Proxmox Offline Mirror released!

wait for that patch to be applied and an updated version of proxmox-offline-mirror to be available :)
Thank you
I see an update but I can't update

Code:
root@proxmox-mirror:/home/rootuser# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Hit:5 http://download.proxmox.com/debian/pve bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
root@proxmox-mirror:/home/rootuser# apt upgrade -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@proxmox-mirror:/home/rootuser# apt list --upgradable -a
Listing... Done
proxmox-offline-mirror/stable 0.6.1 amd64 [upgradable from: 0.5.2]
proxmox-offline-mirror/stable 0.6.0 amd64
proxmox-offline-mirror/stable,now 0.5.2 amd64 [installed,upgradable to: 0.6.1]
proxmox-offline-mirror/stable 0.5.1-1 amd64
proxmox-offline-mirror/stable 0.5.0-1 amd64
proxmox-offline-mirror/stable 0.4.0-1 amd64
proxmox-offline-mirror/stable 0.3.0-1 amd64


what does he want?
 
Hi,
Code:
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Hit:5 http://download.proxmox.com/debian/pve bookworm InRelease
you can't mix packages for Bullseye and Bookworm. If you'd like to upgrade to Bookworm, follow the guide here: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

Also, you should always use apt dist-upgrade to upgrade your system, not apt upgrade. Well, in this specific case, it wouldn't help ;), but please do so in the future.
 
Hi,

you can't mix packages for Bullseye and Bookworm. If you'd like to upgrade to Bookworm, follow the guide here: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

Also, you should always use apt dist-upgrade to upgrade your system, not apt upgrade. Well, in this specific case, it wouldn't help ;), but please do so in the future.
I suspected this was the case
but if I remove the repository from bookworm, then there is no update?

Code:
root@proxmox-mirror:/home/rootuser# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://deb.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Reading package lists... Done         
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
 
I suspected this was the case
but if I remove the repository from bookworm, then there is no update?
I think the fix was not backported to Bullseye, because it's not a critical issue.
 
  • Like
Reactions: godfather007
Yes, I'm not sure the patch will get backported. Please see the upgrade guide: https://pve.proxmox.com/wiki/Upgrade_from_7_to_8

The version with the patch is proxmox-offline-mirror = 0.6.2 and it's currently available on the pvetest repository.
nothing has changed
https://pastebin.com/rfaZvrFD


Code:
root@proxmox-mirror:/# apt list |grep proxmox

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libproxmox-acme-perl/stable 1.4.6 all
libproxmox-acme-plugins/stable 1.4.6 all
libproxmox-backup-qemu0-dbgsym/stable 1.4.0 amd64
libproxmox-backup-qemu0-dev/stable 1.4.0 amd64
libproxmox-backup-qemu0/stable 1.4.0 amd64
libproxmox-rs-perl/stable 0.3.0 amd64
librust-proxmox-resource-scheduling-dev/stable 0.1.0-1 amd64
proxmox-archive-keyring/stable,now 3.0 all [installed]
proxmox-backup-client-dbgsym/stable 3.0.1-1 amd64
proxmox-backup-client/stable 3.0.1-1 amd64
proxmox-backup-file-restore-dbgsym/stable 3.0.1-1 amd64
proxmox-backup-file-restore/stable 3.0.1-1 amd64
proxmox-backup-restore-image-debug/stable 0.5.1 amd64
proxmox-backup-restore-image/stable 0.5.1 amd64
proxmox-installer/stable 8.0.13 amd64
proxmox-kernel-helper/stable 8.0.2 all
proxmox-mail-forward-dbgsym/stable 0.2.0 amd64
proxmox-mail-forward/stable 0.2.0 amd64
proxmox-mini-journalreader-dbgsym/stable 1.4.0 amd64
proxmox-mini-journalreader/stable 1.4.0 amd64
proxmox-offline-mirror-dbgsym/stable 0.6.1 amd64
proxmox-offline-mirror-docs/stable,now 0.6.1 all [installed,automatic]
proxmox-offline-mirror-helper-dbgsym/stable 0.6.1 amd64
proxmox-offline-mirror-helper/stable 0.6.1 amd64
proxmox-offline-mirror/stable,now 0.6.1 amd64 [installed]
proxmox-ve/stable 8.0.1 all
proxmox-websocket-tunnel-dbgsym/stable 0.2.0-1 amd64
proxmox-websocket-tunnel/stable 0.2.0-1 amd64
proxmox-widget-toolkit-dev/stable 3.1-1 all
proxmox-widget-toolkit/stable 4.0.5 all
python3-proxmoxer/stable 1.2.0-2 all
root@proxmox-mirror:/#
 
