Hi Robert,
Just updated to spacewalk 2.8 and some minor updates to secureApt.sh
cd $_PKG_MAIN
/var/www/html/pub/spw_scripts/secureApt.sh xenial xenial-main
cd $_PKG_SEC
/var/www/html/pub/spw_scripts/secureApt.sh xenial xenial-security
===========================================
DATE=`date "+%a, %d %b %Y %H:%M:%S *UTC*"`
GPG_PASS='bugsbunny'
HEADER="Origin: Ubuntu
Label: Ubuntu
Date: ${DATE}
Archive: $1
Version: 16.04
Architectures: amd64
Component: $2
MD5Sum:"
....
.....
echo $GPG_PASS | gpg --armor *--digest-algo SHA256* --detach-sign -o
Release.gpg *--default-key 88B9763A* --batch --no-tty --passphrase-fd 0
--sign Release
=============================================
Somehow if I have multiple keys defined to get the last one, have no
idea how to automate this.
On 20.4.2018 06:39, Robert Paschedag wrote:
Am 19. April 2018 15:08:05 MESZ schrieb Florin <portase.flo...@medianetork.ro>:
So, finally after so much trial and error here is what I've done to
allow smooth integration of Debian 9 and Ubuntu 16.0 with spacewalk
Just to keep it simple
1. create channels: xenial-main + xenial-updates, xenial-security,
xenial-universe
2. tricky part syncing channels [ adding multi-arch header]:
#!/bin/bash
_BIN_PATH=/var/www/html/pub/spw_scripts
_URL_MAIN='http://de.archive.ubuntu.com/ubuntu/dists/xenial/main/binary-amd64'
_URL_SEC='http://us.archive.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64'
_URL_UPD='http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/main/binary-amd64'
_URL_UNIV='http://de.archive.ubuntu.com/ubuntu/dists/xenial/universe/binary-amd64'
_PKG_MAIN=/var/cache/rhn/repodata/xenial-main
_PKG_SEC=/var/cache/rhn/repodata/xenial-security
_PKG_UPD=/var/cache/rhn/repodata/xenial-updates
_PKG_UNIV=/var/cache/rhn/repodata/xenial-universe
_USER=bugs
_PASS=bunny
$_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_MAIN --channel
xenial-main --username=$_USER --password $_PASS
$_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_SEC --channel
xenial-security --username=$_USER --password $_PASS
$_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_UPD --channel
xenial-updates --username=$_USER --password $_PASS
$_BIN_PATH/spacewalk-debian-sync.pl --url $_URL_UNIV --channel
xenial-universe --username=$_USER --password $_PASS
s=180
trap 'echo "Ctrl-C detected."' 2
for (( i=$s ; i>0; i--));
do
echo -ne "\rFinishing sync in: $i seconds\033[0K";
sleep 1
done
echo -e "\nSync completed!"
trap 2
$_BIN_PATH/spacewalk-add-debian-multiarch-header.py
$_PKG_MAIN/Packages
/tmp/xenial-main
$_BIN_PATH/spacewalk-add-debian-multiarch-header.py
$_PKG_SEC/Packages /tmp/xenial-security
$_BIN_PATH/spacewalk-add-debian-multiarch-header.py
$_PKG_UPD/Packages
/tmp/xenial-updates
$_BIN_PATH/spacewalk-add-debian-multiarch-header.py
$_PKG_UNIV/Packages
/tmp/xenial-universe
/bin/mv $_PKG_MAIN/Packages.new $_PKG_MAIN/Packages
/bin/mv $_PKG_SEC/Packages.new $_PKG_SEC/Packages
/bin/mv $_PKG_UPD/Packages.new $_PKG_UPD/Packages
/bin/mv $_PKG_UNIV/Packages.new $_PKG_UNIV/Packages
gzip < $_PKG_MAIN/Packages > $_PKG_MAIN/Packages.gz
gzip < $_PKG_SEC/Packages > $_PKG_SEC/Packages.gz
gzip < $_PKG_UPD/Packages > $_PKG_UPD/Packages.gz
gzip < $_PKG_UNIV/Packages > $_PKG_UNIV/Packages.gz
3. client side [ ubuntu/debian clients]
spw_srv=192.168.100.101
cat >/etc/apt/apt.conf.d/50spacewalk<<FIX
#
# The configuration for apt-spacewalk
#
APT {
Update {
List-Refresh "true";
Pre-Invoke {
"/usr/lib/apt-spacewalk/pre_invoke.py";
}
Post-Invoke {
"/bin/sed -rie 's/^Package:
(cpp|guile-2.0|python(2.7|3)?)$/\0\nMulti-Arch: allowed/'
/var/lib/apt/lists/${spw_srv}_dists_channels\:_xenial-main_binary-amd64_Packages";
}
You don't need this Post-Invoke hack as the python script adds the missing
header.
}
};
DPkg::Post-Invoke {
"[ ! -e /usr/lib/apt-spacewalk/post_invoke.py ] ||
/usr/lib/apt-spacewalk/post_invoke.py";
};
FIX
sed -i "s|'main'|'xenial-main'|g" /usr/lib/apt-spacewalk/pre_invoke.py
perl -pi -e "s/type='deb'/type='deb [trusted=yes] '/g"
/usr/lib/apt-spacewalk/pre_invoke.py
4. Now can perform apt-get update/upgrade w/o any issues after
disabling
/etc/apt/source.list
One thing "missing". Secure the channels with @philicious "secureApt.sh" script. Find it
at my fork https://github.com/rpasche/spacewalk-scripts or "origin"
https://github.com/philicious/spacewalk-scripts.
Also have a look at PR #636 and #637 of the SW GitHub repo.
You can then also try to import errata information for Ubuntu and Debian.
Robert
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
