-256-cbc -d -in <encrypted file name> -out <decrypted file name output>

The tool will prompt your customer for the secret and then proceed to decrypt the file.

That’s how you keep your secrets safe. Enjoy!

 

 

 

 

 

 

Who needs a EULA if nobody reads it?

bintray_eula_products_blogpostAs long as you’re distributing public open source software, you don’t need a EULA. Just choose from the over 100 open source licenses Bintray offers to get the level of protection you want. Once you move to distributing commercial software, you need a EULA. This is the contract that you make with all of your users when they download your software from Bintray. Without a EULA, you’re exposing yourself to lawsuits and unmitigated copying and redistribution.

Now, we’ve all seen EULAs. Whether they’re entitled “Terms of Service”, “Terms and Conditions”, or “Here’s what you can and can’t do with my software”, essentially, they are the same. They usually pop up early on in the installation sequence of any new piece of commercial software we install. And I can tell you, with 5-nines of certainty that most of us just click “Next” without reading them, and complete the installation. But there is a breed of people who actually DO read EULAs. They are usually sequestered in some corporate enclave, and it’s their job to make sure that the company they represent can accept the contractual obligations you set forth in your EULA. Yes, these are the company lawyers. Without their “OK”, your potential enterprise customers will not use your software.

Now, as smart as lawyers may be (or not), if your EULA is hidden somewhere deep under /etc/this/that/and/the/other, it’s going to be difficult to find. There’s no reason to make this difficult. Bintray gives you an easy way to expose your EULA through Products.

Bintray Products and EULAs

Say you developed your “packageOfTheCentury”, and, naturally, you want to offer it to developers on different platforms. I.e., you might have your debianPackageOfTheCentury, nugetPackageOfTheCenutury, npmPackageOfTheCentury…and so on. Since all these packages represent the same product, just for different packaging formats, you will want to apply the same EULA to all of them. This is where Bintray Products come into play. Products are available with a Gold or Enterprise account, and let you collect all the packages under one roof as a single coherent offering, making it easy for you to manage. It’s also easier for potential users to find your single product rather than searching for all its components separately, and any update you make to any of the constituent packages in your product is automatically reflected as a new version of the product itself. But the biggest benefit is that you only need to assign a single EULA to your product, and it applies to all of its constituent packages. And the beauty of it is that your EULA protects your product, for both authenticated and anonymous users, before it’s even downloaded, rather than being embedded inside the packages. That also means that it’s easy to update online as any of the constituent packages are updated with new versions. 

Creating a Product is easy.

NewProduct

 

And once your product is created, and you’ve entered its basic details, it’s easy to add packages to it.

ProductPackages

You don’t even have to change your product’s version manually; it is automatically derived by Bintray any time the version of one its constituent packages changes. And if you really want to, you can assign a different EULA to different versions of your product as needed.You don’t even have to change your product’s version manually; it is automatically derived by Bintray any time the version of one its constituent packages changes. And if you really want to, you can assign a different EULA to different versions of your product as needed.

Product Versions

 

All About Bintray EULAs

With a Bintray Enterprise account, you can manage all of your EULAs in one place and set a default EULA to be assigned to all new versions of this product that are created.

ProductEULAs

You can create a new EULA at any time using Asciidoc, Markdown or free text.

Create a New EULA

And once you have a EULA assigned to your product, if anyone (even an anonymous user) tries to download a file from one of the packages in your product, they will have to accept your EULA first. In fact, the download URL provided by Bintray for any of the packages in your product will first pop up the EULA and require the user to accept before proceeding with download. That means you can provide a EULA-protected download link from any other app. Just hover over the package in your download list to see it.

Download URL with EULA

 

Why don’t you try this one to see how it works. Here’s what you should see.

Accept EULA

 

By collecting the different packages you are offering under a single product, governed by a single EULA, you’re protecting your interests, making things simpler, and reducing your (and your customers’) legal costs. Can you think of any better way to protect your IP and keep both your lawyers and your customers happy?

Read all about managing products and EULAs.

 

 

6 Reasons to Distribute Commercial NuGet Packages through Bintray

Developing on .NET? Then, most likely, you are no stranger to NuGet Gallery. It’s a great place to find public NuGet packages. But is it the best place to host and distribute your own private packages? With the recent addition of native support for NuGet, you can now point your NuGet client to Bintray and transparently use it as your download source for NuGet packages. In this post, I’ll show how Bintray complements NuGet Gallery and the benefits it offers for the commercial distribution of private and public NuGet packages.

Privacy with fine-grained access control

With a professional account on Bintray, you can create private repositories and set up teams of users with different permissions according to the access you want to provide each team. Using keys and entitlements, you can provide external users who don’t have a Bintray account access at any level of granularity, from a whole repository down to a single artifact.

Metadata

On Bintray, every package is accompanied with a variety of metadata that can be used to search for and download packages. These include owner, open-source licenses used by the package, link to version control where the package’s sources can be found, even user-defined attributes and more.

