Who maintains boxes at app.vagrantup.com ?
Hello all, not sure, whether this is the right place to ask. If not, please let me know. I was wondering who is in charge of these boxes https://app.vagrantup.com/opensuse ? Are these official openSUSE releases? IOW can I rely on them not containing any malicious code etc.? Thanks and regards -- Till -- Dipl.-Inform. Till Dörges doerges@pre-sense.de PRESENSE Technologies GmbH Nagelsweg 41, D-20097 HH Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges, Jürgen Sander USt-IdNr.: DE263765024 Dieses Jahr sind wir wieder auf der *it-sa* in Nürnberg: 10.-12. Oktober 2023, Halle 7, Stand 227 https://www.itsa365.de/de-de/companies/p/presense-technologies-gmbh Wir freuen uns auf Ihren Besuch!
On 2023-08-21 05:54, Till Dörges wrote:
Hello all,
...
Are these official openSUSE releases?
IOW can I rely on them not containing any malicious code etc.?
The checksums should match the published ones at opensuse.org. https://en.opensuse.org/SDB:Download_help#Checksums https://en.opensuse.org/openSUSE:Tumbleweed_installation -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
Hi, Am Montag, 21. August 2023, 11:54:44 CEST schrieb Till Dörges:
Hello all,
not sure, whether this is the right place to ask. If not, please let me know.
I was wondering who is in charge of these boxes
https://app.vagrantup.com/opensuse
?
Are these official openSUSE releases?
Yes. They are built at https://build.opensuse.org/package/show/openSUSE:Factory/kiwi-images-vagrant
IOW can I rely on them not containing any malicious code etc.?
Probably. It's technically safer to download directly from download.o.o and perform GPG verification, to skip the vagrantup.com middleman: https://download.opensuse.org/tumbleweed/appliances/?P=*vagrant* Cheers, Fabian
Thanks and regards -- Till
On 21.08.23 13:24, Fabian Vogt wrote:
I was wondering who is in charge of these boxes
https://app.vagrantup.com/opensuse
?
Are these official openSUSE releases?
Yes. They are built at https://build.opensuse.org/package/show/openSUSE:Factory/kiwi-images-vagrant
IOW can I rely on them not containing any malicious code etc.?
Probably. It's technically safer to download directly from download.o.o and perform GPG verification, to skip the vagrantup.com middleman:
https://download.opensuse.org/tumbleweed/appliances/?P=*vagrant*
Thanks! And I'm not only interested in Factory/Tumbleweed case, but also Leap. A similar package on OBS exists for Leap 15.5 https://build.opensuse.org/package/show/openSUSE:Leap:15.5/kiwi-images-vagra... But I've not managed to find the result, i.e. the vagrant boxes. Clicking on "Download package" (https://software.opensuse.org//download.html?project=openSUSE%3ALeap%3A15.5&package=kiwi-images-vagrant) gives me Keine Daten für openSUSE:Leap:15.5 / kiwi-images-vagrant (Loosely translated: Nothing for openSUSE:Leap:15.5 ...) So, are the OBS packages https://build.opensuse.org/package/show/openSUSE:Leap:15.*/kiwi-images-vagra... the official sources for Leap at https://app.vagrantup.com/opensuse , too? And if so, can they be downloaded from any other place than vagrantup.com? Thanks and regards -- Till -- Dipl.-Inform. Till Dörges doerges@pre-sense.de PRESENSE Technologies GmbH Nagelsweg 41, D-20097 HH Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges, Jürgen Sander USt-IdNr.: DE263765024 Dieses Jahr sind wir wieder auf der *it-sa* in Nürnberg: 10.-12. Oktober 2023, Halle 7, Stand 227 https://www.itsa365.de/de-de/companies/p/presense-technologies-gmbh Wir freuen uns auf Ihren Besuch!
Hi Till, Till Dörges <doerges@pre-sense.de> writes:
On 21.08.23 13:24, Fabian Vogt wrote:
I was wondering who is in charge of these boxes
https://app.vagrantup.com/opensuse
?
Are these official openSUSE releases?
Yes. They are built at https://build.opensuse.org/package/show/openSUSE:Factory/kiwi-images-vagrant
IOW can I rely on them not containing any malicious code etc.?
Probably. It's technically safer to download directly from download.o.o and perform GPG verification, to skip the vagrantup.com middleman:
https://download.opensuse.org/tumbleweed/appliances/?P=*vagrant*
Thanks!
And I'm not only interested in Factory/Tumbleweed case, but also Leap.
A similar package on OBS exists for Leap 15.5
https://build.opensuse.org/package/show/openSUSE:Leap:15.5/kiwi-images-vagra...
But I've not managed to find the result, i.e. the vagrant boxes. Clicking on
"Download package"
gives me
Keine Daten für openSUSE:Leap:15.5 / kiwi-images-vagrant (Loosely translated: Nothing for openSUSE:Leap:15.5 ...)
