* [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories
2025-08-29 8:23 [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products Shannon Sterz
@ 2025-08-29 8:23 ` Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs Shannon Sterz
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Sterz @ 2025-08-29 8:23 UTC (permalink / raw)
To: pbs-devel
uses the keys found under /usr/share/keyrings for the new proxmox
trixie-based releases
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/bin/proxmox-offline-mirror.rs | 99 +++++++++++++++++++++----------
1 file changed, 69 insertions(+), 30 deletions(-)
diff --git a/src/bin/proxmox-offline-mirror.rs b/src/bin/proxmox-offline-mirror.rs
index 6a5063a..cb786cd 100644
--- a/src/bin/proxmox-offline-mirror.rs
+++ b/src/bin/proxmox-offline-mirror.rs
@@ -46,6 +46,7 @@ impl Display for Distro {
}
enum Release {
+ Trixie,
Bookworm,
Bullseye,
Buster,
@@ -54,6 +55,7 @@ enum Release {
impl Display for Release {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
+ Release::Trixie => write!(f, "trixie"),
Release::Bookworm => write!(f, "bookworm"),
Release::Bullseye => write!(f, "bullseye"),
Release::Buster => write!(f, "buster"),
@@ -135,6 +137,17 @@ fn derive_debian_repo(
skip_sections,
};
let url = match (release, variant) {
+ (Release::Trixie, DebianVariant::Main) => "http://deb.debian.org/debian trixie",
+ (Release::Trixie, DebianVariant::Security) => {
+ "http://deb.debian.org/debian-security trixie-security"
+ }
+ (Release::Trixie, DebianVariant::Updates) => "http://deb.debian.org/debian trixie-updates",
+ (Release::Trixie, DebianVariant::Backports) => {
+ "http://deb.debian.org/debian trixie-backports"
+ }
+ (Release::Trixie, DebianVariant::Debug) => {
+ "http://deb.debian.org/debian-debug trixie-debug"
+ }
(Release::Bookworm, DebianVariant::Main) => "http://deb.debian.org/debian bookworm",
(Release::Bookworm, DebianVariant::Security) => {
"http://deb.debian.org/debian-security bookworm-security"
@@ -176,6 +189,13 @@ fn derive_debian_repo(
let url = format!("{url} {components}");
let key = match (release, variant) {
+ (Release::Trixie, DebianVariant::Security) => {
+ "/usr/share/keyrings/debian-archive-trixie-security-automatic.gpg"
+ }
+ (Release::Trixie, DebianVariant::Updates) | (Release::Trixie, DebianVariant::Backports) => {
+ "/usr/share/keyrings/debian-archive-trixie-automatic.gpg"
+ }
+ (Release::Trixie, _) => "/usr/share/keyrings/debian-archive-trixie-stable.gpg",
(Release::Bookworm, DebianVariant::Security) => {
"/usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg"
}
@@ -217,6 +237,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
let dist = read_selection_from_tty("Select distro to mirror", distros, None)?;
let releases = &[
+ (Release::Trixie, "Trixie"),
(Release::Bookworm, "Bookworm"),
(Release::Bullseye, "Bullseye"),
(Release::Buster, "Buster"),
@@ -238,7 +259,9 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
read_selection_from_tty("Select repository variant", variants, Some(0))?;
let default_components = match release {
- Release::Bookworm => "main contrib non-free non-free-firmware",
+ Release::Bookworm | Release::Trixie => {
+ "main contrib non-free non-free-firmware"
+ }
_ => "main contrib non-free",
};
@@ -259,6 +282,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
}
let releases = match release {
+ Release::Trixie => vec![(CephRelease::Squid, "Squid (19.x)")],
Release::Bookworm => vec![
(CephRelease::Quincy, "Quincy (17.x)"),
(CephRelease::Reef, "Reef (18.x)"),
@@ -286,41 +310,46 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
Some(releases.len() - 1),
)?;
- let (base_url, components) = if matches!(release, Release::Bookworm) {
- let variants = &[
