From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 8951B1FF186 for ; Fri, 29 Aug 2025 10:23:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 311DE1F918; Fri, 29 Aug 2025 10:23:59 +0200 (CEST) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Fri, 29 Aug 2025 10:23:23 +0200 Message-ID: <20250829082323.55299-3-s.sterz@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250829082323.55299-1-s.sterz@proxmox.com> References: <20250829082323.55299-1-s.sterz@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1756455797649 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.500 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_ASCII_DIVIDERS 0.8 Email that uses ascii formatting dividers and possible spam tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-offline-mirror v2 2/2] docs: document the setup process for trixie installs X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" and update the keyring hashes. Signed-off-by: Shannon Sterz --- docs/installation.rst | 50 +++++++++++++++++++++++++++++++++---------- 1 file changed, 39 insertions(+), 11 deletions(-) diff --git a/docs/installation.rst b/docs/installation.rst index dff7514..b05f43b 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -41,7 +41,8 @@ Debian Package Repositories All Debian based systems use APT as a package management tool. The lists of repositories are defined in ``/etc/apt/sources.list`` and the ``.list`` files found in the ``/etc/apt/sources.d/`` -directory. Updates can be installed directly with the ``apt`` command line tool, or via the GUI. +directory. Newer systems will also use ``.sources`` file in the new deb822 format found at the +same location. Updates can be installed directly with the ``apt`` command line tool, or via the GUI. APT ``sources.list`` files list one package repository per line, with the most preferred source listed first. Empty lines are ignored, and a ``#`` character anywhere on a line marks the remainder @@ -53,8 +54,8 @@ of that line as a comment. The information available from the configured sources SecureApt ^^^^^^^^^ -The `Release` files in the repositories are signed with GnuPG. APT is using these signatures to -verify that all packages are from a trusted source. +The `Release` files in the repositories are signed with GnuPG. APT is using +these signatures to verify that all packages are from a trusted source. .. tip:: If you install Proxmox Offline Mirror on an existing Proxmox VE, Proxmox Backup Server or Proxmox Mail Gateway, the verification key will already be present. @@ -64,22 +65,30 @@ the following commands: .. code-block:: console - # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg \ - -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg + # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O /usr/share/keyrings/proxmox-archive-keyring.gpg -Verify the SHA512 checksum afterwards with the expected output below: +.. note:: The `wget` command above adds the keyring for Proxmox releases based on Debian Trixie. Once + the `proxmox-archive-keyring` package is installed, it will manage this file. At that point, the + hashes below may no longer match the hashes of this file, as keys for new Proxmox releases get + added or removed. This is intended, `apt` will ensure that only trusted keys are being used. + **Modifying this file is discouraged once `proxmox-archive-keyring` is installed.** + +Verify the SHA256 checksum afterwards with the expected output below: .. code-block:: console - # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg - 7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg + # sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg + 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45 /usr/share/keyrings/proxmox-archive-keyring.gpg -or the md5sum, with the expected output below: +and the md5sum, with the expected output below: .. code-block:: console - # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg - 41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg + # md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg + 77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg + +.. note:: Make sure that the path that you download the key to, matches the + path specified in the ``Signed-By:`` lines in your repository stanzas below. .. _package_repositories_client_only_apt: @@ -102,6 +111,25 @@ Proxmox systems. repository, those ship some updated packages from Debian native packages, which would get pulled in, even if not required for the offline mirroring. +Repository for Debian 13 (Trixie) based releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Here are the actual steps for a generic Debian 13 (Bookworm) based system. + +First edit the file ``/etc/apt/sources.list.d/pbs-client.sources`` and add the following snippet: + +.. code-block:: debian.sources + :caption: File: ``/etc/apt/sources.list.d/pbs-client.sources`` + + Types: deb + URIs: http://download.proxmox.com/debian/pbs-client + Suites: trixie + Components: main + Signed-by: /usr/share/keyrings/proxmox-archive-keyring.gpg + +Now you should be able to install the ``proxmox-offline-mirror`` package, see +:ref:`apt_install_pom`. + Repository for Debian 12 (Bookworm) based releases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- 2.47.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel