Apt preferences?


I recently tried the subsciption-manager for ubuntu 22. It works fine, except we use apt preferences mecanism for our install today, in order to install some packages like firefox from mozilla repo (.deb), and completely disable snap.
Is there a way to do this in foreman ?


Can you describe what you mean by “apt preferences mechanism”?

Ideally provide a detailed workflow description. What configuration files are you editing? What commands are you executing? What are you expecting to happen vs. what does in fact happen?

It is the /etc/apt/preference.d/ that I usually use in order to manage repos priority.

cat /etc/apt/preferences.d/mozillateam
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

And then, when I run apt install firefox, the firefox package available from mozilla repo will be installed instead of the firefox snap package from the Ubuntu distrib.

I know this feature under the name “APT pinning”.

My understanding is that APT pinning works by referencing certain fields of a Release/InRelease file in the configured repository. In your case you are setting a Pin-Priority of 1001 for the Release file that has the line Origin: LP-PPA-mozillateam in it.

The problem is that Katello publishes APT repos in a different structure than the original upstream repository. Which means there may no longer be a Release file with the line Origin: LP-PPA-mozillateam in it.

We are working on having Katello mirror the same repo structure as the original upstream repos, but that is more of a long term effort, see: RFC: Transitioning Katello to "structured APT (deb) content"

In the mean time, you might be able to achieve the result you want, by creating content views with filters to filter out the packages you don’t want used from one repo, to force it to be used from the repo you do want it used from instead. Then you would no longer need APT pinning on your clients.

1 Like

Thanks for this solution. I will try.
When a ubuntu subscribes to foreman did you get the same level of reporting about packages updates and security patch than with RedHat ?


There is currently no Debian/Ubuntu Errata in Katello.

There is an effort to add this, but it is currently stalled and has been for years, see: Fixes #25978 - Debian Errata support by m-bucher · Pull Request #7961 · Katello/katello · GitHub

The orcharhino downstream product (based on Foreman/Katell) has had Debian/Ubuntu errata for some time.

Apt errata seems nice, and doesnt seem stalled, there has been some PRs referencing it and it seems its being worked on despite no news in the thread :slight_smile:

1 Like

Maybe I was unclear and should explain what I mean by “stalled”. Firstly, the Errata work is not and won’t be abandoned. Because it is prat of the downstream orcharhino product, it is being actively maintained.

Because it is such a large feature, for it to be added to upstream Katello requires freeing up a large amount of bandwidth both within the community (to review) and on the contributor side at the same time. This is hard to coordinate, and can always be derailed by other priorities on either side. As a result, no one is in a position to make any promises regarding a timeline. That being said, a major push to get it in some time this year is possible.