search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.56k stars 371 forks source link

Support for mirroring Extended Security Maintenance repos? #840

Open sfbalg opened 5 years ago

sfbalg commented 5 years ago

Detailed Description

When enabling an ESM (Extended Security Maintenance) repository for Ubuntu LTS, an Canonical-supplied token has to be supplied on the command line, like this:

sudo ubuntu-advantage enable-esm abcDEFghi...

Is there a way set this token in Aptly for the purpose of making an internal mirror of these repositories?

Context

For business reasons, we use Aptly to maintain internal mirrors of Ubuntu's package repositories for our product environments. We would like to do the same thing for Ubuntu's ESM repositories because we have a support contract with Canonical. I think that we are not the only company that does such a thing (and thus, has such a need at this time). If it's in the documentation I don't think I'm finding it. I haven't found anyone so far say if and how they're doing this though.

Possible Implementation

(if the feature exists) A documentation change that explains how to enable this functionality?

(if the feature does not exist) A new command line option for the aptly mirror command that makes it possible to manage internal mirrors of the Ubuntu ESM repositories.

Your Environment

Ubuntu v14.04, with internal mirrors of all of the Ubuntu public package repositories for x86_64 for our environments (somewhere in the neighborhood of one thousand machines).

fluential commented 5 years ago

It seems that aptly would have to support apt_auth http://manpages.ubuntu.com/manpages/bionic/man5/apt_auth.conf.5.html as credentials for ESM server are provided that way, there should be also ssl certs somewhere? As officialy the only way to mirror is using Landscape, this could be pretty decent to have alternative

"Q: We're mirroring the repository on our internal Landscape server. Can we still get Ubuntu ESM if using Landscape? 
- ESM is just a regular Ubuntu archive, but authenticated and served over HTTPS. Archive mirroring is already available in Landscape and is the only supported mechanism for mirroring the ESM archive."
fluential commented 5 years ago

@sfbalg I did a quick check and it seems you could do something like that

# Extract login/pass
> cat /etc/apt/auth.conf.d/90ubuntu-advantage
> /usr/bin/aptly -config /etc/aptly.conf mirror create -architectures="amd64" -with-sources=false -with-udebs=false ubuntu-esm-trusty https://<login>:<pass>@esm.ubuntu.com/ubuntu trusty-updates

Before I was getting 401, now 200 ok and new debs are downloaded https://gist.github.com/fluential/ab15352563c71ac195e7a74041b44517/

sfbalg commented 5 years ago

That was what I wound up doing. Works nicely. You might want to put this in the documentation as a use case.