Proxmox Offline Mirror released!

[Kosh]

wait for that patch to be applied and an updated version of proxmox-offline-mirror to be available

Thank you
I see an update but I can't update

root@proxmox-mirror:/home/rootuser# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Hit:5 http://download.proxmox.com/debian/pve bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
root@proxmox-mirror:/home/rootuser# apt upgrade -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@proxmox-mirror:/home/rootuser# apt list --upgradable -a
Listing... Done
proxmox-offline-mirror/stable 0.6.1 amd64 [upgradable from: 0.5.2]
proxmox-offline-mirror/stable 0.6.0 amd64
proxmox-offline-mirror/stable,now 0.5.2 amd64 [installed,upgradable to: 0.6.1]
proxmox-offline-mirror/stable 0.5.1-1 amd64
proxmox-offline-mirror/stable 0.5.0-1 amd64
proxmox-offline-mirror/stable 0.4.0-1 amd64
proxmox-offline-mirror/stable 0.3.0-1 amd64

what does he want?

 

[fiona]

Hi,

Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Hit:5 http://download.proxmox.com/debian/pve bookworm InRelease

you can't mix packages for Bullseye and Bookworm. If you'd like to upgrade to Bookworm, follow the guide here: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

Also, you should always use apt dist-upgrade to upgrade your system, not apt upgrade. Well, in this specific case, it wouldn't help , but please do so in the future.

 

[Kosh]

Hi,

you can't mix packages for Bullseye and Bookworm. If you'd like to upgrade to Bookworm, follow the guide here: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

Also, you should always use apt dist-upgrade to upgrade your system, not apt upgrade. Well, in this specific case, it wouldn't help , but please do so in the future.

I suspected this was the case
but if I remove the repository from bookworm, then there is no update?

root@proxmox-mirror:/home/rootuser# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Reading package lists... Done         
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

 

[fiona]

I suspected this was the case
but if I remove the repository from bookworm, then there is no update?

I think the fix was not backported to Bullseye, because it's not a critical issue.

 

[Kosh]

I think the fix was not backported to Bullseye, because it's not a critical issue.

do you suggest upgrading to debian 12? to put the corrected version of the mirror?

 

[fiona]

do you suggest upgrading to debian 12? to put the corrected version of the mirror?

Yes, I'm not sure the patch will get backported. Please see the upgrade guide: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

The version with the patch is proxmox-offline-mirror = 0.6.2 and it's currently available on the pvetest repository.

 

[Kosh]

Yes, I'm not sure the patch will get backported. Please see the upgrade guide: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

The version with the patch is proxmox-offline-mirror = 0.6.2 and it's currently available on the pvetest repository.

nothing has changed
https://pastebin.com/rfaZvrFD

root@proxmox-mirror:/# apt list |grep proxmox

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libproxmox-acme-perl/stable 1.4.6 all
libproxmox-acme-plugins/stable 1.4.6 all
libproxmox-backup-qemu0-dbgsym/stable 1.4.0 amd64
libproxmox-backup-qemu0-dev/stable 1.4.0 amd64
libproxmox-backup-qemu0/stable 1.4.0 amd64
libproxmox-rs-perl/stable 0.3.0 amd64
librust-proxmox-resource-scheduling-dev/stable 0.1.0-1 amd64
proxmox-archive-keyring/stable,now 3.0 all [installed]
proxmox-backup-client-dbgsym/stable 3.0.1-1 amd64
proxmox-backup-client/stable 3.0.1-1 amd64
proxmox-backup-file-restore-dbgsym/stable 3.0.1-1 amd64
proxmox-backup-file-restore/stable 3.0.1-1 amd64
proxmox-backup-restore-image-debug/stable 0.5.1 amd64
proxmox-backup-restore-image/stable 0.5.1 amd64
proxmox-installer/stable 8.0.13 amd64
proxmox-kernel-helper/stable 8.0.2 all
proxmox-mail-forward-dbgsym/stable 0.2.0 amd64
proxmox-mail-forward/stable 0.2.0 amd64
proxmox-mini-journalreader-dbgsym/stable 1.4.0 amd64
proxmox-mini-journalreader/stable 1.4.0 amd64
proxmox-offline-mirror-dbgsym/stable 0.6.1 amd64
proxmox-offline-mirror-docs/stable,now 0.6.1 all [installed,automatic]
proxmox-offline-mirror-helper-dbgsym/stable 0.6.1 amd64
proxmox-offline-mirror-helper/stable 0.6.1 amd64
proxmox-offline-mirror/stable,now 0.6.1 amd64 [installed]
proxmox-ve/stable 8.0.1 all
proxmox-websocket-tunnel-dbgsym/stable 0.2.0-1 amd64
proxmox-websocket-tunnel/stable 0.2.0-1 amd64
proxmox-widget-toolkit-dev/stable 3.1-1 all
proxmox-widget-toolkit/stable 4.0.5 all
python3-proxmoxer/stable 1.2.0-2 all
root@proxmox-mirror:/#

 

[fiona]

proxmox-offline-mirror/stable,now 0.6.1 amd64 [installed]

The version with the patch is proxmox-offline-mirror = 0.6.2 and it's currently available on the pvetest repository.

