Public Repo

Transport	HTTP and HTTPS (HTTP/2)
Network	IPv4 and IPv6
Logging	None
Projects	18 mirrored
Sync loop	Continuous; ~100 s rest between passes
Cost	$0

Quick Start

Pick your distribution. Replace the matching Server or deb line in your package manager, then refresh.

Arch Linux (pacman)

Add to the top of /etc/pacman.d/mirrorlist:

Server = https://public-repo.com/archlinux/$repo/os/$arch

Then refresh:

sudo pacman -Syyu

Arch Linux ARM (pacman)

Add to the top of /etc/pacman.d/mirrorlist:

Server = https://public-repo.com/archlinuxarm/$arch/$repo

Arch Linux 32 (pacman)

Add to the top of /etc/pacman.d/mirrorlist:

Server = https://public-repo.com/archlinux32/$arch/$repo

Ubuntu (apt)

Edit /etc/apt/sources.list (replace noble with your release codename):

deb https://public-repo.com/ubuntu/ noble main restricted universe multiverse
deb https://public-repo.com/ubuntu/ noble-updates main restricted universe multiverse
deb https://public-repo.com/ubuntu/ noble-security main restricted universe multiverse

ARM and other non-x86 architectures use ubuntu-ports/:

deb https://public-repo.com/ubuntu-ports/ noble main restricted universe multiverse

ISOs: browse ubuntu-cd/. End-of-life releases at ubuntu-archive/.

Debian (apt)

Edit /etc/apt/sources.list (replace bookworm with your release codename):

deb https://public-repo.com/debian/ bookworm main contrib non-free non-free-firmware
deb https://public-repo.com/debian/ bookworm-updates main contrib non-free non-free-firmware
deb https://public-repo.com/debian-security/ bookworm-security main contrib non-free non-free-firmware

ISOs: browse debian-cd/. Historical releases at debian-archive/.

Linux Mint (apt)

Edit /etc/apt/sources.list.d/official-package-repositories.list (replace virginia with your release codename):

deb https://public-repo.com/linuxmint-packages/ virginia main upstream import backport

ISOs: browse linuxmint-cd/.

Gentoo (portage)

For distfile downloads, edit /etc/portage/make.conf:

GENTOO_MIRRORS="https://public-repo.com/gentoo"

To sync the Portage tree via HTTP snapshot, edit /etc/portage/repos.conf/gentoo.conf:

[gentoo]
location = /var/db/repos/gentoo
sync-type = webrsync
auto-sync = yes

Run emerge-webrsync for the initial sync; subsequent syncs via emerge --sync.

EndeavourOS (pacman)

Add to the top of /etc/pacman.d/endeavouros-mirrorlist:

Server = https://public-repo.com/endeavouros/$repo/$arch

Raspberry Pi / Raspbian (apt)

Edit /etc/apt/sources.list (replace bookworm with your release codename):

deb https://public-repo.com/raspbian/ bookworm main contrib non-free rpi

Kali Linux (apt)

Edit /etc/apt/sources.list:

deb https://public-repo.com/kali/ kali-rolling main contrib non-free non-free-firmware

ISO and weekly live images: browse kali-images/.

Tails (live)

Tails is a live OS — there is no package manager to repoint. Download the ISO or USB image from tails/stable/ and verify it against the upstream signature before booting. The full tree is browseable at tails/.

CachyOS (pacman)

Add to the top of /etc/pacman.d/cachyos-mirrorlist:

Server = https://public-repo.com/cachyos/$repo/$arch

Chaotic-AUR (pacman)

After Chaotic-AUR setup, add this mirror to /etc/pacman.d/chaotic-mirrorlist:

Server = https://public-repo.com/aur.chaotic.cx/$repo/$arch

F-Droid

In the F-Droid app, go to Settings → Repositories → Add:

https://public-repo.com/fdroid-repo/

For the full archive (older versions), add:

https://public-repo.com/fdroid-archive/

LineageOS (OTA)

OTA zip images: browse lineageos/, navigate to your device codename, and select the build you want to flash.

Alpine Linux (apk)

Replace the contents of /etc/apk/repositories (replace v3.20 with your release):

https://public-repo.com/alpine/v3.20/main
https://public-repo.com/alpine/v3.20/community

Then run apk update.

Chimera Linux (apk)

Edit /etc/apk/repositories.d/00-repo-main.list (and any other enabled repo lists):

https://public-repo.com/chimera/current/main

Then run apk update.

FreeBSD (pkg)

Create /usr/local/etc/pkg/repos/public-repo.conf:

FreeBSD: { enabled: no }
public-repo: {
    url: "https://public-repo.com/freebsd/ports/${ABI}/latest",
    enabled: yes
}

Release ISOs and source snapshots: browse freebsd/.