- (ProxmoxVariant::Enterprise, "Enterprise repository"),
- (ProxmoxVariant::NoSubscription, "No-Subscription repository"),
- (ProxmoxVariant::Test, "Test repository"),
- ];
+ let (base_url, components) =
+ if matches!(release, Release::Bookworm | Release::Trixie) {
+ let variants = &[
+ (ProxmoxVariant::Enterprise, "Enterprise repository"),
+ (ProxmoxVariant::NoSubscription, "No-Subscription repository"),
+ (ProxmoxVariant::Test, "Test repository"),
+ ];
- let variant =
- read_selection_from_tty("Select repository variant", variants, Some(0))?;
+ let variant = read_selection_from_tty(
+ "Select repository variant",
+ variants,
+ Some(0),
+ )?;
- match variant {
- ProxmoxVariant::Enterprise => {
- use_subscription = Some(ProductType::Pve);
- (
- "https://enterprise.proxmox.com/debian/ceph",
- "enterprise".to_string(),
- )
+ match variant {
+ ProxmoxVariant::Enterprise => {
+ use_subscription = Some(ProductType::Pve);
+ (
+ "https://enterprise.proxmox.com/debian/ceph",
+ "enterprise".to_string(),
+ )
+ }
+ ProxmoxVariant::NoSubscription => (
+ "http://download.proxmox.com/debian/ceph",
+ "no-subscription".to_string(),
+ ),
+ ProxmoxVariant::Test => (
+ "http://download.proxmox.com/debian/ceph",
+ "test".to_string(),
+ ),
}
- ProxmoxVariant::NoSubscription => (
+ } else {
+ (
"http://download.proxmox.com/debian/ceph",
- "no-subscription".to_string(),
- ),
- ProxmoxVariant::Test => (
- "http://download.proxmox.com/debian/ceph",
- "test".to_string(),
- ),
- }
- } else {
- (
- "http://download.proxmox.com/debian/ceph",
- read_string_from_tty("Enter repository components", Some("main test"))?,
- )
- };
+ read_string_from_tty("Enter repository components", Some("main test"))?,
+ )
+ };
let key = match release {
+ Release::Trixie => "/usr/share/keyrings/proxmox-release-trixie.gpg",
Release::Bookworm => "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg",
Release::Bullseye => "/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg",
Release::Buster => "/etc/apt/trusted.gpg.d/proxmox-release-buster.gpg",
@@ -353,6 +382,15 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
// TODO enterprise query for key!
let url = match (release, variant) {
+ (Release::Trixie, ProxmoxVariant::Enterprise) => format!(
+ "https://enterprise.proxmox.com/debian/{product} trixie {product}-enterprise"
+ ),
+ (Release::Trixie, ProxmoxVariant::NoSubscription) => format!(
+ "http://download.proxmox.com/debian/{product} trixie {product}-no-subscription"
+ ),
+ (Release::Trixie, ProxmoxVariant::Test) => {
+ format!("http://download.proxmox.com/debian/{product} trixie {product}-test")
+ }
(Release::Bookworm, ProxmoxVariant::Enterprise) => format!(
"https://enterprise.proxmox.com/debian/{product} bookworm {product}-enterprise"
),
@@ -390,6 +428,7 @@ fn action_add_mirror(config: &SectionConfigData) -> Result<Vec<MirrorConfig>, Er
};
let key = match release {
+ Release::Trixie => "/usr/share/keyrings/proxmox-release-trixie.gpg",
Release::Bookworm => "/etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg",
Release::Bullseye => "/etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg",
Release::Buster => "/etc/apt/trusted.gpg.d/proxmox-release-buster.gpg",
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread* [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs
2025-08-29 8:23 [pbs-devel] [PATCH proxmox-offline-mirror v2 0/2] update pom setup to include trixie based products Shannon Sterz
2025-08-29 8:23 ` [pbs-devel] [PATCH proxmox-offline-mirror v2 1/2] mirror: add support for trixie repositories Shannon Sterz
@ 2025-08-29 8:23 ` Shannon Sterz
1 sibling, 0 replies; 3+ messages in thread
From: Shannon Sterz @ 2025-08-29 8:23 UTC (permalink / raw)
To: pbs-devel
and update the keyring hashes.
