No root access – no Debian packages on Cloud Foundry? That’s past with the APT-Buildpack!

As the title already states, Cloud Foundry containers don’t grant root access and therefore it wasn’t possible to install Debian packages. But with the release of the APT-Buildpack this fact has changed forever. In this Blogpost I’ll guide you through a small example how you can easily use the APT-Buildpack to build your custom application runtime. For that purpose, I used a simple ruby app and installed two additional packages within the app using the multi-buildpack support of Cloud Foundry. You need to use the multi-buildpack feature because the APT-Buildpack can only be run as a supply buildpack and not stand-alone.

Step 1 – Create an apt.yml file

The first step to start is to create an apt.yml in your application root directory – at the same place as your manifest.yml is located.

This file structure may look like:

The apt.yml for my example looks like this:

The apt.yml file is self-explanatory. There are three sections: the “keys”, where all the necessary additional repository keys are configured, the “repos” where all the additionally needed repos can be defined and the last section with the “packages” where the package itself is defined.

In this example I installed “mongodb-tools”, which needed a custom apt-repository and key. I also installed “cowsay” which is part of the standard Debian repository and therefore there is no additional configuration needed for that.

There are two additional sections you can define in the apt.yml:

“truncatesources” as the name suggests truncates the sources.list file and puts just the entries specified in repos section. This maybe needed in environments where ubuntu public repos are blocked. “cleancache” calls the commands “apt-get clean” and “apt-get autoclean” which is useful to purge any cached content.

Using PPA

It’s possible to use a PPA, but you need to indicate the GPG key for the PPA and the full repo line, not just the PPA name.  A Personal Package Archive (PPA) is a special software repository for uploading source packages to be built and published as an APT repository by Launchpad.

A PPA, in simple terms, is a collection of software not included in Ubuntu by default. Typically, these repositories focus on a single program, but they can include more depending on the person maintaining them.

To locate this information, navigate to the PPA on Launchpad. Expand where it says “Technical Details about this PPA”.

Under that, select the correct version of Ubuntu from the drop down. Then you can copy and paste the sources.list entries presented there under the repos block in apt.yml. Beneath the sources.list entry, you’ll add label named “Signing Key” and beneath that a link. Click on the link. On the page that loads, you should see one GPG key entry. In the bits/keyID column, you’ll see a link. Right click on that and copy the link. Paste that in under the keys block in your apt.yml.

You should now be able to install packages from that PPA. Checkout this thread if you struggle to find those information.

This is all you need to install additional packages within your app. Easy – isn’t it?

Step 2 – Use the multi-buildpack support

Now you have two ways to deploy your app – either you create a file which is called “multi-buildpack.yml” where you specify all buildpacks you want to run, or you push your app as usually and provide the additional buildpack as command line argument.

When you defined the buildpacks like above, you can only run “cf push” to deploy your application. If not, you can provide the needed buildpacks directly in the push command, like in the example below:

Important note: The last specified buildpack is used to start the application and set the environment.  More information about pushing your Application with multiple buildpacks can be found here:


When you make use of custom repositories in your apt.yml you’ll see the following output while pushing your app:

It’s misleading that it is highlight in red, it’s only an information that the Public Key of the custom repository was successfully imported ?.

When your app has been successfully deployed, you see in the app status output that there are both buildpacks listed.

If you want to check if the additional packages are successfully installed, you can “ssh” into your app and you find a “deps/” folder in the Home directory of the user. There are all installed packages located. In my case it’s “mongodb-tools” and “cowsay”. They are located here:

Now you are ready to push your app with additional packages ?! For testing purpose I uploaded the Ruby Simple App onto my Github: – feel free to use it!