headscale icon indicating copy to clipboard operation
headscale copied to clipboard

Published 20 hours ago verified publisher icon juanfont

Offer Debian repository to keep Headscale installations up to date

Open renne opened this issue 1 year ago • 13 comments

Why

Currently the workflow of security checking of Headscale hosts is quite frustrating.

  1. Regularly log into host and run dpkg -l | grep -i headscale to see which Headscale version is installed.
  2. Go to the releases page of this Github repository.
  3. Check most current release version of Headscale.
  4. Download most current release version of Headscale.
  5. Run sudo dpkg --install headscale.deb to update Headscale.

Description

Offer a package repository for Debian/Ubuntu which can be added to APT. That allows to either run apt update && apt upgrade or even use unattended-upgrades to update Headscale.

renne avatar Aug 12 '23 12:08 renne

Following this, I tought the headscale deb was embedding the hs repository too

mich2k avatar Sep 19 '23 17:09 mich2k

Hi, we do not have capacity to maintain this, we are happy to receive help from someone who can and are willing to maintain this. I have marked this issue with "help wanted".

kradalby avatar Sep 24 '23 21:09 kradalby

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Dec 24 '23 01:12 github-actions[bot]

Anti stale ;-)

renne avatar Dec 25 '23 19:12 renne

It is maybe possible to do with a GitHub CI workflow + GitHub Pages (existing build workflows push to a repo hosted on GitHub Pages).

Example writeup: https://jon.sprig.gs/blog/post/2835 Example workflow: https://github.com/terminate-notice/terminate-notice.github.io/blob/main/.github/workflows/repo.yml

DaAwesomeP avatar Jan 07 '24 19:01 DaAwesomeP

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Apr 07 '24 01:04 github-actions[bot]

Maybe Headscale can be added to the Tailscale repositories?

renne avatar Apr 07 '24 16:04 renne

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Jul 07 '24 01:07 github-actions[bot]

Stale ping.

renne avatar Jul 08 '24 07:07 renne

It is maybe possible to do with a GitHub CI workflow + GitHub Pages (existing build workflows push to a repo hosted on GitHub Pages).

Example writeup: jon.sprig.gs/blog/post/2835 Example workflow: terminate-notice/terminate-notice.github.io@main/.github/workflows/repo.yml

If someone wants to try this, we are open to have it set up, but two potential problems:

  • How much maintenance is it?
  • Will we hit Github bandwidth/transfer limits?

kradalby avatar Jul 08 '24 12:07 kradalby

You guys can use Open Build Service. I've seen plenty of Debian/Fedora repositories hosted there. I never did this myself but I think this could be useful: https://en.opensuse.org/openSUSE:Build_Service_Debian_builds

macthecadillac avatar Jul 20 '24 18:07 macthecadillac

Thats not a bad idea, my main concern with using an external service is that if they shut down, we have to find a new service because if we start offering this, it will no longer be acceptable to not offer it.

kradalby avatar Jul 23 '24 07:07 kradalby

It's quite unimaginable that OBS will shut down in the foreseeable future since it is tied to openSUSE--OBS is to openSUSE as AUR is to Arch. It has also been around for a very long time (openSUSE Build Service reached 1.0 in 2008, so they've been around for at least that long). Granted, every time we rely on some external service there is a chance they get shut down, but the same goes with Github or its build actions, which depends on the whims of Microsoft as much as OBS is on SUSE.

If you worry about the longevity of openSUSE Build Service, there is also Ubuntu's PPA. I don't know if they support building for Debian though.

The least risky way is to contribute to Debian directly, but becoming a Debian maintainer can be a chore (speaking from experience haha)

macthecadillac avatar Jul 23 '24 15:07 macthecadillac