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
docs/installation.rst | 50 +++++++++++++++++++++++++++++++++----------
1 file changed, 39 insertions(+), 11 deletions(-)
diff --git a/docs/installation.rst b/docs/installation.rst
index dff7514..b05f43b 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -41,7 +41,8 @@ Debian Package Repositories
All Debian based systems use APT as a package management tool. The lists of repositories are
defined in ``/etc/apt/sources.list`` and the ``.list`` files found in the ``/etc/apt/sources.d/``
-directory. Updates can be installed directly with the ``apt`` command line tool, or via the GUI.
+directory. Newer systems will also use ``.sources`` file in the new deb822 format found at the
+same location. Updates can be installed directly with the ``apt`` command line tool, or via the GUI.
APT ``sources.list`` files list one package repository per line, with the most preferred source
listed first. Empty lines are ignored, and a ``#`` character anywhere on a line marks the remainder
@@ -53,8 +54,8 @@ of that line as a comment. The information available from the configured sources
SecureApt
^^^^^^^^^
-The `Release` files in the repositories are signed with GnuPG. APT is using these signatures to
-verify that all packages are from a trusted source.
+The `Release` files in the repositories are signed with GnuPG. APT is using
+these signatures to verify that all packages are from a trusted source.
.. tip:: If you install Proxmox Offline Mirror on an existing Proxmox VE, Proxmox Backup Server or
Proxmox Mail Gateway, the verification key will already be present.
@@ -64,22 +65,30 @@ the following commands:
.. code-block:: console
- # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg \
- -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O /usr/share/keyrings/proxmox-archive-keyring.gpg
-Verify the SHA512 checksum afterwards with the expected output below:
+.. note:: The `wget` command above adds the keyring for Proxmox releases based on Debian Trixie. Once
+ the `proxmox-archive-keyring` package is installed, it will manage this file. At that point, the
+ hashes below may no longer match the hashes of this file, as keys for new Proxmox releases get
+ added or removed. This is intended, `apt` will ensure that only trusted keys are being used.
+ **Modifying this file is discouraged once `proxmox-archive-keyring` is installed.**
+
+Verify the SHA256 checksum afterwards with the expected output below:
.. code-block:: console
- # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45 /usr/share/keyrings/proxmox-archive-keyring.gpg
-or the md5sum, with the expected output below:
+and the md5sum, with the expected output below:
.. code-block:: console
- # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+ # md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg
+
+.. note:: Make sure that the path that you download the key to, matches the
+ path specified in the ``Signed-By:`` lines in your repository stanzas below.
.. _package_repositories_client_only_apt:
@@ -102,6 +111,25 @@ Proxmox systems.
repository, those ship some updated packages from Debian native packages, which would get pulled
in, even if not required for the offline mirroring.
+Repository for Debian 13 (Trixie) based releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Here are the actual steps for a generic Debian 13 (Bookworm) based system.
+
+First edit the file ``/etc/apt/sources.list.d/pbs-client.sources`` and add the following snippet:
+
+.. code-block:: debian.sources
+ :caption: File: ``/etc/apt/sources.list.d/pbs-client.sources``
+
+ Types: deb
+ URIs: http://download.proxmox.com/debian/pbs-client
+ Suites: trixie
+ Components: main
+ Signed-by: /usr/share/keyrings/proxmox-archive-keyring.gpg
+
+Now you should be able to install the ``proxmox-offline-mirror`` package, see
+:ref:`apt_install_pom`.
+
Repository for Debian 12 (Bookworm) based releases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
2.47.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread