On Mon, Jun 7, 2021 at 12:34 AM Ismail Azerty <[email protected]> wrote: > For some security reasons, our security teams want us to use the > official repository, or recompile the whole project on ubuntu 20.
Official Ubuntu repositories are "slow" to update due to LTS policies, ensuring no potentially breaking changes. Focal (20.04) is on 2.0 series, and will not be getting an update to 2.2. If you want the latest version, then that goes against the official LTS policy, and therefore you need to either use someone else's build or build locally. > Do you have any ansible playbook, or shell script, that we can use ? The PPA in question can be seen on https://launchpad.net/~vbernat/+archive/ubuntu/haproxy-2.4/+packages?field.series_filter=focal and in package details you can see the .debian.tar.xz file. This contains relevant modifications so that standard Debian/Ubuntu build process is successful - with dpkg tools, and debuild, and the likes. If you have internal build processes in place for Ubuntu packages, this should be simple to integrate. Replace 2.4 in the link above with whichever series you are interested in. If you are rebuilding by hand and/or want to have manual review processes in place, you might want to opt for an older series - say, 2.2 - which will have less changes over time. There are considerations for proper internal distribution, such as needing your own signing keys internally. However, further explanation of the Debian/Ubuntu build processes falls outside of the scope of the mailing list -- there are plenty of resources online for those particular tasks.
