Ubuntu supported?

olwins · March 27, 2024, 5:15pm

Problem:

I’m currently testing pulp to see if we can use it for our different linux os.
No issue for redhat, but I can’t figure how to use it for ubuntu

I was able to sync the different ubuntu repo using the deb plugin, but when I try to run an apt update on a test system, there is lot of error, an apt upgrade don’t detect any package that need to be updated.

Command use to create the repo :

pulp deb remote create --name UBUNTU_2204_JAMMY --url http://archive.ubuntu.com/ubuntu/ --policy on_demand --distribution jammy --architecture amd64  | jq -C
pulp deb repository create --name UBUNTU_2204_JAMMY --remote UBUNTU_2204_JAMMY --retain-repo-versions 3  | jq -C
pulp deb repository sync  --name UBUNTU_2204_JAMMY --mirror
pulp deb publication --type verbatim create --repository UBUNTU_2204_JAMMY
pulp deb distribution create --name UBUNTU_2204_JAMMY_TEST --base-path UBUNTU_2204_JAMMY_TEST --publication /pulp/api/v3/publications/deb/verbatim/018e80b2-b33e-7b3e-b9e4-7195736c3c08/

Did I did something wrong ? Or the deb module is not compatible with ubuntu but only debian ?

All translation & c-n-f metadata seems to be ignored or in error :
Ex :

Ign:41 https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_SECURITY_TEST jammy-security/main Translation-en
Err:42 https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_SECURITY_TEST jammy-security/main amd64 c-n-f Metadata

https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_TEST/dists/jammy/main/cnf/Commands-amd64  404  Not Found [IP: 10.0.250.11 8080]
E: Failed to fetch https://mypulp.mydomainn:8080/pulp/content/UBUNTU_2204_JAMMY_UPDATES_TEST/dists/jammy-updates/main/cnf/Commands-amd64  404  Not Found [IP: 10.0.250.11 8080]
E: Failed to fetch https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_BACKPORTS_TEST/dists/jammy-backports/main/cnf/Commands-amd64  404  Not Found [IP: 10.0.250.11 8080]
E: Failed to fetch https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_SECURITY_TEST/dists/jammy-security/main/cnf/Commands-amd64  404  Not Found [IP: 10.0.250.11 8080]

Expected outcome:

Pulpcore version:

{
“component”: “core”,
“version”: “3.50.0”,
“package”: “pulpcore”,
“module”: “pulpcore.app”,
“domain_compatible”: true
}

Pulp plugins installed and their versions:

{
“component”: “deb”,
“version”: “3.2.0”,
“package”: “pulp_deb”,
“module”: “pulp_deb.app”,
“domain_compatible”: false
},

Operating system - distribution and version:

Ubuntu 22.04 LTS

Other relevant data:

ggainey · March 27, 2024, 7:41pm

Hopefully a pulp_deb expert will chime in - but the firt thing I can see is you only asked for the “jammy” distribution, but apt is asking for jammy-updates jammy-backposrts and jammy-security - which you don’t have.

You can update your repository to add them and then re-sync. Then publish and update your distribution w the new publication.

Here’s an example:

$ pulp deb remote update --name UBUNTU_2204_JAMMY \
  --distribution jammy \
  --distribution jammy-security \
  --distribution jammy-backports \
  --distribution jammy-updates
Started background task /pulp/api/v3/tasks/018e810c-1937-74e7-9798-5521cd73f5d4/
Done.
$ pulp deb repository sync  --name UBUNTU_2204_JAMMY --mirror
Started background task /pulp/api/v3/tasks/018e810c-30dc-7a8a-97e1-7991409cdfcb/
....... etc
.....Done.
$ pulp deb publication --type verbatim create --repository UBUNTU_2204_JAMMY 
Started background task /pulp/api/v3/tasks/018e8165-7980-7b72-bce6-363787160bf5/
Done.
{
  "pulp_href": "/pulp/api/v3/publications/deb/verbatim/018e8165-79b0-718b-a652-a70b8166a90f/",
  "pulp_created": "2024-03-27T19:31:34.961329Z",
  "pulp_last_updated": "2024-03-27T19:31:34.967373Z",
  "repository_version": "/pulp/api/v3/repositories/deb/apt/018e80f7-b7b2-71c4-b7c5-a0568087b3cd/versions/2/",
  "repository": "/pulp/api/v3/repositories/deb/apt/018e80f7-b7b2-71c4-b7c5-a0568087b3cd/"
}
$ pulp deb distribution update --name UBUNTU_2204_JAMMY_TEST  --publication  /pulp/api/v3/publications/deb/verbatim/018e8165-79b0-718b-a652-a70b8166a90f/
Started background task /pulp/api/v3/tasks/018e8166-2915-73d5-85b8-ba46c6c03672/
Done.

We’ll need someone more deb-aware than me to address the CNF issue though.

olwins · March 27, 2024, 8:13pm

Thanks

I didn’t know I could pass all the distributions in one pulp repo.
I will try that

During my test, I created 4 separate pulp repository, for each distribution (jammy,jammy-backports,jammy-security,jammy-updates), but the error was the same for each of them.

I saw that the pulp-deb module as an other option for the publication.
Instead of “verbatim” , I tried to use “apt”

It seems a lot better
With the following sources.list, right now ubuntu doesn’t complain anymore

As I understand, it’s not an exact copy of the official repo anymore with this method , I can’t use the ubuntu public gpg key, but if it work that good enough for me.

I will review the doc ,I think it possible to sign the packages using another method

deb [trusted=yes] https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_TEST/ jammy main restricted universe multiverse
deb [trusted=yes] https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_UPDATES_TEST/ jammy-updates main restricted universe multiverse
deb [trusted=yes] https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_BACKPORTS_TEST/ jammy-backports main restricted universe multiverse
deb [trusted=yes] https://mypulp.mydomain:8080/pulp/content/UBUNTU_2204_JAMMY_SECURITY_TEST/ jammy-security main restricted universe multiverse

ggainey · March 27, 2024, 8:16pm

Good deal - I dropped a note in #pulp-debian in Matrix for help as well. Most of the folk in there are on CET, so we won’t see responses till they get started in their morning.

hstct · March 28, 2024, 8:19am

I did some digging and both translation files and c-n-f metadata are both not yet supported features in pulp_dep. Both have issues already:

This makes verbatim publish unfortunately not usable for newer Ubuntu repositories. The current workaround is, as you have already found out, to use the normal publish mode. This has of course other advantages/disadvantages compared to verbatim.

I can’t really speak for a timeline to support these features any time soon. I first heard about this today, which means it isn’t on our radar. However, I will bring this up in our planning meeting next month and see if we have just forgotten about it.

Hopefully the workaround will suffice for now!

olwins · March 28, 2024, 5:22pm

Thanks for the feedback !

I run a few test today, except one small issue that I can easily fix, the apt option should be enough

In case it can help someone :

During my test , I found that when switching to my pulp repository, more package were installed on my test system, compared to when I used the official ubuntu repo

In my case, it was due to the backport repository.
With the official repo, apt seems to read the
http:///archive.ubuntu.com/ubuntu/dists/jammy-backports/Release file

and detect those 2 fields

NotAutomatic: yes
ButAutomaticUpgrades: yes

this change the priority of the repo to 100 instead of 500 by default (visible with the apt-cache policy command)

Those 2 metadata don"t exist in my pulp repo, so my backport entry was using the default priority (500)

Fixed by adding one preference file:

/etc/apt/preferences.d/backports-pin-100
Package: *
Pin: release a=jammy-backports
Pin-Priority: 100

x9c4 · April 2, 2024, 8:02am

That is correct.
But you can add a signing service to sign the Release files with your own (server-)gpg-key. If you can distribute that across your clients.

Chr1st0f · May 23, 2024, 7:36am

Thanks olwins.
I looked for a solution since a long time and you have provided me the solution :
pulp deb publication --type apt ...

