Describe the issue
Unable to perform apt-update to fetch packages.microsoft.com/ubuntu/22.04

When did the issue occur?
Since this morning, yesterday everything was fine.

If applicable, what package did you attempt to install, and from which repo?
apt-get update, not trying to install a certain package
Steps to Reproduce
apt-get update

Actual Result
`Hit:1 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease [3065 B]
Get:6 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages [52.9 kB]
Get:7 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main all Packages [713 B]
Err:7 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main all Packages
Hash Sum mismatch
Hashes of expected file:

• Filesize:713 [weak]
• SHA512:23a393800e7efebbc2d225680df6eaeb17580c9d691c646b76f4cadb76cadb91d8adb1c8944cd18ac2f21eed4857a012bc5fdafc28a9374cfcebf35abea817dc
• SHA256:213e24202ba7cabe92df422d201bce8f8cf6daaf0a471258a27aaa94ae9662be
  Hashes of received file:
• SHA512:aaf1f56f5346d7d7c21e677a5054ab321442696f17618caa7b0f128644c46acfd021e0dc0679cc3738eca74aed4404ec00a536684ff33f9cc53e2ae4e94f17f3
• SHA256:341456fda1b9f814bcedf5ee0147a9ee2f95b8cd3d50f4bcec9423d3ce61e6b3
• Filesize:713 [weak]
  Last modification reported: Wed, 08 Mar 2023 22:57:55 +0000
  Release file created at: Wed, 08 Mar 2023 22:52:10 +0000
  Fetched 713 B in 0s (1563 B/s)
  Reading package lists... Done
  E: Failed to fetch https://packages.microsoft.com/ubuntu/22.04/prod/dists/jammy/main/binary-all/Packages.gz Hash Sum mismatch
  Hashes of expected file:
  - Filesize:713 [weak]
  - SHA512:23a393800e7efebbc2d225680df6eaeb17580c9d691c646b76f4cadb76cadb91d8adb1c8944cd18ac2f21eed4857a012bc5fdafc28a9374cfcebf35abea817dc
  - SHA256:213e24202ba7cabe92df422d201bce8f8cf6daaf0a471258a27aaa94ae9662be
  Hashes of received file:
  - SHA512:aaf1f56f5346d7d7c21e677a5054ab321442696f17618caa7b0f128644c46acfd021e0dc0679cc3738eca74aed4404ec00a536684ff33f9cc53e2ae4e94f17f3
  - SHA256:341456fda1b9f814bcedf5ee0147a9ee2f95b8cd3d50f4bcec9423d3ce61e6b3
  - Filesize:713 [weak]
  Last modification reported: Wed, 08 Mar 2023 22:57:55 +0000
  Release file created at: Wed, 08 Mar 2023 22:52:10 +0000
  E: Some index files failed to download. They have been ignored, or old ones used instead.
  `
  Expected Result
  to be able to succesfully update the repo
  Screenshots
  

Additional context
Was able to update happily for about 8 hours back. now i m unable to do so.

Describe the issue

The package unixodbc-dev is trying to include the file "unixodbc.h" in version 2.3.11. That file does not exist in the package so it fails.

In version 2.3.7 the file of "unixodbc_conf.h" is part of the installed package and is used.

In version 2.3.11 the file of "unixodbc_conf.h" is part of the installed package but for some reason, the file "unixodbc.h" is referenced in sqltypes.h which is also part of the unixodbc-dev package.

Also, the file "unixodbc_conf.h" in 2.3.11 looks like it has been generated for a particular computer, compared to the file in 2.3.7 that looks like a generic source file ready to be compiled.

When did the issue occur?

The problem was first noticed yesterday, but if you're asking when the problem originated, it is somewhere between unixodbc-dev_2.3.7 and unixodbc-dev_2.3.11.

unixodbc-dev_2.3.7/usr/include/sqltypes.h:

#ifndef SIZEOF_LONG_INT
#include "unixodbc_conf.h"
#endif

unixodbc-dev_2.3.11/usr/include/sqltypes.h line 55-57:

#ifndef SIZEOF_LONG_INT
#include "unixodbc.h"
#endif

If appplicable, what package did you attempt to install, and from which repo?

Package is unixodbc-dev and appears to be installed from:

https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64 unixodbc-dev amd64 2.3.11 [42.1 kB]

Debugging was done by manually downloading files from https://packages.microsoft.com/ubuntu/20.04/prod/pool/main/u/unixodbc/ and inspecting contents of files.

