Question on Ubuntu Patching in Air-Gapped Environments

Hi everyone,

Based on my review of the documentation and using the AirgapTool on Patches for Ubuntu Sites with the FileList option, it appears that this process only downloads the AirgapResponse file, not the actual binaries. This suggests that the download link is not included. I also couldn’t find any information about using the Download Cacher for this specific use case.

If my understanding is correct, the customer would need to follow these steps to patch their Ubuntu machines:

• Set up a procedure on an internet-facing machine to download the Ubuntu repository.
• Transfer the repository content to an internal server with an HTTP server to serve the repo.
• Disable all existing repos on the Ubuntu machines in the air-gapped environment.
• Add the new internal repository to those machines.

Additionally, I have a question regarding PGP keys. I haven’t seen any tasks or documentation on how to handle PGP keys for Ubuntu patching.

Given your experience , could you advise on the recommended approach for this situation? We are looking to minimize the need for additional servers, such as Download Plugins and Download Cachers, as we have been able to do for RHEL.

Your expertise would be greatly appreciated.

Hi @orbiton You’ll also need to use fixlet # 22 Enable custom repository support - Ubuntu in Patching Support site on these endpoints. It enables the following client setting on the targeted endpoints:

_BESClient_Ubuntu_AllowAPTDownloads=1

This setting will enable apt-get to perform the necessary downloads from the configured repositories on the endpoints. When the custom repository support is enabled, the Fixlets stop downloading the metadata and packages through the BigFix infrastructure and let apt-get download the necessary files directly from the repository.
Thanks, Gus.

Thanks @gus
So it seems like the only way for patching Ubuntu in Airgapped Environment, at the moment