如何使用 Jfrog Debian 远程仓库作为 Ubuntu package 仓库？

Question

I am working in an inte.net restricted environment and trying to create a docker image for my Azuredevops build agent with certain Software's installed in it. Below is the Dockerfile which I am trying to achieve and there are multiple apt-get install commands to install them. But as inte.net is not enabled directly to ubuntu.archive.com, and mirror repositories, I am blocked with the build.

So as an alternate option, I am trying to use our Private jfrog repository, where the I can create a remote repo to the Debian repository url.

So in Jfrog I created virtual repo called(ubuntu-virtual) and added local (ubuntu-local) and remote (ubuntu-remote) inside it.

The ubuntu-remote repo is pointing to http://archive.ubuntu.com/ubuntu and In artifactory, we are able to browse the ubuntu packages eg: https://myrepo/artifactory/ubuntu-virtual/pool/main/

FROM ubuntu:18.04
#2-Enable Ubuntu Packages
COPY ./sources.list /etc/apt/
#3- Install basic Softwares
ENV DEBIAN_FRONTEND=noninteractive
RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    wget \
    jq \
    git \
    iputils-ping \
    libcurl4 \
    libicu60 \
    libunwind8 \
    netcat \
    telnet \
    libssl1.0 \
    python \
    python3 \
    nodejs \
    python3-setuptools \
    python3-pip \
    vim \
    openjdk-11-jdk-headless \
    gnupg \
    make \
    yarn\
    apt-transport-https \
    lsb-release \
  && rm -rf /var/lib/apt/lists/*

Then I locally created a file called source.list and added below lines. Then I tried add the COPY command in dockerfile to place this file in /etc/apt.

deb https://myrepo/artifactory/oubuntu-virtual/ stretch main contrib non-free
deb https://myrepo/artifactory/ubuntu-virtual/ stretch-updates main contrib non-free

/etc/apt/sources.list

But the Builds are still failing

Step 5/14 : RUN apt-get update && apt-get install -y --no-install-recommends     ca-certificates     curl     wget     jq     git     iputils-ping     libcurl4     libicu60     libunwind8     netcat     telnet     libssl1.0     python     python3     nodejs     python3-setuptools     python3-pip     vim     openjdk-11-jdk-headless     gnupg     make     yarn    apt-transport-https     lsb-release   && rm -rf /var/lib/apt/lists/*
 ---> Running in xxxxxxxxxxxx
Ign:1 https://myrepo/artifactory/ubuntu-virtual stretch InRelease
Ign:2 https://myrepo/artifactory/ubuntu-virtual stretch-updates InRelease
Err:3 https://myrepo/artifactory/ubuntu-virtual stretch Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification.
Err:4 https://myrepo/artifactory/ubuntu-virtual stretch-updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. 

Answer 1

Error indicates that the ubuntu client itself unable to trust the certs related to Artifactory URL. Hence, try adding the respective certs to the client (/etc/ssl) or use 'sudo apt install ca-certificates' to update certs. Also we can make use of flag '[trusted=yes]' to trust the https URLs if allowed ie something like below:

deb [trusted=yes] https://myrepo/artifactory/ubuntu-virtual  stretch Release

There is a thread here with possible reasons and recommendations around the issue.