Steps to Reproduce
Short version, try to compile unixodbc into an application and it will fail

In file included from /usr/include/sql.h:19,
                 from /home/runner/work/php-src/php-src/ext/odbc/php_odbc_includes.h:107,
                 from /home/runner/work/php-src/php-src/ext/odbc/php_odbc.c:33:
/usr/include/sqltypes.h:56:[10](https://github.com/php/php-src/actions/runs/4148457300/jobs/7176463762#step:8:11): fatal error: unixodbc.h: No such file or directory
   56 | #include "unixodbc.h"
      |          ^~~~~~~~~~~~
compilation terminated.

I don't have a standalone test case.

Actual Result

Fails to find file as it is looking for the wrong file name.

Expected Result

Compilation succeeds

Screenshots

Additional context

This was noticed as part of PHP's ci

The repoaudit code has this verify variable that I believe is used to control whether to verify the ssl cert when making url requests. We should:

1. Better document this variable as I was unclear what it was used for
2. Expose it via the CLI so users can use it
3. It would be nice to somehow set it globally instead of passing it around from function to function. Maybe we could set up a single session and reuse it whenever making requests

I have spent significant time debugging one of the issues we are having with unixODBC distribution from MS repos installed from

https://packages.microsoft.com/rhel/7/prod/unixODBC-utf16-2.3.1-1.x86_64.rpm

I can definitely see some patches being applied on top of the official unixODBC distribution from http://www.unixodbc.org/ as the functionality is so slightly different (configuration-wise), but Im unable to find the sources to these patches.

Im specifically interested in seeing the code from which RPMs are build from, but this seems to be impossible to find from my perspective. Can anyone please provide a link to the build sources - similar to https://packages.debian.org/source/buster/unixodbc for Debian?

Performing a
sudo apt-get update

after adding repository to Ubuntu

The following error is produced

The repository 'https://packages.microsoft.com/ubuntu/22.04/mssql-server-2022 jammy Release' does not have a Release file.

The same for 20.04 release is working folder structure of 22.04 is not the same with 20.04

Some suggestions:

• We have this RepoErrors model in the code. I like the idea of the model but we pass it to functions as a parameter and they add to it. I imagine we could instead return it from the functions and create an append method that would append errors to a RepoErrors instance.
• The RepoErrors model captures all sorts of results including non-error results so it's a bit of misnomer.
• It's strange that a dist always has to be specified when adding errors to RepoErrors
• When running the CLI and not using file output, a bunch of information just gets spewed out. A lot of the information is unnecessary such as successes

Describe the issue

Same package is present twice with the same pkgid / checksum in this repo: https://packages.microsoft.com/rhel/7/prod/.

From the descriptions, I'm not sure either of these are meant to be in the production repo, but the file named test_1.0.x86_64.rpm sounds like it definitely should not be. These look like accidentally included testing files.