You don't have the version with the fix yet.

 

[godfather007]

proxmox-offline-mirror = 0.6.2 is available in "http://download.proxmox.com/debian/pbs/dists/bookworm/pbs-no-subscription/binary-amd64".

 

[snerus]

Hello,

I am trying to use the Proxmox Offline Mirror tool to create a local mirror of the Zabbix repository for Debian Bullseye (6.4). I have followed all the recommended steps to configure this, but when I try to create the mirror snapshot, I get the following error:

Fetching Release/Release.gpg files
-> GET 'http://repo.zabbix.com/zabbix/6.4/debian/dists/bullseye/Release.gpg'..
-> GET 'http://repo.zabbix.com/zabbix/6.4/debian/dists/bullseye/Release'..
Verifying 'Release(.gpg)' signature using provided repository key..
Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Error: encountered 1 error(s)

Here is the configuration I'm using for the Proxmox Offline Mirror tool:

mirror: zabbix_update
architectures amd64
architectures all
base-dir /var/lib/proxmox-offline-mirror/mirrors
ignore-errors true
key-path /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg
repository deb http://repo.zabbix.com/zabbix/6.4/debian bullseye main
sync true
verify true

I've checked that my system date is correct, and I've tried using different versions of the Zabbix GPG key (including breaking it down into separate keys), but I keep getting the same error.

I've also verified that the zabbix-official-repo.gpg key file exists in the correct location (/etc/apt/trusted.gpg.d/).

Does anyone have any idea what might be causing this error, or how I could go about troubleshooting it further? Any help would be greatly appreciated!

Thanks

 

[fabian]

I'd recommend upgrading your POM version, then you get a more meaningful error:

Verifying 'Release(.gpg)' signature using provided repository key..


Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Caused by:
        0: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
        1: SHA1 is not considered secure since 2023-02-01T00:00:00Z


Error: No valid signature found.

and can also override that security policy:

proxmox-offline-mirror config mirror update --id zabbix_update --config /PATH/TO/CONFIG --weak-crypto allow-sha1=1

 

[snerus]

I'd recommend upgrading your POM version, then you get a more meaningful error:

Verifying 'Release(.gpg)' signature using provided repository key..


Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Caused by:
        0: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
        1: SHA1 is not considered secure since 2023-02-01T00:00:00Z


Error: No valid signature found.

and can also override that security policy:

proxmox-offline-mirror config mirror update --id zabbix_update --config /PATH/TO/CONFIG --weak-crypto allow-sha1=1

I still get the same error when I try to sync with :
sudo proxmox-offline-mirror mirror snapshot create --config '/etc/proxmox-offline-mirror.cfg' 'zabbix_update'

 

[fabian]

with the current version of POM (for bookworm), and the weak-crypto override set, it works for me..

 

[snerus]

with the current version of POM (for bookworm), and the weak-crypto override set, it works for me..

the actual version installed that i have is 0.5.1-1
how can i upgrade it to the new one, knowing that currently i'm using a debian vm

 

[fabian]

the current version is 0.6.2 - for installation, see https://pom.proxmox.com/installation.html#installation-via-apt (note that the docs still refer to bullseye, the current version is for bookworm, I will get that fixed up ASAP)

 

[snerus]

the current version is 0.6.2 - for installation, see https://pom.proxmox.com/installation.html#installation-via-apt (note that the docs still refer to bullseye, the current version is for bookworm, I will get that fixed up ASAP)

when is it coming to bullseye cause i'm using bullseye currently

 

[fabian]

the bullseye version of POM will only get important security fixes, not new features.

 

[emunt6]

Hi!

Is there any difference using POM instead of "apt-mirror" ?

 

[GHvM]

Is it possible to in-/exclude certain types of packages with a bit more nuance?
I see it is possible (and the default is) to exclude debug/games, but how can I exclude all the X11 packages?
They will never be necessary on (headless) servers, nevertheless they take up a lot of space and time.

P.S. It is also a bit disappointing that it doesn't work on a new Ubuntu install, at least not using the installation guide.
(Because I had to install Debian, I have now reaffirmed why I switched to Ubuntu all those years ago.)

 

[fabian]

Is it possible to in-/exclude certain types of packages with a bit more nuance?
I see it is possible (and the default is) to exclude debug/games, but how can I exclude all the X11 packages?
They will never be necessary on (headless) servers, nevertheless they take up a lot of space and time.

you can filter by architecture, "section" (part of the package metadata) and package name.

P.S. It is also a bit disappointing that it doesn't work on a new Ubuntu install, at least not using the installation guide.
(Because I had to install Debian, I have now reaffirmed why I switched to Ubuntu all those years ago.)

well, all Proxmox software is Debian based. you might be able to get them to run on other distros as well, but it's not something that is officially supported.