Last edited:
  • Like
Reactions: Kosh
Hello,

I am trying to use the Proxmox Offline Mirror tool to create a local mirror of the Zabbix repository for Debian Bullseye (6.4). I have followed all the recommended steps to configure this, but when I try to create the mirror snapshot, I get the following error:

Fetching Release/Release.gpg files
-> GET 'http://repo.zabbix.com/zabbix/6.4/debian/dists/bullseye/Release.gpg'..
-> GET 'http://repo.zabbix.com/zabbix/6.4/debian/dists/bullseye/Release'..
Verifying 'Release(.gpg)' signature using provided repository key..
Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Error: encountered 1 error(s)

Here is the configuration I'm using for the Proxmox Offline Mirror tool:

mirror: zabbix_update
architectures amd64
architectures all
base-dir /var/lib/proxmox-offline-mirror/mirrors
ignore-errors true
key-path /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg
repository deb http://repo.zabbix.com/zabbix/6.4/debian bullseye main
sync true
verify true

I've checked that my system date is correct, and I've tried using different versions of the Zabbix GPG key (including breaking it down into separate keys), but I keep getting the same error.

I've also verified that the zabbix-official-repo.gpg key file exists in the correct location (/etc/apt/trusted.gpg.d/).

Does anyone have any idea what might be causing this error, or how I could go about troubleshooting it further? Any help would be greatly appreciated!

Thanks
 
I'd recommend upgrading your POM version, then you get a more meaningful error:

Code:
Verifying 'Release(.gpg)' signature using provided repository key..


Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Caused by:
        0: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
        1: SHA1 is not considered secure since 2023-02-01T00:00:00Z


Error: No valid signature found.

and can also override that security policy:

proxmox-offline-mirror config mirror update --id zabbix_update --config /PATH/TO/CONFIG --weak-crypto allow-sha1=1
 
I'd recommend upgrading your POM version, then you get a more meaningful error:

Code:
Verifying 'Release(.gpg)' signature using provided repository key..


Subkey of A1848F5352D022B9471D83D0082AB56BA14FE591 not bound: No binding signature at time 2023-07-31T09:47:22Z
Caused by:
        0: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
        1: SHA1 is not considered secure since 2023-02-01T00:00:00Z


Error: No valid signature found.

and can also override that security policy:

proxmox-offline-mirror config mirror update --id zabbix_update --config /PATH/TO/CONFIG --weak-crypto allow-sha1=1
I still get the same error when I try to sync with :
sudo proxmox-offline-mirror mirror snapshot create --config '/etc/proxmox-offline-mirror.cfg' 'zabbix_update'
 
Last edited:
with the current version of POM (for bookworm), and the weak-crypto override set, it works for me..
 
with the current version of POM (for bookworm), and the weak-crypto override set, it works for me..
the actual version installed that i have is 0.5.1-1
how can i upgrade it to the new one, knowing that currently i'm using a debian vm
 
the bullseye version of POM will only get important security fixes, not new features.
 
Is it possible to in-/exclude certain types of packages with a bit more nuance?
I see it is possible (and the default is) to exclude debug/games, but how can I exclude all the X11 packages?
They will never be necessary on (headless) servers, nevertheless they take up a lot of space and time.

P.S. It is also a bit disappointing that it doesn't work on a new Ubuntu install, at least not using the installation guide.
(Because I had to install Debian, I have now reaffirmed why I switched to Ubuntu all those years ago.)
 
Is it possible to in-/exclude certain types of packages with a bit more nuance?
I see it is possible (and the default is) to exclude debug/games, but how can I exclude all the X11 packages?
They will never be necessary on (headless) servers, nevertheless they take up a lot of space and time.
you can filter by architecture, "section" (part of the package metadata) and package name.
P.S. It is also a bit disappointing that it doesn't work on a new Ubuntu install, at least not using the installation guide.
(Because I had to install Debian, I have now reaffirmed why I switched to Ubuntu all those years ago.)
well, all Proxmox software is Debian based. you might be able to get them to run on other distros as well, but it's not something that is officially supported.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!