Mirrored Projects

Everything is synchronized across all architectures and archives served here. Directory listings are enabled — browse any path directly.

Project	Paths	Package manager	Mirror tier
Arch Linux	archlinux/	pacman	Tier 2
Arch Linux ARM	archlinuxarm/	pacman	Tier 3
Arch Linux 32	archlinux32/	pacman	Tier 3
Ubuntu	ubuntu/, ubuntu-ports/, ubuntu-cd/, ubuntu-archive/	apt	Tier 3
Debian	debian/, debian-security/, debian-cd/, debian-archive/	apt	Tier 3
LineageOS	lineageos/	OTA	Tier 3
Linux Mint	linuxmint-cd/, linuxmint-packages/	apt	Tier 3
Gentoo	gentoo/, gentoo-portage/	portage	Tier 3
EndeavourOS	endeavouros/	pacman	Tier 3
Raspberry Pi	raspbian/	apt	Tier 3
Kali Linux	kali/, kali-images/	apt	Tier 3
Tails	tails/	live	Tier 3
CachyOS	cachyos/	pacman	Tier 3
Chaotic-AUR	aur.chaotic.cx/	pacman	Tier 3
F-Droid	fdroid-repo/, fdroid-archive/	fdroid	Tier 3
Alpine Linux	alpine/	apk	Tier 3
Chimera Linux	chimera/	apk	Tier 3
FreeBSD	freebsd/	pkg	Tier 3

How to Use

The Quick Start section above lists configuration for each distribution. You can also browse each project directly — directory listings are enabled on every path.

Replace release codenames (noble, bookworm, virginia, v3.20, and so on) with the values for your installed release before applying any apt or apk lines.

Sync Schedule

Sync runs in a continuous loop with roughly 100 seconds of rest between full passes. Freshness is bounded by one pass plus that interval.

Sync is performed with rsync using -avhW, atomic --delay-updates --delete-delay, --safe-links, and an exclude list for upstream HTML, robots.txt, and favicons so this page is never overwritten.

Upstream rsync sources

Project	Upstream
Debian	`rsync://ftp.de.debian.org/debian/`
Debian CD	`rsync://cdimage.debian.org/debian-cd/`
Debian Security	`rsync://ftp.de.debian.org/debian-security/`
Debian archive	`rsync://rsync.archive.debian.org/debian-archive/`
Ubuntu	`rsync://rsync.archive.ubuntu.com/ubuntu/`
Ubuntu CD	`rsync://releases.ubuntu.com/releases/`
Ubuntu Ports	`rsync://rsync.ports.ubuntu.com/ubuntu-ports/`
Ubuntu archive	`rsync://old-releases.ubuntu.com/old-releases/`
Linux Mint CD	`pub.linuxmint.com::pub`
Linux Mint packages	`rsync-packages.linuxmint.com::packages`
Raspbian	`rsync://archive.raspbian.org/archive/raspbian/`
Kali Linux	`rsync://mirrors.dotsrc.org/kali/`
Kali images	`rsync://mirror.netcologne.de/kali-images/`
Tails	`rsync://mirrors.dotsrc.org/tails/`
Arch Linux	`rsync://mirrors.dotsrc.org/archlinux/`
Arch Linux 32	`rsync://mirror.archlinux32.org/archlinux32/`
Arch Linux ARM	`rsync://mirrors.dotsrc.org/archlinuxarm/`
Chaotic-AUR	`rsync://mirror.accum.se/mirror/aur.chaotic.cx/`
CachyOS	`rsync://cachyos.doridian.net/cachyos/`
EndeavourOS	`alpix.eu.rsync.endeavouros.com::endeavouros/`
Gentoo Portage	`rsync://mirrors.dotsrc.org/gentoo-portage/`
Gentoo distfiles	`rsync://mirrors.dotsrc.org/gentoo/`
Alpine Linux	`rsync://rsync.alpinelinux.org/alpine/`
Chimera Linux	`rsync://repo.chimera-linux.org/chimera/`
FreeBSD	`rsync://ftp.no.freebsd.org/FreeBSD/`
F-Droid repo	`ftp.lysator.liu.se::fdroid/repo/`
F-Droid archive	`ftp.lysator.liu.se::fdroid/archive/`
LineageOS	`rsync://mirror.accum.se/mirror/lineageos/`

How fresh is it?

Most projects publish their own freshness files. For example: archlinux/lastsync (Unix timestamp), archlinux/lastupdate, debian/project/trace/, and ubuntu/project/trace/.

Verifying Downloads

This is a mirror — bytes only. Trust comes from each project's own signing infrastructure, not from us.

Arch and derivatives

pacman verifies package signatures by default. Keep the keyring current:

# refresh keyring
sudo pacman -Sy archlinux-keyring
sudo pacman-key --refresh-keys

Debian family

apt verifies Release.gpg / InRelease against keys in debian-archive-keyring or ubuntu-keyring. Never use --allow-unauthenticated to work around a verification failure — it almost certainly means the mirror is mid-sync.

ISO images

Each project publishes SHA256SUMS and a detached signature next to the ISOs. Verify both:

gpg --verify SHA256SUMS.gpg SHA256SUMS
sha256sum -c SHA256SUMS --ignore-missing

F-Droid

The F-Droid app pins each repository's index signing key on first add. All future updates are verified against that key automatically.

Mission

Public Repo exists to keep the free-software supply chain fast, private, and accessible to everyone — no signup, no tracking, no paywall. We mirror the projects people actually depend on, sync them continuously, and serve them over modern transports so that updating a Linux system never has to mean handing your download history to a third party.

The mirror is operated as a public good: hardware, bandwidth, and time are donated, the configuration is boring on purpose, and the privacy guarantees are structural rather than promised. Everything on this page — including the upstream sources, the sync method, and the operational stack — is documented so anyone can reproduce, audit, or take over the setup if they need to.

Privacy

We do not log individual download requests. No access data is stored, sold, or shared with third parties.

No access logging — download requests are never written to disk.
Encrypted storage — all data at rest is protected with ZFS native encryption.
No shell history — operator sessions leave no command history on the server.
Headless server — eliminating physical access vectors.
HTTPS available — the mirror is reachable over both HTTPS and plain HTTP. HTTPS is recommended where supported.
No analytics or trackers — this site is static HTML and sets no cookies.

Features

HTTP and HTTPS with HTTP/2
IPv4 and IPv6 on every endpoint
Directory index enabled
HTTP GET only — other methods denied at the web tier
Response headers: X-Content-Type-Options: nosniff, X-Frame-Options: DENY
No access logging, no cookies, no analytics
No signup, no API key, no rate-tier upsell
Cost: $0

Comparison

Public Repo is one of the stricter, no-log, fully public mirrors. Quick reference:

	Public Repo	Official project mirrors	Commercial CDNs	Other public mirrors
Access logging	None	Usually yes	Yes	Often yes
HTTPS + HTTP/2	Yes	Varies	Yes	Often HTTP only
IPv6	Full	Usually	Yes	Hit or miss
Directory browsing	Yes	Varies	Often disabled	Sometimes
Cost	$0 (public good)	$0	Paid	$0
Transparent operator	Yes (this page)	Project-run	Corporate	Varies

Infrastructure

Component	Detail
Operating system	FreeBSD
Web server	nginx with HTTP/2
Sync tool	rsync, looping in tmux, ~100 s rest between passes
Filesystem	ZFS with native encryption and snapshots
Method allow-list	`GET` only — `POST`/`PUT`/`DELETE` denied at web tier
Hardening headers	`X-Content-Type-Options: nosniff`, `X-Frame-Options: DENY`
Operator session	No shell history retained

Troubleshooting

"File has unexpected size" or hash mismatch on apt / pacman

Almost always a sync caught mid-flight. Wait a couple of minutes and re-run apt update or pacman -Syy. If it persists, switch to a different mirror temporarily and report it — there may be a stuck rsync process on our side.

404 on a package that exists upstream

The upstream just published it; this mirror has not finished pulling that pass yet. Try again after the next sync cycle, or fall back to the project's own server.

GPG or keyring errors

Refresh your keyring package (archlinux-keyring, debian-archive-keyring, ubuntu-keyring, and so on). Mirrors do not sign anything; signing keys come from the project itself.

Slow downloads

Check whether your client is using HTTP/2 — it is enabled here and usually beats HTTP/1.1 for the many-small-file workloads typical of package managers. If a single connection is slow, geographic distance or your ISP's transit are the most likely causes.

HTTP works but HTTPS fails

Check your system clock. TLS validates certificate validity dates; if your clock is off by months, validation fails. Pair a working NTP source — for example public-utc.com — and try again. If name resolution itself is unreliable, point your system at public-rdns.com for DNSSEC-validating recursion.

"Server certificate verification failed" from apt

Your ca-certificates package is too old to chain to the issuing root. Update it (apt update && apt install --reinstall ca-certificates); on systems too stale to upgrade, install the root CA bundle manually.

FAQ

Is this really free?

Yes. There is no charge, no sign-up, no API key. Donations via Bitcoin are appreciated but not required — see Contact.

Can I add this to a public mirrorlist?

