Need help proxying launchpad for internal artifactory

It's possible to create a private question, or to work with us in private by e-mail to <email address hidden>

Back to your question: can you please describe what you're hoping to achieve? https://launchpad.net/ does not serve a valid Ubuntu archive. Are you trying to proxy to a PPA or to the main Ubuntu archive?

If the latter, you're better off configuring https://archive.ubuntu.com/ubuntu/ as your upstream Ubuntu archive. Though, this should be possible directly within Artifactory when you choose to create a "Remote Repository" of type "Debian", without needing to specify manual information (I just tested with a SaaS Artifactory instance I have access to, and it pre-populates http://archive.ubuntu.com/ubuntu/ for the URL field).

Hi, Clinton.

I was able to configure archive ubuntu with the company's internal artifactory. However, when I did a simple 'apt-get update', and test the image on Microsoft Defender, it had a ton of vulnerabilities. (this is with the internal artifactory). In comparison, without the internal artifactory, only one vuln pops up. So in discussing with the artifactory team, they suggested to also add download-nvidia and launchpad (their proxies of it). In hopes that it would remediate the vulnerabilities.

To answer your question, I would like PPA as well. I think we need everything for the environment my team is trying to build. Unfortunately, the Azure subscription we use for production does not allow me to just download artifacts, I have to go through our internal artifactory. Properly proxying launchpad and download-nvidia is needed.

"Though, this should be possible directly within Artifactory when you choose to create a "Remote Repository" of type "Debian", without needing to specify manual information (I just tested with a SaaS Artifactory instance I have access to, and it pre-populates http://archive.ubuntu.com/ubuntu/ for the URL field)."

Thank you. Would this approach also work for Launchpad? I'll relay this back to my company's artifactory team.

Also, thank you for the email address. If we can't resolve in this question, I'll reach out there and CC our company's artifactory team.

Sorry, I'm still not clear on exactly what you would like.

There are no Ubuntu archives hosted on the main Launchpad domain (i.e. https://launchpad.net). However there are Ubuntu archives hosted on http://archive.ubuntu.com/ubuntu/ (the main archive) and on http://ppa.launchpadcontent.net/ (from which all PPAs are served).

Both of these types (the main archive and PPAs) function as targets for e.g. apt.

Nothing with a URL base of https://launchpad.net/ will function in a way that will be an acceptable target for e.g. apt. You should not try to use or proxy Launchpad, as this would not serve any useful purpose (and would not work with e.g. apt).

I can't speak to how your company's Artifactory is setup, and you haven't mentioned which Ubuntu series (i.e. xenial, focal, jammy, etc) you're using. You also haven't mentioned what packages you're attempting to retrieve, so I also can't comment on the state of those packages in Ubuntu, vulnerability-wise.

You mentioned "download-nvidia"; can you clarify what this is? Is it a PPA, or is it some third-party repository?

It sounds like you need an Artifactory "Remote Repository" for each of:
- https://archive.ubuntu.com/ubuntu/
- http://ppa.launchpadcontent.net/<insert PPA path here>
- <insert download-nvidia repository URL here>

Each of those repositories would be associated with respective addresses
- https://<your domain>/artifactory/mainarchive/
- https://<your domain>/artifactory/someppa/
- https://<your domain>/artifactory/download-nvidia/

Then you would configure your client (i.e. apt) by adding new lines to your /etc/apt/sources.list (or similar).

Hi Clinton - Thanks for helping me out on this. This isn't my expertise, so I apologize for not being clear. From my perspective, I just try to download the packages from Ubuntu. Everything works fine when I'm not going through the internal artifactory. For the Azure Sub we have that can ingest production data, I need to go through the company's artifactory as an added security measure.

I can give you a list of apt packages we need.

git
libc6-dev
bsdutils
ffmpeg

In the event there's a vulnerability, it's usually resolved by upgrading a package within Ubuntu.

"I can't speak to how your company's Artifactory is setup, and you haven't mentioned which Ubuntu series (i.e. xenial, focal, jammy, etc)"

I have it setup to go through focal. That's what the internal documentation suggested. Maybe some of the packages I need are not available in focal? I also tried adding jammy as well.

Here's some examples of getting azure-ubuntu, archive-ubuntu, etc configured with internal artifactory. They're all pointing to focal.

(I commented out download-nvidia and launchpad since they weren't working at all)

RUN echo "deb [trusted=yes] https://inteneral_artifactoryA.com/artifactory/azure-ubuntu/ubuntu focal main universe multiverse restricted" >> /etc/apt/sources.list.d/internalA.list
RUN echo "deb [trusted=yes] https://inteneral_artifactoryA.com/artifactory/archive-ubuntu/ubuntu focal main universe multiverse restricted" >> /etc/apt/sources.list.d/internalA.list
#RUN echo "deb [trusted=yes] https://inteneral_artifactoryA.com/artifactory/download-nvidia focal main universe" >> /etc/apt/sources.list.d/internalA.list
#RUN echo "deb [trusted=yes] https://inteneral_artifactoryA.com/artifactory/launchpad focal main universe" >> /etc/apt/sources.list.d/internalA.list
RUN echo "deb [trusted=yes] https://inteneral_artifactoryA.com/artifactory/security-ubuntu/ubuntu focal main universe multiverse restricted" >> /etc/apt/sources.list.d/internalA.list

"You mentioned "download-nvidia"; can you clarify what this is? Is it a PPA, or is it some third-party repository?" They are packages from Nvidia - we also need to figure out how to properly proxy this. I believe it would be considered a third party repository

If you go here, you can see there are packages here:

https://download.nvidia.com/

"It sounds like you need an Artifactory "Remote Repository" for each of:
- https://archive.ubuntu.com/ubuntu/
- http://ppa.launchpadcontent.net/<insert PPA path here>
- <insert download-nvidia repository URL here>"

That's correct. From what you told me, Launchpad (how my company is proxying it, is incorrect.) The proxy should be ppa.launchpad.net instead?

would it be possible to simply proxy ppa.launchpad.content.net in full, or I guess we would need to specify the PPA path as well?