podman: apt update errors out on https redirect on 22.04.3

Issue Description

I have a local installation following the official instructions for Ubuntu 22.04: https://podman.io/docs/installation

Lately, I saw that apt complains about the redirect for the podman source:

Ign:5 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable  InRelease
Err:6 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable  Release
  Redirection from https to 'http://download.opensuse.org/repositories/devel:kubic:libcontainers:/unstable/Debian_Unstable/Release' is forbidden [IP: 195.135.223.226 443]
Reading package lists... Done
E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable  Release' does not have a Release file.

Steps to reproduce the issue

run a ubunt:22.04 container
follow Debian install steps in https://podman.io/docs/installation
apt update

Describe the results you received

apt update fails for the podman source.

Describe the results you expected

apt update should work using the podman source. installation steps should work on 22.04

podman info output

The issue affects installing podman.

Podman in a container

Privileged Or Rootless

None

Upstream Latest Release

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

About this issue

Original URL
State: closed
Created 8 months ago
Reactions: 1
Comments: 21 (4 by maintainers)

Most upvoted comments

Please don’t downgrade to HTTP, that’s not a valuable workaround for security reasons.

saschagrunert on Nov 15, 2023

Everyone,

The issue should be resolved now.

Please verify that the HTTPS works correctly for you - both the main repository URL and the local mirrors (where the requests would be redirected to) should be using HTTPS endpoints now.

I also encourage everyone who eagerly went ahead and made updates to use plain HTTP to revert the changes back to use HTTPS, if possible.

kwilczynski on Nov 15, 2023

@lsm5

First of all thank you for maintaining the unstable repos up until now. 🙏

I’m distracted by other tasks to spend time on this. So, I strongly suggest fetching podman through other repos. I will update the official docs to remove any references to this unstable repo.

For Debian/Ubuntu users can you recommend alternative repos ?

Timost on Nov 16, 2023

Okay, I got it working by doing just one thing

within my installation script I’ve changed the below part

echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list

mkdir -p /usr/share/keyrings
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg

to below one (note the https -> http)

echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list

mkdir -p /usr/share/keyrings
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg

So, my cautious suggestion for those who try to update CRIO, please try changing the protocol specified in files within /etc/apt/sources.list.d/ directory and then see what happens

seantywork on Nov 15, 2023