* [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products
@ 2025-08-29 8:23 Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs Shannon Sterz
0 siblings, 2 replies; 3+ messages in thread
From: Shannon Sterz @ 2025-08-29 8:23 UTC (permalink / raw)
To: pbs-devel
this adds the trixie based debian and proxmox repositories to the setup
wizzard. also updates the docs to document the information needed to set
up pom on a debian trixie based install.
Changelog
---------
changes since v1:
- updated the proxmox trixi key location to use the key under
/usr/share/keyrings instead of /etc/apt/trusted.gpg.d (thanks @ Thomas
Lamprecht)
- added documentation for installing pom on top of debian trixie
Shannon Sterz (2):
mirror: add support for trixie repositories
docs: document the setup process for trixie installs
docs/installation.rst | 50 ++++++++++++----
src/bin/proxmox-offline-mirror.rs | 99 +++++++++++++++++++++----------
2 files changed, 108 insertions(+), 41 deletions(-)
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories
2025-08-29 8:23 [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products Shannon Sterz
@ 2025-08-29 8:23 ` Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs Shannon Sterz
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Sterz @ 2025-08-29 8:23 UTC (permalink / raw)
To: pbs-devel
uses the keys found under /usr/share/keyrings for the new proxmox
trixie-based releases
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/bin/proxmox-offline-mirror.rs | 99 +++++++++++++++++++++----------
1 file changed, 69 insertions(+), 30 deletions(-)
diff --git a/src/bin/proxmox-offline-mirror.rs b/src/bin/proxmox-offline-mirror.rs
index 6a5063a..cb786cd 100644
--- a/src/bin/proxmox-offline-mirror.rs
+++ b/src/bin/proxmox-offline-mirror.rs
@@ -46,6 +46,7 @@ impl Display for Distro {
}
enum Release {
+ Trixie,
Bookworm,
Bullseye,
Buster,
@@ -54,6 +55,7 @@ enum Release {
impl Display for Release {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
+ Release::Trixie => write!(f, "trixie"),
Release::Bookworm => write!(f, "bookworm"),
Release::Bullseye => write!(f, "bullseye"),
Release::Buster => write!(f, "buster"),
@@ -135,6 +137,17 @@ fn derive_debian_repo(
skip_sections,
};
let url = match (release, variant) {
+ (Release::Trixie, DebianVariant::Main) => "http://deb.debian.org/debian trixie",
+ (Release::Trixie, DebianVariant::Security) => {
+ "http://deb.debian.org/debian-security trixie-security"
+ }
+ (Release::Trixie, DebianVariant::Updates) => "http://deb.debian.org/debian trixie-updates",
+ (Release::Trixie, DebianVariant::Backports) => {
+ "http://deb.debian.org/debian trixie-backports"
+ }
+ (Release::Trixie, DebianVariant::Debug) => {
+ "http://deb.debian.org/debian-debug trixie-debug"
+ }
(Release::Bookworm, DebianVariant::Main) => "http://deb.debian.org/debian bookworm",
(Release::Bookworm, DebianVariant::Security) => {
"http://deb.debian.org/debian-security bookworm-security"
@@ -176,6 +189,13 @@ fn derive_debian_repo(
let url = format!("{url} {components}");
let key = match (release, variant) {
+ (Release::Trixie, DebianVariant::Security) => {
+ "/usr/share/keyrings/debian-archive-trixie-security-automatic.gpg"
+ }
+ (Release::Trixie, DebianVariant::Updates) | (Release::Trixie, DebianVariant::Backports) => {
+ "/usr/share/keyrings/debian-archive-trixie-automatic.gpg"
+ }
+ (Release::Trixie, _) => "/usr/share/keyrings/debian-archive-trixie-stable.gpg",
(Release::Bookworm, DebianVariant::Security) => {
"/usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg"
}
@@ -217,6 +237,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
let dist = read_selection_from_tty("Select distro to mirror", distros, None)?;
let releases = &[
+ (Release::Trixie, "Trixie"),
(Release::Bookworm, "Bookworm"),
(Release::Bullseye, "Bullseye"),
(Release::Buster, "Buster"),
@@ -238,7 +259,9 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
read_selection_from_tty("Select repository variant", variants, Some(0))?;
let default_components = match release {
- Release::Bookworm => "main contrib non-free non-free-firmware",
