Closed agherzan closed 8 months ago
I'm experiencing a similar issue.
Get:13 http://ports.ubuntu.com/ubuntu-ports focal/main arm64 libidn11 arm64 1.33-2.2ubuntu2 [45.3 kB]
Get:14 http://ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 dnsmasq-base arm64 2.80-1.1ubuntu1.7 [296 kB]
Get:15 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 containers-common 100:1-22 [52.4 kB]
Err:16 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 criu 3.18-1
Redirection from https to 'http://ftp.gwdg.de/pub/opensuse/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/arm64/criu_3.18-1_arm64.deb' is forbidden [IP: 195.135.223.226 443]
Err:17 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 crun 100:1.2-2
Redirection from https to 'http://ftp.gwdg.de/pub/opensuse/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/arm64/crun_1.2-2_arm64.deb' is forbidden [IP: 195.135.223.226 443]
Err:18 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 buildah 100:1.22.3-2
Redirection from https to 'http://ftp.gwdg.de/pub/opensuse/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/arm64/buildah_1.22.3-2_arm64.deb' is forbidden [IP: 195.135.223.226 443]
Err:19 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 catatonit 0.1.7-1
Redirection from https to 'http://ftp.gwdg.de/pub/opensuse/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/arm64/catatonit_0.1.7-1_arm64.deb' is forbidden [IP: 195.135.223.226 443]
Get:20 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 conmon 100:2.1.2~0 [30.9 kB]
Get:21 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 fuse-overlayfs 100:1.5.0-2 [38.2 kB]
Err:22 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 podman-plugins 100:1.2.0-1
Redirection from https to 'http://ftp.gwdg.de/pub/opensuse/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/arm64/podman-plugins_1.2.0-1_arm64.deb' is forbidden [IP: 195.135.223.226 443]
I tried to install on Ubuntu 20.04 ARM.
REPO_URL="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable"
sh -c "echo 'deb ${REPO_URL}/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
wget -nv https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key -O Release.key
apt-key add Release.key
apt-get update
apt-get -y install podman buildah skopeo
Same here while trying to install on Ubuntu 20.04 ARM:
------
> [base 4/20] RUN echo "Installing podman ..." && mkdir -p /etc/apt/keyrings && curl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" | gpg --dearmor | tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null && apt-get update -qq && apt-get -qq -y install podman:
0.263 Installing podman ...
8.229 E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04 Release' does not have a Release file.
------
Dockerfile.kind:87
--------------------
86 |
87 | >>> RUN echo "Installing podman ..." \
88 | >>> && mkdir -p /etc/apt/keyrings \
89 | >>> && curl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" | gpg --dearmor | tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null \
90 | >>> && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null \
91 | >>> && apt-get update -qq \
92 | >>> && apt-get -qq -y install podman
93 |
--------------------
ERROR: failed to solve: process "/bin/sh -c echo \"Installing podman ...\" && mkdir -p /etc/apt/keyrings && curl -fsSL \"https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key\" | gpg --dearmor | tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null && echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /\" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null && apt-get update -qq && apt-get -qq -y install podman" did not complete successfully: exit code: 100
I tried the method listed on the openSUSE official download page, but the same issue occurred. This is Ubuntu20.04.
$ echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
$ curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_stable.gpg > /dev/null
$ sudo apt update
Hit:1 http://mirror.kakao.com/ubuntu focal InRelease
Hit:2 http://mirror.kakao.com/ubuntu focal-updates InRelease
Hit:3 http://mirror.kakao.com/ubuntu focal-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04 InRelease [1642 B]
Ign:6 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_20.04 InRelease
Err:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_20.04 Release
Redirection from https to 'http://download.opensuse.org/repositories/devel:kubic:libcontainers:/unstable/xUbuntu_20.04/Release' is forbidden [IP: 195.135.223.226 443]
Reading package lists... Done
E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_20.04 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
How can I solve this?
It seems to me like an issue with CRIO repository so I opened an issue there
CRIO repository is not working for me as well. CRIO team should try to fix this urgently. please. is there any work around??
Okay, I got it working by doing just one thing
within my installation script I've changed the below part
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
mkdir -p /usr/share/keyrings
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
to below one (note the https -> http)
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
mkdir -p /usr/share/keyrings
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
So, my cautious suggestion for those who try to update CRIO, please try changing the protocol specified in files within /etc/apt/sources.list.d/ directory and then see what happens
An update from the CRI-O team: we are looking at the problem, and we are reaching out to SUSE, who maintains the package mirrors as part of their The Open Build Service (OBS) service, which they kindly provide to Open Source projects.
(CC @saschagrunert @haircommander)
Please don't downgrade to HTTP, that's not a valuable workaround for security reasons.
for all of you out there who just might have followed the https->http trick
It's clearly a temporary "WORKAROUND" for cases in urgency, not a FIX.
Some obvious risks ensue though I fell short of mentioning them before @saschagrunert brought it up
Everyone,
The issue should be resolved now.
Please verify that the HTTPS works correctly for you - both the main repository URL and the local mirrors (where the requests would be redirected to) should be using HTTPS endpoints now.
I also encourage everyone who eagerly went ahead and made updates to use plain HTTP to revert the changes back to use HTTPS, if possible.
Closing for now.
Both "testing" and "unstable" seem to still error out:
Ign:14 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable InRelease
Err:15 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable Release
Redirection from https to 'http://download.opensuse.org/repositories/devel:kubic:libcontainers:/unstable/Debian_Unstable/Release' is forbidden [IP: 195.135.223.226 443]
@agherzan, good catch! I checked stable only.
Reported this to SUSE folks for them to have a look.
@lsm5 FYI Also I think stable is not even maintained as @lsm5 only maintains the unstable repo AFAIK but maybe he can clarify what the actual status for the kubic repos is.
@agherzan, good catch! I checked stable only.
Use stable
at your own risk. While those may be installable, they are very old and probably not immune to recent CVEs.
Reported this to SUSE folks for them to have a look.
SUSE folks aren't involved in this. It has mostly been me (and one other person on the crio side). RE: maintaining the unstable
repo, I have noticed issues with the build dependencies and I'm distracted by other tasks to spend time on this. So, I strongly suggest fetching podman through other repos. I will update the official docs to remove any references to this unstable
repo.
SUSE folks aren't involved in this.
@lsm5, I am not sure what are you talking about. Perhaps, we aren't talking about the same thing.
Unless it's up to you to control what local mirror will be returned for me for Japan (e.g., http://mirrorcache-jp.opensuse.org/, etc.) from the OBS (using the main URL), then SUSE folks were definitely involved, at least they confirmed the issue on the IRC channel.
@agherzan, good catch! I checked stable only.
Reported this to SUSE folks for them to have a look.
This is why this issue should stay open until we fix the docs or fix the issue.
Error still occurring for me.
@lsm5
First of all thank you for maintaining the unstable repos up until now. 🙏
I'm distracted by other tasks to spend time on this. So, I strongly suggest fetching podman through other repos. I will update the official docs to remove any references to this unstable repo.
For Debian/Ubuntu users can you recommend alternative repos ?
@agherzan @muety, I don't see any more issues with the redirects on my side.
Hopefully, you won't have any more problems.
I can't confirm that it works as expected now. Thanks.
Issue Description
I have a local installation following the official instructions for Ubuntu 22.04: https://podman.io/docs/installation
Lately, I saw that apt complains about the redirect for the
podman
source:Steps to reproduce the issue
Steps to reproduce the issue
apt update
Describe the results you received
apt update fails for the podman source.
Describe the results you expected
apt update should work using the podman source. installation steps should work on 22.04
podman info output
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
No
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting