2

I'm running Ubuntu 14.04 (for testing reasons) and am unable to connect to the internet by any means. How/where do I get updates for this device without having an internet connection? I have access to the internet on my Windows machine but not on any Linux machine.

This is a laboratory environment with no connection to the outside.

Trusty Tahr has to be manually updated with downloads from a CD (using a Windows box) and the CD has to be taken to the machine.

I am just unaware of where to go to get the update packages to update this machine manually. Is it not a VM. We cannot connect using Ethernet (wired) or Wifi. We are unable to diagnose connections because there are none.

Zanna
  • 70,465
Denakat
  • 21
  • 3
  • Comments are not for extended discussion; this conversation has been moved to chat. – Thomas Ward Mar 15 '18 at 18:21
  • 7
    Possible duplicate of How can I install software or packages without Internet (offline)? – Byte Commander Mar 15 '18 at 18:37
  • 1
    @ByteCommander Indeed, I forgot that existed, however OP is in a completely 100% isolated environment, and can't even use USBs, so it devolves into a logistics discussion and budgeting discussion because getting all their updates via CDs/DVDs only is going to be a strain on employee time as well as resources if they have to burn a new CD/DVD every day just for the updates. – Thomas Ward Mar 15 '18 at 18:46
  • NOTE: I made a summary of the various methods I would use in this environment below, and though I don't give you exact answers, I summarize the complexity of the environment as was explained to me in the answer, and why some of the solutions I proposed wouldn't work; feel free to correct me if I got anything wrong. – Thomas Ward Mar 15 '18 at 18:46
  • @ThomasWard: "they have to burn a new CD/DVD every day just for the updates" - but in that situation, this seems to be the way to go here. Get a DVD RW, or even better DVD RAM for the task so that the media can be reused and automate this. If the system is locked down this much as described then it sounds like this is a system that's not running bleeding edge but as stable as can be. So weekly or even monthly updates should be sufficient, and preparing the package update media can be automated to some extent. – 0x01 Mar 15 '18 at 22:00
  • 1
    @0x01 that still has a limit of number of writes. They also can't 'automate' this process since they've got an air-gapped lab environment. They could automate disk creation, update, etc. but that still fix all their issues. They've got an overly locked down 'lab' environment the way they explained it, 14.04 or not they're still in for some headaches. – Thomas Ward Mar 15 '18 at 22:29

1 Answers1

6

Through ongoing discussion with you in chat, it sounds like you're in a hyper-locked-down environment where you can't even use USBs for updates.

This adds some additional considerations. There are many methods such as apt-get download or apt-offline for obtaining updates, however since you can't use USBs it seems on the environment, and would be restricted to CDs/DVDs, you're going to run into physical resource consumption issues with how many CDs/DVDs you'd have to use for such a setup.

While it is entirely doable with apt-offline per another post's answer on apt-offline, and the (translated) blog post about using apt-offline (yes this is a Google Translate link), your primary limitation here is going to be the use of CDs and DVDs. You'd technically be burning one or more disks each time you update.

There are other still-secure methods for updating a private lab environment, however this typically will involve an opening in the 'environment' that will be allowed to communicate to a specific, dedicated system running apt-cacher-ng as an APT proxy, which can then be used as the update mechanism out to the 'net without any other data being able to traverse outbound. However, also in chat, you had mentioned this is a completely isolated, air-gapped, no Internet at all type of setup, so this approach won't work either.

If you are truly in such a restricted lab environment, then your only other update would be regularly rotating out the 'lab' computer that is involved here, and working with a cloned disk image that you'd 'restore' to the lab computer, which you'd pull from an identical system put on an Internet-accessible system that would then pull in its own updates, and then you can use as a disk image base. However, this approach also won't work if you are stuck using only CDs and DVDs; the disk image approach needs space to store the disk images, and that kind of necessitates the use of large-space USB storage.

I think the higher-ups involved here need to have a sit down with someone familiar with building secure lab environments, and discuss what exactly they're attempting to achieve in this 'lab' environment that would require such a heavily locked down environment (Government and security-clearance-needed things come to mind, but it doesn't sound like this is the case here). There are many ways, several of which I use and know as a secure setup thanks to my IT Security background and the needs of the environments at my employers' locations, to keep a 'secure' lab environment while having several acceptable methods for getting updates in a secure method. This is ultimately, however, going to end up as a logistics discussion that goes beyond the scope of this question... at least, as how you explained the environment to me in chat.

Thomas Ward
  • 74,764