+ Release::Bookworm | Release::Trixie => {
+ "main contrib non-free non-free-firmware"
+ }
_ => "main contrib non-free",
};
@@ -259,6 +282,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
}
let releases = match release {
+ Release::Trixie => vec![(CephRelease::Squid, "Squid (19.x)")],
Release::Bookworm => vec![
(CephRelease::Quincy, "Quincy (17.x)"),
(CephRelease::Reef, "Reef (18.x)"),
@@ -286,41 +310,46 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
Some(releases.len() - 1),
)?;
- let (base_url, components) = if matches!(release, Release::Bookworm) {
- let variants = &[
- (ProxmoxVariant::Enterprise, "Enterprise repository"),
- (ProxmoxVariant::NoSubscription, "No-Subscription repository"),
- (ProxmoxVariant::Test, "Test repository"),
- ];
+ let (base_url, components) =
+ if matches!(release, Release::Bookworm | Release::Trixie) {
+ let variants = &[
+ (ProxmoxVariant::Enterprise, "Enterprise repository"),
+ (ProxmoxVariant::NoSubscription, "No-Subscription repository"),
+ (ProxmoxVariant::Test, "Test repository"),
+ ];
- let variant =
- read_selection_from_tty("Select repository variant", variants, Some(0))?;
+ let variant = read_selection_from_tty(
+ "Select repository variant",
+ variants,
+ Some(0),
+ )?;
- match variant {
- ProxmoxVariant::Enterprise => {
- use_subscription = Some(ProductType::Pve);
- (
- "https://enterprise.proxmox.com/debian/ceph",
- "enterprise".to_string(),
- )
+ match variant {
+ ProxmoxVariant::Enterprise => {
+ use_subscription = Some(ProductType::Pve);
+ (
+ "https://enterprise.proxmox.com/debian/ceph",
+ "enterprise".to_string(),
+ )
+ }
+ ProxmoxVariant::NoSubscription => (
+ "http://download.proxmox.com/debian/ceph",
+ "no-subscription".to_string(),
+ ),
+ ProxmoxVariant::Test => (
+ "http://download.proxmox.com/debian/ceph",
+ "test".to_string(),
+ ),
}
- ProxmoxVariant::NoSubscription => (
+ } else {
+ (
"http://download.proxmox.com/debian/ceph",
- "no-subscription".to_string(),
- ),
- ProxmoxVariant::Test => (
- "http://download.proxmox.com/debian/ceph",
- "test".to_string(),
- ),
- }
- } else {
- (
- "http://download.proxmox.com/debian/ceph",
- read_string_from_tty("Enter repository components", Some("main test"))?,
- )
- };
+ read_string_from_tty("Enter repository components", Some("main test"))?,
+ )
+ };
let key = match release {
+ Release::Trixie => "/usr/share/keyrings/proxmox-release-trixie.gpg",
Release::Bookworm => "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg",
Release::Bullseye => "/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg",
Release::Buster => "/etc/apt/trusted.gpg.d/proxmox-release-buster.gpg",
@@ -353,6 +382,15 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
// TODO enterprise query for key!
let url = match (release, variant) {
+ (Release::Trixie, ProxmoxVariant::Enterprise) => format!(
+ "https://enterprise.proxmox.com/debian/{product} trixie {product}-enterprise"
+ ),
+ (Release::Trixie, ProxmoxVariant::NoSubscription) => format!(
+ "http://download.proxmox.com/debian/{product} trixie {product}-no-subscription"
+ ),
+ (Release::Trixie, ProxmoxVariant::Test) => {
+ format!("http://download.proxmox.com/debian/{product} trixie {product}-test")
+ }
(Release::Bookworm, ProxmoxVariant::Enterprise) => format!(
"https://enterprise.proxmox.com/debian/{product} bookworm {product}-enterprise"
),
@@ -390,6 +428,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
};
let key = match release {
+ Release::Trixie => "/usr/share/keyrings/proxmox-release-trixie.gpg",
Release::Bookworm => "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg",
Release::Bullseye => "/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg",
Release::Buster => "/etc/apt/trusted.gpg.d/proxmox-release-buster.gpg",
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs
2025-08-29 8:23 [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories Shannon Sterz
@ 2025-08-29 8:23 ` Shannon Sterz
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Sterz @ 2025-08-29 8:23 UTC (permalink / raw)
To: pbs-devel
and update the keyring hashes.