Just for information for the community, for yum repo ( RHEL ) all is working fine but for ubuntu I have issue.
I am using another software who do a snapshot of that repo to patch servers. And specifically for ubuntu, it doesn’t work.
I am going to try immediately your solution and also create the snapshot on pulp instead of my software.

For information the bash code to create the repos :

    #!/bin/bash

    REPOID_L=(
      'bionic' 
      'bionic-updates' 
      'bionic-security' 
      'focal' 
      'focal-updates' 
      'focal-security' 
      'jammy' 
      'jammy-updates' 
      'jammy-security' 
        )

    PARAM_REMOTE_L=(
          '--distribution=bionic'
          '--distribution=bionic-updates'
          '--distribution=bionic-security' 
          '--distribution=focal'
          '--distribution=focal-updates'
          '--distribution=focal-security' 
          '--distribution=jammy'
          '--distribution=jammy-updates'
          '--distribution=jammy-security' 
        )

    DEFAULT_REMOTE_OPTIONS=(
        --url=http://ch.archive.ubuntu.com/ubuntu/
        --component=main --component=universe --component=multiverse --component=restricted
        --architecture=amd64
        --policy immediate
        --tls-validation False
        ) 

    POETRYRUN='poetry run'

    check() { if [ $? -ne 0 ]; then echo "## Problem on check. Exit ##"; continue; fi }

    CleanUp()
    {
    for ind in $(seq -s ' ' 0 $((${#REPOID_L[*]}-1)) )
    do 
        for action in repository remote distribution;
        do 
            echo "# Destroying $action ${REPOID_L[${ind}]} #" 
            $POETRYRUN pulp deb $action destroy --name ${REPOID_L[${ind}]};
        done
    done 
    exit 0
    }

    # For testing. Function to clean quickly
    [ "$1" == clean ] && CleanUp
    usage() 
    { 
        echo "Usage: $0 [-c | -s ]" 1>&2
        echo "-c : To create repositories"
        echo "-s : To sync repositories once created"
        exit 1
    }

    CreateRepo() 
    { 
    for ind in $(seq -s ' ' 0 $((${#REPOID_L[*]}-1)) )
    do
        echo "# Create repository for ${REPOID_L[${ind}]} #" 
        $POETRYRUN pulp deb repository create --name=${REPOID_L[${ind}]}
        check

        echo "# Create remote with all the necessary params for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb remote create --name ${REPOID_L[${ind}]} ${PARAM_REMOTE_L[${ind}]} ${DEFAULT_REMOTE_OPTIONS[@]}
        check

        echo "# Sync the remote with the repo for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb repository sync --name ${REPOID_L[${ind}]} --remote ${REPOID_L[${ind}]}
        check

        echo "# Create metadatas for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb publication create --repository "${REPOID_L[${ind}]}"
        check

        echo "# Publish on the website for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb distribution create --name "${REPOID_L[${ind}]}" --base-path "${REPOID_L[${ind}]}" --repository "${REPOID_L[${ind}]}"
        check
    done
    }

    SyncRepo()
    { 
    for ind in $(seq -s ' ' 0 $((${#REPOID_L[*]}-1)) )
    do
        echo "# Sync the remote with the repo for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb repository sync --name ${REPOID_L[${ind}]} --remote ${REPOID_L[${ind}]}
        check

        echo "# Create metadatas for ${REPOID_L[${ind}]} #"
        $POETRYRUN pulp deb publication create --repository "${REPOID_L[${ind}]}"
        check
    done
    }

    OPTSTRING="cs"
    while getopts ${OPTSTRING} o; do
        case ${o} in
            c) c='create' ;;
            s) s='sync' ;;
            *) usage ;;
        esac
    done
    shift $((OPTIND-1))

    if [ -z "${c}" ] && [ -z "${s}" ]; then usage ; fi
    if [ ! -z "${c}" ] && [ ! -z "${s}" ]; then usage ; fi

    [ "${c}" == 'create' ] && CreateRepo
    [ "${s}" == 'sync' ] && SyncRepo

    exit 0