Rapid downloads

Bintray is deployed on US, European, and Asian clusters and provides ultra-fast downloads over a rapid CDN (Akamai and Cloudfront).

Rich stats and logs

Rich stats provide detailed download information over any time period, and live logs provide detailed information about who is accessing your packages.

Integration with Artifactory

Bintray’s tight integration with Artifactory means that you can fully automate your .NET development pipeline from development to distribution.

A universal distribution hub

Bintray can serve your enterprise distribution needs for all package types. In addition to NuGet, Bintray also offers native level support for Docker, Debian, Maven, RPM, and Vagrant packages. This means that Bintray maintains metadata specific to these package types and can work transparently with the corresponding clients.

How does it work?

It’s pretty simple really.

First, create a repository and specify its type to be NuGet.

Create a NuGet repository

Now, all you need to do is point your NuGet client or Visual Studio at your new repository on Bintray. That’s just as easy, and Bintray even shows you how to do that. On your new repository page, just click Set Me Up. For the sake of readability, on this post, I’ll be using the NuGet client.

Set up a NuGet Repository

So, like the Set Me Up dialog shows us, to configure the NuGet client to work with Bintray, you need to add Bintray to the client’s list of sources:

nuget sources Add -Name Bintray -Source https://api.bintray.com/nuget/jaycroaker/MyNugetRepo -UserName <USERNAME> -Password <API KEY>

 

As you can see, you’ll need to include your Bintray username and API Key.

Then, you need to enable the use of your Bintray API key with the NuGet client:

nuget setapikey <USERNAME>:<APIKEY> -Source Bintray

 

Now you’re ready to deploy packages from the NuGet client directly to bintray. As an example, let’s say you want to upload a great logging utility you created called MyLogger (yes, I’m keeping things simple). Are you used to using nuget push? Well, nothing has changed:

nuget push MyLogger.1.0.0.0.nupkg -Source https://api.bintray.com/nuget/jaycroaker/MyNugetRepo

 

Now you should be able to see your package in your new NuGet repository, complete with the version you assigned.

Resolving NuGet package

And resolving the NuGet package from Bintray with the NuGet client is just as easy:

nuget install MyLogger -Source https://api.bintray.com/nuget/jaycroaker/MyNugetRepo

 

As you can see, once you have added Bintray as a source for your NuGet client, you can push and install transparently as if you were working with the NuGet Gallery. And since Bintray is a universal distribution hub, you can push to and pull from Bintray with the same ease when working with Docker, Debian, RPM, Maven, and Vagrant using the corresponding client for those package types. And with generic repositories on Bintray, you can host generic distributions such as installers or data files with the same ease of use. As we continue to add support for more and more package types, working with Bintray will just continue to get easier.

Manage your Bintray and GitHub organizations better together

Bintray’s integration with GitHub is now moving to a new level with GitHub organizations! As a Bintray user who is also a GitHub user, you already know that you can import your GitHub repositories, tags, readme’s, and release notes to Bintray. Now you can also import your GitHub organizations, the organization’s repositories, and even keep your GitHub and Bintray organization’s members in sync! This new feature saves time and effort maintaining your organizations and their members across the two platforms.

Here’s how to do that:

Authorize your GitHub account in Bintray

In order to be able to import GitHub entities to Bintray, your GitHub account should be authorized in Bintray. Your GitHub username has to be provided and authorized in the ‘Accounts’ page in your Bintray profile page:

Authorize Github in Bintray

Grant Bintray access to your GitHub organizations

GitHub organizations should be authorized with Bintray, so Bintray is able to access your GitHub organization. Grant Bintray the access by going to your GitHub profile. Under the ‘Applications’ section you will see the GitHub organization. Select the organizations you would like Bintray to be able to access.

GHOrganizationAccess

You can read more about application authorization with GitHub in the Bintray documentation.

Import a GitHub organization

You can import a GitHub organization while you create a new one in Bintray, or to an existing Bintray organization at any time.

Import GitHub organization to a new Bintray organization

When creating a new organization in Bintray you now see a new option to import your organization from GitHub:

Create new organization

If you choose ‘Import from GitHub’, your GitHub organizations, that have not been imported yet, will be displayed for you to choose from:

Select Organization to Import upon new organization creation

Once you make a selection, your GitHub organization is successfully imported to Bintray. Note that at this point, only the organization is imported, without members or repositories.

At this point Bintray offers you shortcuts to the most common options you naturally wish to do now:

Organization was created successfully

I will elaborate on how to sync members to your imported organization, and how to import an organization repositories later on in this post.

