Updating ubuntu 18.04 upgradetool http issue

Buzz

4/13/24, 7:09 AM

I'm currently trying to upgrade a server running ubuntu 18.04.6 LTS to 20.04.6 LTS using the do-release-upgrade tool. I've run into an issue, where after much digging, I noticed in the file /var/lib/update-manager/meta-release-lts the urls held in that file are all http, e.g. UpgradeTool: http://archive.ubuntu.com/ubuntu/dists/focal-updates/main/dist-upgrader-all/current/focal.tar.gz my firewall can not/will not allow the server access to port 80 (http) but 443 (https) it can.

So I thought changing the contents of the file to https would work, however the next time you run do-release-upgrade it overwrites that file, but on top of that the files its trying to retrieve are actually only hosted on http not https, if you try to manually go to the location changing the url to https it fails.

Any alternatives or workarounds?

Thanks

2 + 0

upgrade

do-release-upgrade

Score:0

Ubuntu

Artur Meinild

4/13/24, 9:49 AM

You could change your sources list to one of the mirrors that offer HTTPS support.

See the entire list here.

When you find a mirror you like, replace all instances of http://archive.ubuntu.com/ubuntu with your chosen archive. Imagine you settle on https://mirrors.c0urier.net/linux/ubuntu, then do this to replace:

sudo sed -i 's+http://archive.ubuntu.com/ubuntu+https://mirrors.c0urier.net/linux/ubuntu+g' /etc/apt/sources.list

Now do the upgrade again.

+ 2

Buzz

4/13/24, 10:33 AM

Hi, will see if changing the sources works, although i'm not totally convinced as i think its whatever the do-release-upgrade script does to go and check for the the latest LTS release and then creates the above file i mentioned. Thanks

Buzz

4/13/24, 3:06 PM

So, it almost works, changing the sources.list to a valid https mirror does allow it to connect, then for some reason the do-release-upgrade decides to use the IP of the domain/url its connecting to to download the upgradetool e.g. the focal.tar.gz at this point my corporate firewall inspects the SSL connection and says "nope that ip doesn't equal the name in the cert"

Score:0

Ubuntu

popey

4/13/24, 9:35 AM

The obvious answer is to unblock port 80 for the duration of the upgrade.

Alternatively you could run a webserver hosting the files the upgrade tool needs, and modify either /etc/hosts to point archive.ubuntu.com to your internal host.

Another, more time and resource consuming option would be to host a mirror of the Ubuntu archive internally on your network. Then as with the previous answer, point the server at the internal mirror. There are tools like debmirror which can mirror the entire Ubuntu archive, or selected portions of it.

+ 1

Buzz

4/13/24, 10:31 AM

Hi, as stated cannot allow port 80 (out of my control) Thought about the internal mirror solution myself which might be an option longer term. Thanks

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Updating ubuntu 18.04 upgradetool http issue

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.