Debian Release file is published with and incrementing Version rather than the Release Version as expected. Instead of “Version = 20.04” or “Version = 18.04” the Version field in pulp is “Version = 1”
which is incremented on change as below
Origin: Pulp 3
Label: bionic-26013252
Suite: bionic
Version: 2
Codename: bionic
Date: Mon, 17 Jan 2022 05:49:53 +0000
Architectures: amd64 all
Components: restricted multiverse universe main
On the published repo pulp_deb publishes the Pulp repo version as the version.
This is by design, though it may well be a bad design with unintended consequences, and no real benefits…
That being said, It would be helpful if you can describe the exact nature of the problematic APT behavior that results from the version. I am at least somewhat surprised, since APT generally accepts arbitrary non-distro repos, so why would the Release-file-version suddenly matter? I am wondering if this was prompted by some new configuration on Ubuntu as well as what the exact symptoms are?
Yes Apt 1.5 and greater ( ubuntu 18 and 20 ) is now using a security system that includes Release and Version and each change must be manually approved as below
apt-get update --allow-releaseinfo-change
with close to 1000 ubuntu servers this is not ideal.
the symptom is apt-get cannot be used in any normal puppet module without changing it.
I’m home now I’ll post the results from a server tomorrow.
Plain apt works as it doesn’t use the security model.
Does that mean the problem is not so much that the version in the Release file is not 18.04/20.04, but rather that the version is frequently changing?
If APT is going to cry every time certain values change in the Release file, that may well affect other fields as well as the version. This is definitely worth opening an issue for at https://github.com/pulp/pulp_deb/issues (I may do so myself as I get to it).
The Label is another such field. I found that out when recreating a repository with the exact same name. The new repository has a different label. I had to run apt-get update --allow-releaseinfo-change on all hosts pointing to the repository. I’ve now started to use content views, and will likely eventually hit this same issue when the version is incremented.
tested and working
/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_deb/app/tasks/publishing.py
line 252 change to self.release[“Label”] = label.split(’-’)[0]
line 257 change to # self.release[“Version”] = version
As a quick fix, I have a PR that disables publishing the release file version and label completely:
The PR includes the possibility of using settings to fall back to the old behaviour.
In the long run, we plan to provide more fine grained user control over various Release file fields, along with a default behaviour that does not clash with apt-secure: