пн, 7 июн. 2021 г. в 12:20, Valters Jansons <[email protected]>:
> On Mon, Jun 7, 2021 at 12:34 AM Ismail Azerty <[email protected]> > wrote: > > For some security reasons, our security teams want us to use the > official repository, or recompile the whole project on ubuntu 20. > > Official Ubuntu repositories are "slow" to update due to LTS policies, > ensuring no potentially breaking changes. Focal (20.04) is on 2.0 > series, and will not be getting an update to 2.2. > term "official" maybe treated as "ubuntu official" or "haproxy official". while "ubuntu official" are indeed slow, vbernat PPA is considered as "haproxy official". > > If you want the latest version, then that goes against the official > LTS policy, and therefore you need to either use someone else's build > or build locally. > > > Do you have any ansible playbook, or shell script, that we can use ? > > The PPA in question can be seen on > > https://launchpad.net/~vbernat/+archive/ubuntu/haproxy-2.4/+packages?field.series_filter=focal > and in package details you can see the .debian.tar.xz file. This > contains relevant modifications so that standard Debian/Ubuntu build > process is successful - with dpkg tools, and debuild, and the likes. > If you have internal build processes in place for Ubuntu packages, > this should be simple to integrate. > > Replace 2.4 in the link above with whichever series you are interested > in. If you are rebuilding by hand and/or want to have manual review > processes in place, you might want to opt for an older series - say, > 2.2 - which will have less changes over time. > > There are considerations for proper internal distribution, such as > needing your own signing keys internally. However, further explanation > of the Debian/Ubuntu build processes falls outside of the scope of the > mailing list -- there are plenty of resources online for those > particular tasks. > >