So, are the OBS packages https://build.opensuse.org/package/show/openSUSE:Leap:15.*/kiwi-images-vagra... the official sources for Leap at
https://app.vagrantup.com/opensuse
, too?
Yes they are, only OBS/software.o.o cannot find them properly. The images end up here: https://download.opensuse.org/distribution/leap/15.5/appliances/ Cheers, Dan -- Dan Čermák <dcermak@suse.com> Software Engineer Development tools SUSE Software Solutions Germany GmbH Frankenstr. 146 90461 Nürnberg Germany www.suse.com Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
Hi, the published release for 15.5 is in https://build.opensuse.org/package/show/openSUSE:Leap:15.5:Images/kiwi-image..., from where you can find the download repository on https://build.opensuse.org/package/show/openSUSE:Leap:15.5:Images/kiwi-image.... You can download the box and reference the local file in your Vagrantfile, but Vagrant will print a warning about not being to perform automatic update checks of the box. If you want Vagrant to be "aware" of the box origin, you can reference the box .json file from the boxes/ subdirectory instead, for example: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Image... That way it will behave just like a box from the Vagrant cloud. Cheers, Georg From there, you can On 8/23/23 15:02, Till Dörges wrote:
On 21.08.23 13:24, Fabian Vogt wrote:
I was wondering who is in charge of these boxes
https://app.vagrantup.com/opensuse
?
Are these official openSUSE releases?
Yes. They are built at https://build.opensuse.org/package/show/openSUSE:Factory/kiwi-images-vagrant
IOW can I rely on them not containing any malicious code etc.?
Probably. It's technically safer to download directly from download.o.o and perform GPG verification, to skip the vagrantup.com middleman:
https://download.opensuse.org/tumbleweed/appliances/?P=*vagrant*
Thanks!
And I'm not only interested in Factory/Tumbleweed case, but also Leap.
A similar package on OBS exists for Leap 15.5
https://build.opensuse.org/package/show/openSUSE:Leap:15.5/kiwi-images-vagra...
But I've not managed to find the result, i.e. the vagrant boxes. Clicking on
"Download package"
gives me
Keine Daten für openSUSE:Leap:15.5 / kiwi-images-vagrant (Loosely translated: Nothing for openSUSE:Leap:15.5 ...)
So, are the OBS packages https://build.opensuse.org/package/show/openSUSE:Leap:15.*/kiwi-images-vagra... the official sources for Leap at
https://app.vagrantup.com/opensuse
, too?
And if so, can they be downloaded from any other place than vagrantup.com?
Thanks and regards -- Till
On 8/23/23 20:08, Georg Pfuetzenreuter via openSUSE Factory wrote:
Hi,
the published release for 15.5 is in https://build.opensuse.org/package/show/openSUSE:Leap:15.5:Images/kiwi-image..., from where you can find the download repository on https://build.opensuse.org/package/show/openSUSE:Leap:15.5:Images/kiwi-image....
Apologies, the OBS link is https://build.opensuse.org/package/show/Virtualization:Appliances:Images:ope....
You can download the box and reference the local file in your Vagrantfile, but Vagrant will print a warning about not being to perform automatic update checks of the box. If you want Vagrant to be "aware" of the box origin, you can reference the box .json file from the boxes/ subdirectory instead, for example:
https://download.opensuse.org/repositories/Virtualization:/Appliances:/Image...
That way it will behave just like a box from the Vagrant cloud.
Cheers, Georg
From there, you can
On 8/23/23 15:02, Till Dörges wrote:
On 21.08.23 13:24, Fabian Vogt wrote:
I was wondering who is in charge of these boxes
https://app.vagrantup.com/opensuse
?
Are these official openSUSE releases?
Yes. They are built at https://build.opensuse.org/package/show/openSUSE:Factory/kiwi-images-vagrant
IOW can I rely on them not containing any malicious code etc.?
Probably. It's technically safer to download directly from download.o.o and perform GPG verification, to skip the vagrantup.com middleman:
https://download.opensuse.org/tumbleweed/appliances/?P=*vagrant*
Thanks!
And I'm not only interested in Factory/Tumbleweed case, but also Leap.
A similar package on OBS exists for Leap 15.5
https://build.opensuse.org/package/show/openSUSE:Leap:15.5/kiwi-images-vagra...
But I've not managed to find the result, i.e. the vagrant boxes. Clicking on
"Download package"
gives me
Keine Daten für openSUSE:Leap:15.5 / kiwi-images-vagrant (Loosely translated: Nothing for openSUSE:Leap:15.5 ...)
So, are the OBS packages https://build.opensuse.org/package/show/openSUSE:Leap:15.*/kiwi-images-vagra... the official sources for Leap at
https://app.vagrantup.com/opensuse
, too?
And if so, can they be downloaded from any other place than vagrantup.com?
Thanks and regards -- Till
participants (5)
-
Carlos E. R. -
Dan Čermák -
Fabian Vogt -
Georg Pfuetzenreuter -
Till Dörges