<package type="rpm">
  <name>hello</name>
  <arch>x86_64</arch>
  <version epoch="0" ver="2.8" rel="1"/>
  <checksum type="sha256" pkgid="YES">72e990b90feb06782f2c691628a0c54b2b2aa815d33406723f696ef05fe36d97</checksum>
  <summary>The "Hello World" program from GNU</summary>
  <description>The "Hello World" program, done with all bells and whistles of a proper FOSS
project, including configuration, build, internationalization, help files, etc.</description>
  <packager></packager>
  <url></url>
  <time file="1581462585" build="1455908827"/>
  <size package="87802" installed="225689" archive="234004"/>
  <location href="test_1.0.x86_64.rpm"/>
  <format>
    <rpm:license>GPLv3+</rpm:license>
    <rpm:vendor></rpm:vendor>
    <rpm:group>Development/Tools</rpm:group>
    <rpm:buildhost>chuanliu1.corp.microsoft.com</rpm:buildhost>
    <rpm:sourcerpm>hello-2.8-1.src.rpm</rpm:sourcerpm>
    <rpm:header-range start="4392" end="13724"/>
    <rpm:provides>
      <rpm:entry name="hello" flags="EQ" epoch="0" ver="2.8" rel="1"/>
      <rpm:entry name="hello(x86-64)" flags="EQ" epoch="0" ver="2.8" rel="1"/>
    </rpm:provides>
    <rpm:requires>
      <rpm:entry name="/bin/sh" pre="1"/>
      <rpm:entry name="/bin/sh"/>
      <rpm:entry name="info" pre="1"/>
      <rpm:entry name="info"/>
      <rpm:entry name="rtld(GNU_HASH)"/>
      <rpm:entry name="libc.so.6(GLIBC_2.14)(64bit)"/>
    </rpm:requires>
    <file>/usr/bin/hello</file>
  </format>
</package>
<package type="rpm">
  <name>hello</name>
  <arch>x86_64</arch>
  <version epoch="0" ver="2.8" rel="1"/>
  <checksum type="sha256" pkgid="YES">72e990b90feb06782f2c691628a0c54b2b2aa815d33406723f696ef05fe36d97</checksum>
  <summary>The "Hello World" program from GNU</summary>
  <description>The "Hello World" program, done with all bells and whistles of a proper FOSS
project, including configuration, build, internationalization, help files, etc.</description>
  <packager></packager>
  <url></url>
  <time file="1575568124" build="1455908827"/>
  <size package="87802" installed="225689" archive="234004"/>
  <location href="testrpm-1.0.x86_64.rpm"/>
  <format>
    <rpm:license>GPLv3+</rpm:license>
    <rpm:vendor></rpm:vendor>
    <rpm:group>Development/Tools</rpm:group>
    <rpm:buildhost>chuanliu1.corp.microsoft.com</rpm:buildhost>
    <rpm:sourcerpm>hello-2.8-1.src.rpm</rpm:sourcerpm>
    <rpm:header-range start="4392" end="13724"/>
    <rpm:provides>
      <rpm:entry name="hello" flags="EQ" epoch="0" ver="2.8" rel="1"/>
      <rpm:entry name="hello(x86-64)" flags="EQ" epoch="0" ver="2.8" rel="1"/>
    </rpm:provides>
    <rpm:requires>
      <rpm:entry name="/bin/sh" pre="1"/>
      <rpm:entry name="/bin/sh"/>
      <rpm:entry name="info" pre="1"/>
      <rpm:entry name="info"/>
      <rpm:entry name="rtld(GNU_HASH)"/>
      <rpm:entry name="libc.so.6(GLIBC_2.14)(64bit)"/>
    </rpm:requires>
    <file>/usr/bin/hello</file>
  </format>
</package>

When did the issue occur?

If appplicable, what package did you attempt to install, and from which repo?

Steps to Reproduce

Actual Result

Expected Result

Screenshots

Additional context

Describe the issue
Hi,
it seems the mdatp package is being modified outside of the rpm context. I'd say this is bad practice.

I noticed this during tests with mdatp because during the removal of the rpm a warning like this appears:
warning: file /opt/microsoft/mdatp/lib/libauparse.so.0: remove failed: No such file or directory

so I checked the whole contents of the installed rpm package:

# rpm -qV mdatp
.M.......    /opt/microsoft/mdatp/conf/scripts/mde_autoupdater.sh
.M.......    /opt/microsoft/mdatp/conf/scripts/mde_installer.sh
missing     /opt/microsoft/mdatp/definitions/libmpengine.so
missing     /opt/microsoft/mdatp/definitions/mpasbase.vdm
missing     /opt/microsoft/mdatp/definitions/mpasdlta.vdm
missing     /opt/microsoft/mdatp/definitions/mpavbase.vdm
missing     /opt/microsoft/mdatp/definitions/mpavdlta.vdm
missing     /opt/microsoft/mdatp/lib/libauparse.so.0

If you expect files to change at runtime they should marked as configuration files, but this all looks like you should just remove/change them inside the package spec to fit what you expect instead of modifying the rights (first two) or deleting (the last 6 files) post-install.

If appplicable, what package did you attempt to install, and from which repo?
https://packages.microsoft.com/rhel/8/prod/Packages/m/mdatp_101.94.13.x86_64.rpm
RHEL 8.7, installed via extension

Steps to Reproduce

1. Install defender via extension
2. $ rpm -qV mdatp
3. remove extension
4. $ dnf remove -y mdatp

Actual Result
missing files / changed modes

Expected Result
Package verification should pass

It appears the HTTPS certificate has expired:

Describe the issue
Hi,

We have try to add packages.microsoft.com as a repo, but it was always getting failed even though we have open the firewall to packages.microsoft.com port 443 / https. We need to install mdatp, but without adding this repo, it is not possible.

When did the issue occur?
Has been a constant issue since at least the one months for me

If applicable, what package did you attempt to install, and from which repo?