Import GitHub organization to an existing Bintray organization

To associate an existing Bintray organization with a GitHub organization, access the ‘Accounts’ section in your Bintray organization’s profile page. Bintray lets you choose from your accessible GitHub organizations:

Select organization to import to an existing organization

Sync members

Bintray Professional accounts can also sync members from a GitHub organization and have membership changes in a GitHub organization automatically synced to the equivalent Bintray organization. To sync members automatically, click on the ‘Sync’ button in the ‘Members’ section of the organization profile page:

Sync members

The sync will generate an invitation in each member’s Bintray mailbox. Once a user approves his membership, he becomes a fully synced member in the Bintray organization.

The following rules apply once your GitHub organization is imported:

  • All GitHub organization members will be members in the corresponding Bintray organization (as long as they are users of both).
  • GitHub teams are now teams in the corresponding Bintray organization.
  • Members’ permissions are also imported: an ‘owner’ in a GitHub organization will be an ‘admin’ in Bintray, a ‘member’ in GitHub stays a ‘member’ in Bintray.
  • Member’s privacy attributes, ‘private’ and ‘public’ in GitHub, are kept as ‘public’ and ‘nonpublic’ in Bintray .

You can keep the members list synced with Github, so any member added to or removed from GitHub in the future will automatically be updated in your Bintray organization. This saves you the worry of maintaining members in both Bintray and GitHub. You can also disable member sync, so that it is a onetime procedure. Members’ syncing can be enabled or disabled at any time.
For a step by step instructions of how to import GitHub organizations and members, please refer to the user manual.

Import a repository

At this point it makes sense to add a repository to your new organization. Importing GitHub organization repositories is now available! (previously, it was only possible to import personal repositories). In order to do so, create a new repository under your imported organization. In the repository page, click on ‘Import from GitHub’:

Repository page import from GitHub
Bintray will display all the GitHub repositories and their release tags under the imported organization:

Import GitHub repositories

Select the repositories and releases you wish to import, and remember that GitHub repositories will be Bintray packages, and GitHub release tags will be versions in Bintray. Note that the import includes the repository structure and not the actual files.

You can read more about importing GitHub repositories here.

If you use both GitHub and Bintray, this cool new feature will save you time and reduce hassle.
Good Luck!

Catch that Millionth Download with Bintray’s New Statistics API

Want to know exactly how many times your packages have been downloaded? Bintray has always given you download statistics through its UI, but now you can also get them for professional repositories via REST API. Detailed statistics on downloads per version over any time frame give you deep insights into how your software releases are consumed.
If you have never used statistics in Bintray, go ahead and check it out in the user guide.

Let’s see an example
Say I want to get the daily number of downloads of ‘myCoolPackage’ from October 1st to October 8th, 2015. This is what the stats look like in the Bintray UI:

myCoolPackage Downloads UI Stats Per Week

According to the chart, ‘myCoolPackage’ was downloaded a total of 147,752 times in that period. We can clearly see that there were downloads every day; there were dips on October 4th (Sunday) and October 8th (the chart was generated on October 8th around midday), and the most popular versions were 1.1.0 and 1.2.0.

Now you can get all this information programmatically using the new REST API. Here’s the “daily downloads” API as it is described in the REST API documentation:

GET /packages/:subject/:repo/:package/stats/time_range_downloads

To get the statistics displayed in the chart above, I would use the following command:

curl -X GET "https://api.bintray.com/packages/tamarUser/Maven/myCoolPackage/stats/time_range_downloads" -u tamarUser:***my-top-secret-api-key*** -H "content-type:application/json" -d “{\"from\":\"2015-10-01T12:08:56.235z\",\"to\":\"2015-10-08T12:08:56.235z\"}"

I get the following response in JSON format:

{
  "from":"2015-10-01T00:00:00.000Z",
  "to":"2015-10-08T23:59:59.999Z",
  "records":[
      {"date":"2015-10-01","downloads":
        [{"version":"1.0.5","count":1939},
         {"version":"1.1.0","count":6950},
         {"version":"1.1.3","count":293},
         {"version":"1.1.7","count":116},
         {"version":"1.2.0","count":10111},
         {"version":"1.2.1","count":1329},
         {"version":"1.2.2","count":1706}]},
      {"date":"2015-10-02","downloads":
        [{"version":"1.0.5","count":315},
         {"version":"1.1.0","count":6975},
         {"version":"1.1.3","count":198},
         {"version":"1.1.7","count":121},
         {"version":"1.2.0","count":9967},
         {"version":"1.2.1","count":1290},
         {"version":"1.2.2","count":1759}]},
      {"date":"2015-10-03","downloads":
      ...]
}

The response provides all of the same data that Bintray uses to create the chart in the UI. For each day within the requested date range in which downloads occurred, it lists the number of downloads per version. As simple JSON output, you can easily parse the response and use it any way that helps you analyze your package downloads quickly and effectively. You are now able to identify trends in downloads, your popular versions and more.

Other statistics REST APIs include: total downloads and downloads by country. Keep an eye on this blog to hear about new APIs when we add them.

Good luck!