On Tue, 31 Mar 2020 16:06:14 -0400, Muhammad Mosleh Uddin
<mmud...@gmail.com> wrote:
Can somebody help me or is has note how to create channel and repo for
ubuntu16-04 on spacewalk2.9!
--
Muhammad Mosleh Uddin
The good news is that, a few years back, I wrote a post or two in this
list on what I used to create the channels and repos for Ubuntu 16.04 at
our site, using the spacecmd command. You should be able to check the
archive for them. There's also been some discussion between Robert
Pachedag and myself on scripts for adding additional field information to
the Packages repodata files necessary for correct apt dependency checking.
The bad news is that rhn_check stopped working for our site more than a
month back. Apt-get still works although it now claims that packages
aren't signed, even though I'm using updated versions of philicious's
signature-generation scripts and they still work for our Ubuntu 18.04
Channels/repos. That's annoying because we haven't been able to push
updates out from the Spacewalk server and we've needed to log into our
Ubuntu 16 systems to pull them with apt instead. My best guess for that
issue currently is that the upgrade of python3-apt to
python3-apt-1.1.0~beta1ubuntu0.16.04.8-X.amd64-deb broke something. The
change history for that package shows that repository trust checks (based
on signature verification) were added in Ubuntu patch 7, so presumably the
apt signature verification broke earlier but rhn_check just stopped
working when the verification became enforced by the python3 interface.
python-apt (1.1.0~beta1ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter
allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
- Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu14.2), as it will have
to set that parameter after having done validation.
* Necessary backports:
- turn elements in apt_pkg.SourceRecords.files into a class, rather
than
a tuple (w/ legacy compat), so we can get to their hashes
- add apt_pkg.HashStringList
- add apt_pkg.Hashes.hashes
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- Automatic mirror list update
-- Julian Andres Klode <email address hidden> Wed, 15 Jan 2020 17:14:05
+0100
There's a hint in the change log on how to ignore the verification check,
but I would prefer to get it working properly the way it seems to on
Ubuntu 18.04. I've changed the datetime on the Release file to UTC, but
I'm still having this problem. Did I miss something else about it sometime
in the last year?
Thanks,
Paul-Andre
--
*Your privacy is important to us. That is why we have taken appropriate
measures to ensure the data you provide to us is kept secure. To learn more
about how we process your personal information, how we comply with
applicable data protection laws, and care for the security and privacy of
your personal data, please review our Privacy Policy. If you have any
questions related to data protection and compliance with applicable laws,
please contact us at our Security Operations Center at 1-800-674-4357.*
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