We try to install https://packages.microsoft.com/config/centos/7/prod.repo on our Centos 7.

Steps to Reproduce

when we try command "sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/prod.repo" or "curl -sSL https://packages.microsoft.com/config/centos/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft-prod.repo",

Actual Result

it always failed due to timeout.

Expected Result
Success to add repo and install mdatp

Screenshots

Here are the error result :

Additional context
my server located in Malaysia/SouthEastAsia Region

Pls anybody can help,
Thanks

We need to support different log levels. Perhaps one easy solution is to add a --verbose flag.

Describe the problem you are experiencing.
Example RHEL8 but it applies to all rhel versions.

http://packages.microsoft.com/rhel/8/prod/Packages/p/packages-microsoft-prod.rpm currently includes a single file /etc/yum.repos.d/microsoft-prod.repo with the contents:

[packages-microsoft-com-prod]
name=packages-microsoft-com-prod
baseurl=https://packages.microsoft.com/rhel/8/prod
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
sslverify=1

Describe any possible solutions that you would like to see.
Supply gpg key in rpm put it into /etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft-EL[789] and use it in the repository file like gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft-EL[789] maybe use different ones for rhel major releases so you can easily update it every couple of years :)

Describe the issue

When did the issue occur?

If applicable, what package did you attempt to install, and from which repo?
Docker container on image ubunutu:22.04 trying to install PowerShell

Steps to Reproduce
Within Dockerfile below is step I am doing to try and install powershell

FROM ubuntu:22.04 as env

ARG GITHUB_RUNNER_VERSION=2.299.1
ARG DEBIAN_FRONTEND=noninteractive
ENV RUNNER_ALLOW_RUNASROOT=true

WORKDIR /root
RUN apt-get update \
    && apt install -y wget

# GitHub runner installation
RUN wget https://github.com/actions/runner/releases/download/v${GITHUB_RUNNER_VERSION}/actions-runner-linux-x64-${GITHUB_RUNNER_VERSION}.tar.gz \
    && tar xzf ./actions-runner-linux-x64-${GITHUB_RUNNER_VERSION}.tar.gz && rm -f actions-runner-linux-x64-${GITHUB_RUNNER_VERSION}.tar.gz

FROM ubuntu:latest as runner

ARG DEBIAN_FRONTEND=noninteractive
ENV RUNNER_ALLOW_RUNASROOT=true
ENV RUNNER_WORKDIR "_work"
ENV ADDITIONAL_PACKAGES ""
ENV ADDITIONAL_FLAGS "--ephemeral"
ENV TERRAFORM_VERSION "1.3.5"
ENV TERRAFORM_DOWNLOAD_URL "https://releases.hashicorp.com/terraform"

RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y curl sudo zip unzip jq wget npm software-properties-common libssl3 \
    && apt-get install -y dpkg

#Remove existing node
RUN apt-get --fix-broken install
RUN apt-get remove -y --purge nodejs libnode-dev libnode72 nodejs-doc

#Add node repo
RUN cd ~
RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -
#install Node 18 node 16 is buggy due to openssl https://github.com/nodejs/node/issues/43132
RUN apt-get update
RUN apt-get install -y nodejs

# lighttpd installation
RUN apt-get install -y lighttpd
COPY lighttpd.conf /etc/lighttpd/lighttpd.conf

# Git installation
RUN apt-get install -y git

# AZ CLI installation
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

RUN sudo apt-get update && sudo apt-get install azure-cli

#RUN sudo apt-get update && sudo apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg \
#    && sudo mkdir -p /etc/apt/keyrings \
#    && curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null \
#    && sudo chmod go+r /etc/apt/keyrings/microsoft.gpg \
#    && sudo apt-get update \
#    && sudo apt-get install azure-cli

RUN sudo sed -i 's,http://us.archive.ubuntu.com/ubuntu,http://archive.ubuntu.com/ubuntu,g' /etc/apt/sources.list \
    && sudo apt update && sudo apt upgrade

#RUN sudo sed -i -e 's/archive.ubuntu.com\|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list \
    #&& sudo apt update && sudo apt upgrade


# Terraform installation
RUN wget "${TERRAFORM_DOWNLOAD_URL}/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \
    && unzip "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \
    && mv terraform /usr/local/bin/

RUN apt-get install -y apt-transport-https software-properties-common \
    && wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" \
    && dpkg -i packages-microsoft-prod.deb \
    && sudo apt-get clean \
    && sudo rm -rf /var/lib/apt/lists/* \
    && sudo apt-get update \
    && sudo apt-get install -y powershell