For the projects where this mirror is officially listed (Arch Tier 2, others Tier 3), the project's own pool already includes it. Please do not hardcode public-repo.com in shipping consumer products without contacting us first — vendor-specific pools scale better.

Which protocols do you support?

Both HTTP and HTTPS are served on every endpoint. HTTPS is recommended — it prevents on-path tampering with package metadata (even though packages themselves are signed), and enables HTTP/2, which speeds up the many-small-file pattern of apt update and pacman -Sy.

Do you mirror sources, installer ISOs, and live media?

Yes — for the projects where the upstream rsync source includes them. See ubuntu-cd/, debian-cd/, and linuxmint-cd/.

Do you log my IP?

No. Download requests are not written to disk.

Can I request another distribution?

Email and ask. Constraints are disk space and upstream bandwidth — small and medium projects with a public rsync endpoint are easy to add.

Do you offer rsync access?

Not publicly. The mirror exists to serve end users via HTTPS. If you operate another mirror and need rsync, contact us.

What's the SLA?

Best-effort. The service is operated as a public good, not a paid product.

Acceptable Use

Use a sane number of parallel connections. Package managers' defaults are fine.
Do not scrape the entire tree just to make a private mirror — set up rsync against the upstreams instead, exactly as we do.
Do not hardcode public-repo.com in consumer-facing products without contacting us first.
Abusive sources may be rate-limited or blocked without notice.

Managed Services

Beyond the public mirror, we offer managed private caches and mirrors for organisations that need their own controlled copy of one or more upstream archives — air-gapped labs, regulated environments, CI fleets, ISPs, universities, and anyone who wants the same operational model we run here, on their own infrastructure or hosted by us.

Typical engagements include:

Dedicated rsync/HTTPS mirrors of selected distributions, kept in sync on your schedule.
Internal package caches for CI/CD and developer fleets, with bandwidth and freshness SLAs.
Air-gapped / offline mirror bundles, delivered on a regular cadence.
Hardened mirror appliances built on FreeBSD, ZFS, and nginx, matching the stack described under Infrastructure.
Bare-metal management — full lifecycle operation of customer-owned or colocated hardware: provisioning, OS hardening, monitoring, patching, capacity planning, and on-call response.
Migration from existing mirror setups (apt-cacher-ng, Nexus, Artifactory, plain rsync) to a leaner, lower-overhead design.

For pricing and scoping, see Contact.

Legal

Trademarks

All distribution names, logos, and project marks referenced on this site — including Arch Linux, Debian, Ubuntu, Kali Linux, Tails, LineageOS, Linux Mint, Gentoo, EndeavourOS, Raspberry Pi / Raspbian, CachyOS, Chaotic-AUR, Alpine Linux, Chimera Linux, FreeBSD, and F-Droid — are the property of their respective owners. Public Repo is an independent mirror operator and is not affiliated with, endorsed by, or sponsored by any of these projects unless explicitly stated.

Other names

The mirror also responds to the legacy hostname cdnmirror.com; it serves the same content from the same infrastructure as public-repo.com.

Content

Public Repo redistributes unmodified copies of files published by upstream projects. All redistributed content remains subject to the licenses and terms set by those upstream projects. We add nothing, remove nothing, and re-sign nothing — verification keys come from the projects themselves (see Verifying Downloads).

Warranty disclaimer

This service is provided "as is" and "as available", without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted availability. Use of this mirror is at your own risk.

Limitation of liability

To the maximum extent permitted by applicable law, the operators of Public Repo shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from the use of, or inability to use, this service — including but not limited to data loss, downtime, or content that is out of date relative to upstream.

Abuse and takedowns

To report abusive use of this service or to submit a good-faith takedown request concerning specific mirrored content, contact us via Contact with the URL(s) and the basis for the request. We will forward upstream-licensing concerns to the relevant upstream project, since we do not modify or curate their archives.

Privacy

We do not log individual download requests, set cookies, or run analytics. See Privacy for details.

Other Projects

Site	Service
public-consortium.com	Project home and operations
public-adns.com	Public authoritative DNS service
public-rdns.com	Public recursive DNS service
public-blank.com	Public static / parking service
public-repo.com	Public mirror service (this site)
public-utc.com	Public NTP / NTS time service

Quick Start

Mirrored Projects

How to Use

Sync Schedule

Upstream rsync sources

How fresh is it?

Verifying Downloads

Arch and derivatives

Debian family

ISO images

F-Droid

Mission

Privacy

Features

Comparison

Infrastructure

Troubleshooting

FAQ

Acceptable Use

Managed Services

Sponsors

Legal

Trademarks

Other names

Content

Warranty disclaimer

Limitation of liability

Abuse and takedowns

Privacy

Other Projects