search

wofferl / proxmox-backup-arm64

Script for building Proxmox Backup Server 3.x (Bookworm) for Armbian64
140 stars 11 forks source link

Publish packages to PackageCloud.io #34

Open simoncaron opened 1 year ago

simoncaron commented 1 year ago

Hey @wofferl ! Not really an issue but I noticed you created workflows to build packages using GH Actions, nice!

I was wondering if you considered publishing the packages to a cloud repo like packagecloud.io? It would simplify the update process when a new version is available. I started a few release back to upload mine manually to my packagecloud instance and configured it as a repo on my Pi ex:

[/etc/apt/sources.list.d/packagecloud_io_simoncaron_pbs_raspbian.list] deb [signed-by=/etc/apt/trusted.gpg.d/simoncaron_pbs-archive-keyring.asc] https://packagecloud.io/simoncaron/pbs/raspbian bullseye main

There are some Github actions to publish packages on packagecloud.io (or another provider) and there is a free plan too.

Just a suggestion, again great work!

wofferl commented 1 year ago

I'm experimenting a bit with repositories right now.

But I'm not sure if I really want to do that. The step of releasing binary packages already brings more responsibility that the packages are correct.

With a repository, people quickly forget that these packages are not official and there is always a risk of something going wrong.

bert128 commented 2 months ago

I'd second this request, if only because it's inconvenient to manually pull down all the individual debs from github and copy them onto the machine every time there's an update.

In terms of responsibility, having it more difficult to update will just result in people not updating, potentially introducing different issues. It's pretty clear that this is an unofficial build and anyone using it has to accept responsibility themselves. Repositories are signed with GPG keys too, whereas random deb downloads are not. This would actually provide an increased level of security. Of course anyone using it would have to choose to trust your GPG key, but this would give much greater assurance that someone else hasn't tampered with the packages.

Now if only the Proxmox team would officially endorse ARM, this is extremely useful to run a backup server on a low power ARM based NAS i have at home, accepting backups from colocated servers.