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
docs/installation.rst | 50 +++++++++++++++++++++++++++++++++----------
1 file changed, 39 insertions(+), 11 deletions(-)
diff --git a/docs/installation.rst b/docs/installation.rst
index dff7514..b05f43b 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -41,7 +41,8 @@ Debian Package Repositories
All Debian based systems use APT as a package management tool. The lists of repositories are
defined in ``/etc/apt/sources.list`` and the ``.list`` files found in the ``/etc/apt/sources.d/``
-directory. Updates can be installed directly with the ``apt`` command line tool, or via the GUI.
+directory. Newer systems will also use ``.sources`` file in the new deb822 format found at the
+same location. Updates can be installed directly with the ``apt`` command line tool, or via the GUI.
APT ``sources.list`` files list one package repository per line, with the most preferred source
listed first. Empty lines are ignored, and a ``#`` character anywhere on a line marks the remainder
@@ -53,8 +54,8 @@ of that line as a comment. The information available from the configured sources
SecureApt
^^^^^^^^^
-The `Release` files in the repositories are signed with GnuPG. APT is using these signatures to
-verify that all packages are from a trusted source.
+The `Release` files in the repositories are signed with GnuPG. APT is using
+these signatures to verify that all packages are from a trusted source.
.. tip:: If you install Proxmox Offline Mirror on an existing Proxmox VE, Proxmox Backup Server or
Proxmox Mail Gateway, the verification key will already be present.
@@ -64,22 +65,30 @@ the following commands:
.. code-block:: console
- # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg \
- -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O /usr/share/keyrings/proxmox-archive-keyring.gpg
-Verify the SHA512 checksum afterwards with the expected output below:
+.. note:: The `wget` command above adds the keyring for Proxmox releases based on Debian Trixie. Once
+ the `proxmox-archive-keyring` package is installed, it will manage this file. At that point, the
+ hashes below may no longer match the hashes of this file, as keys for new Proxmox releases get
+ added or removed. This is intended, `apt` will ensure that only trusted keys are being used.
+ **Modifying this file is discouraged once `proxmox-archive-keyring` is installed.**
+
+Verify the SHA256 checksum afterwards with the expected output below:
.. code-block:: console
- # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45 /usr/share/keyrings/proxmox-archive-keyring.gpg
-or the md5sum, with the expected output below:
+and the md5sum, with the expected output below:
.. code-block:: console
- # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg
+
+.. note:: Make sure that the path that you download the key to, matches the
+ path specified in the ``Signed-By:`` lines in your repository stanzas below.
.. _package_repositories_client_only_apt:
@@ -102,6 +111,25 @@ Proxmox systems.
repository, those ship some updated packages from Debian native packages, which would get pulled
in, even if not required for the offline mirroring.
+Repository for Debian 13 (Trixie) based releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Here are the actual steps for a generic Debian 13 (Bookworm) based system.
+
+First edit the file ``/etc/apt/sources.list.d/pbs-client.sources`` and add the following snippet:
+
+.. code-block:: debian.sources
+ :caption: File: ``/etc/apt/sources.list.d/pbs-client.sources``
+
+ Types: deb
+ URIs: http://download.proxmox.com/debian/pbs-client
+ Suites: trixie
+ Components: main
+ Signed-by: /usr/share/keyrings/proxmox-archive-keyring.gpg
+
+Now you should be able to install the ``proxmox-offline-mirror`` package, see
+:ref:`apt_install_pom`.
+
Repository for Debian 12 (Bookworm) based releases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-08-29 8:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-29 8:23 [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs Shannon Sterz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.