Keeping older version of packages in OISF PPA

antoninbas · May 1, 2023, 10:21pm

I was wondering if it would be possible to keep recent versions of Suricata available in the OISF PPA archives? At the moment, only the most recent build for each architecture is available. This can be an issue if the latest build suffers from a “major” bug that impacts specific use cases.

For example, currently only this build is available to install on Ubuntu 22.04:

# apt-cache policy suricata
suricata:
  Installed: (none)
  Candidate: 1:6.0.11-0ubuntu0
  Version table:
     1:6.0.11-0ubuntu0 500

But this version suffers from a bug (Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive. - Suricata - Open Information Security Foundation) that negatively impacts our project which depends on (and ships with) Suricata. We would like to be able to downgrade to 6.0.10, but this is not possible unless we are willing to build & install Suricata from source. This is definitely an option, and has the most flexibility, but this is definitely more involved.

It would be great if we could “just” run apt-get install suricata=6.0.10 to install a slightly older release instead. Unfortunately it seems that older builds are always immediately removed from the PPA.

pevma · May 2, 2023, 7:13am

We actually do not remove the older packages. PPA automatically supersedes the packages.
I will have a look if we could keep somehow and older version.

vjulien · May 2, 2023, 5:19pm

Side note: /var/cache/apt/archives/ often contains older package versions if they were previously installed. Cache may have been cleared, but its worth checking.

antoninbas · May 2, 2023, 7:46pm

Thanks for the replies.
@vjulien We have a docker build, so we start from “scratch” (base ubuntu 22.04 image), and there is no cache
@pevma Thanks for the info. What is a bit surprising to me is that the old built files are no longer available for download (see amd64 build of suricata 1:6.0.10-0ubuntu5 : suricata-6.0-test : OISF for an example).

pevma · May 3, 2023, 6:10am

I’ve investigated a bit further this. The packages in the stable repos are copied over after building and testing is finished from the test repos - this might be the reason. Older packages are available in the original test repos though.

antoninbas · May 3, 2023, 5:45pm

I am not able to see them in the test repos either:

$ add-apt-repository ppa:oisf/suricata-6.0-test
$ apt-cache policy suricata
suricata:
  Installed: (none)
  Candidate: 1:6.0.11-0ubuntu0
  Version table:
     1:6.0.11-0ubuntu0 500
        500 https://ppa.launchpadcontent.net/oisf/suricata-6.0-test/ubuntu jammy/main amd64 Packages
     1:6.0.4-3 500
        500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

Topic		Replies	Views
Installing Suricata on Ubuntu VM under Virtualbox	6	57	September 26, 2024
OISF Suricata PPA does not support Ubuntu 24.04 (noble) Help suricata	4	166	August 4, 2024
Suricata does not install on ubuntu Help suricata	21	1311	October 10, 2023
RFC: Suricata RPMs	18	2386	November 23, 2020
Considering upgrade to suricata 6.0.10	6	578	March 11, 2023

Keeping older version of packages in OISF PPA

Related topics