[Spacewalk-list] Spacewalk 2.7 && Ubuntu 15.04 && Debian 9 [ working solution ]
Florin
portase.florin at medianetork.ro
Fri Apr 20 13:20:59 UTC 2018
Hi Robert,
Just updated to spacewalk 2.8 and some minor updates to secureApt.sh
cd $_PKG_MAIN
/var/www/html/pub/spw_scripts/secureApt.sh xenial xenial-main
cd $_PKG_SEC
/var/www/html/pub/spw_scripts/secureApt.sh xenial xenial-security
===========================================
DATE=`date "+%a, %d %b %Y %H:%M:%S *UTC*"`
GPG_PASS='bugsbunny'
HEADER="Origin: Ubuntu
Label: Ubuntu
Date: ${DATE}
Archive: $1
Version: 16.04
Architectures: amd64
Component: $2
MD5Sum:"
....
.....
echo $GPG_PASS | gpg --armor *--digest-algo SHA256* --detach-sign -o
Release.gpg *--default-key 88B9763A* --batch --no-tty --passphrase-fd 0
--sign Release
=============================================
Somehow if I have multiple keys defined to get the last one, have no
idea how to automate this.
On 20.4.2018 06:39, Robert Paschedag wrote:
> Am 19. April 2018 15:08:05 MESZ schrieb Florin <portase.florin at medianetork.ro>:
>> So, finally after so much trial and error here is what I've done to
>> allow smooth integration of Debian 9 and Ubuntu 16.0 with spacewalk
>>
>> Just to keep it simple
>>
>> 1. create channels: xenial-main + xenial-updates, xenial-security,
>> xenial-universe
>>
>> 2. tricky part syncing channels [ adding multi-arch header]:
>>
>> #!/bin/bash
>>
>> _BIN_PATH=/var/www/html/pub/spw_scripts
>> _URL_MAIN='http://de.archive.ubuntu.com/ubuntu/dists/xenial/main/binary-amd64'
>> _URL_SEC='http://us.archive.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64'
>> _URL_UPD='http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/main/binary-amd64'
>> _URL_UNIV='http://de.archive.ubuntu.com/ubuntu/dists/xenial/universe/binary-amd64'
>> _PKG_MAIN=/var/cache/rhn/repodata/xenial-main
>> _PKG_SEC=/var/cache/rhn/repodata/xenial-security
>> _PKG_UPD=/var/cache/rhn/repodata/xenial-updates
>> _PKG_UNIV=/var/cache/rhn/repodata/xenial-universe
>> _USER=bugs
>> _PASS=bunny
>>
>> $_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_MAIN --channel
>> xenial-main --username=$_USER --password $_PASS
>> $_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_SEC --channel
>> xenial-security --username=$_USER --password $_PASS
>> $_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_UPD --channel
>> xenial-updates --username=$_USER --password $_PASS
>> $_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_UNIV --channel
>> xenial-universe --username=$_USER --password $_PASS
>>
>> s=180
>> trap 'echo "Ctrl-C detected."' 2
>> for (( i=$s ; i>0; i--));
>> do
>> echo -ne "\rFinishing sync in: $i seconds\033[0K";
>> sleep 1
>> done
>> echo -e "\nSync completed!"
>> trap 2
>> $_BIN_PATH/spacewalk-add-debian-multiarch-header.py
>> $_PKG_MAIN/Packages
>> /tmp/xenial-main
>> $_BIN_PATH/spacewalk-add-debian-multiarch-header.py
>> $_PKG_SEC/Packages /tmp/xenial-security
>> $_BIN_PATH/spacewalk-add-debian-multiarch-header.py
>> $_PKG_UPD/Packages
>> /tmp/xenial-updates
>> $_BIN_PATH/spacewalk-add-debian-multiarch-header.py
>> $_PKG_UNIV/Packages
>> /tmp/xenial-universe
>>
>> /bin/mv $_PKG_MAIN/Packages.new $_PKG_MAIN/Packages
>> /bin/mv $_PKG_SEC/Packages.new $_PKG_SEC/Packages
>> /bin/mv $_PKG_UPD/Packages.new $_PKG_UPD/Packages
>> /bin/mv $_PKG_UNIV/Packages.new $_PKG_UNIV/Packages
>>
>> gzip < $_PKG_MAIN/Packages > $_PKG_MAIN/Packages.gz
>> gzip < $_PKG_SEC/Packages > $_PKG_SEC/Packages.gz
>> gzip < $_PKG_UPD/Packages > $_PKG_UPD/Packages.gz
>> gzip < $_PKG_UNIV/Packages > $_PKG_UNIV/Packages.gz
>>
>> 3. client side [ ubuntu/debian clients]
>>
>> spw_srv=192.168.100.101
>>
>> cat >/etc/apt/apt.conf.d/50spacewalk<<FIX
>> #
>> # The configuration for apt-spacewalk
>> #
>> APT {
>> Update {
>> List-Refresh "true";
>> Pre-Invoke {
>> "/usr/lib/apt-spacewalk/pre_invoke.py";
>> }
>> Post-Invoke {
>> "/bin/sed -rie 's/^Package:
>> (cpp|guile-2.0|python(2.7|3)?)$/\0\nMulti-Arch: allowed/'
>> /var/lib/apt/lists/${spw_srv}_dists_channels\:_xenial-main_binary-amd64_Packages";
>> }
> You don't need this Post-Invoke hack as the python script adds the missing header.
>
>> }
>> };
>> DPkg::Post-Invoke {
>> "[ ! -e /usr/lib/apt-spacewalk/post_invoke.py ] ||
>> /usr/lib/apt-spacewalk/post_invoke.py";
>> };
>> FIX
>> sed -i "s|'main'|'xenial-main'|g" /usr/lib/apt-spacewalk/pre_invoke.py
>> perl -pi -e "s/type='deb'/type='deb [trusted=yes] '/g"
>> /usr/lib/apt-spacewalk/pre_invoke.py
>>
>> 4. Now can perform apt-get update/upgrade w/o any issues after
>> disabling
>> /etc/apt/source.list
> One thing "missing". Secure the channels with @philicious "secureApt.sh" script. Find it at my fork https://github.com/rpasche/spacewalk-scripts or "origin" https://github.com/philicious/spacewalk-scripts.
> Also have a look at PR #636 and #637 of the SW GitHub repo.
>
> You can then also try to import errata information for Ubuntu and Debian.
>
> Robert
>
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180420/2572aeea/attachment.htm>
More information about the Spacewalk-list
mailing list