COPY --from=env /root/ /root/
RUN  /root/bin/installdependencies.sh

COPY entrypoint.sh runsvc.sh ./
RUN sudo chmod u+x ./entrypoint.sh ./runsvc.sh
EXPOSE 8000
ENTRYPOINT ["./entrypoint.sh"]

Actual Result

#22 1.448 Get:1 http://ports.ubuntu.com/ubuntu-ports jammy InRelease [270 kB]
#22 1.525 Get:2 https://deb.nodesource.com/node_18.x jammy InRelease [4563 B]
#22 1.533 Get:3 https://packages.microsoft.com/repos/azure-cli jammy InRelease [3029 B]
#22 1.547 Get:4 http://ports.ubuntu.com/ubuntu-ports jammy-updates InRelease [119 kB]
#22 1.556 Get:5 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease [3065 B]
#22 1.576 Get:6 http://ports.ubuntu.com/ubuntu-ports jammy-backports InRelease [107 kB]
#22 1.602 Get:7 http://ports.ubuntu.com/ubuntu-ports jammy-security InRelease [110 kB]
#22 1.662 Get:8 http://ports.ubuntu.com/ubuntu-ports jammy/multiverse arm64 Packages [224 kB]
#22 1.696 Get:9 http://ports.ubuntu.com/ubuntu-ports jammy/main arm64 Packages [1758 kB]
#22 1.736 Get:10 https://packages.microsoft.com/repos/azure-cli jammy/main all Packages [1096 B]
#22 1.780 Get:11 https://packages.microsoft.com/repos/azure-cli jammy/main arm64 Packages [498 B]
#22 1.838 Get:12 http://ports.ubuntu.com/ubuntu-ports jammy/restricted arm64 Packages [24.2 kB]
#22 1.839 Get:13 http://ports.ubuntu.com/ubuntu-ports jammy/universe arm64 Packages [17.2 MB]
#22 1.885 Get:14 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main all Packages [841 B]
#22 1.942 Get:15 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages [55.8 kB]
#22 1.982 Get:16 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main armhf Packages [6324 B]
#22 1.983 Get:17 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main arm64 Packages [11.7 kB]
#22 2.203 Get:18 https://deb.nodesource.com/node_18.x jammy/main arm64 Packages [778 B]
#22 2.790 Get:19 http://ports.ubuntu.com/ubuntu-ports jammy-updates/multiverse arm64 Packages [14.3 kB]
#22 2.790 Get:20 http://ports.ubuntu.com/ubuntu-ports jammy-updates/restricted arm64 Packages [429 kB]
#22 2.801 Get:21 http://ports.ubuntu.com/ubuntu-ports jammy-updates/universe arm64 Packages [1005 kB]
#22 2.882 Get:22 http://ports.ubuntu.com/ubuntu-ports jammy-updates/main arm64 Packages [1113 kB]
#22 3.040 Get:23 http://ports.ubuntu.com/ubuntu-ports jammy-backports/universe arm64 Packages [22.4 kB]
#22 3.041 Get:24 http://ports.ubuntu.com/ubuntu-ports jammy-backports/main arm64 Packages [49.0 kB]
#22 3.042 Get:25 http://ports.ubuntu.com/ubuntu-ports jammy-security/multiverse arm64 Packages [10.2 kB]
#22 3.042 Get:26 http://ports.ubuntu.com/ubuntu-ports jammy-security/universe arm64 Packages [765 kB]
#22 3.090 Get:27 http://ports.ubuntu.com/ubuntu-ports jammy-security/restricted arm64 Packages [410 kB]
#22 3.111 Get:28 http://ports.ubuntu.com/ubuntu-ports jammy-security/main arm64 Packages [788 kB]
#22 3.442 Fetched 24.5 MB in 2s (11.7 MB/s)
#22 3.442 Reading package lists...
#22 3.869 Reading package lists...
#22 4.219 Building dependency tree...
#22 4.294 Reading state information...
#22 4.304 E: Unable to locate package powershell

Expected Result
powershell to be installed on the container

Screenshots

Additional context
Looks related to a similar issue 3 weeks ago (#48)

Describe the issue
http://packages.microsoft.com/rhel/9/prod/Packages/p/packages-microsoft-prod.rpm
uses
baseurl=https://packages.microsoft.com/rhel/9.0/prod
it should be using
baseurl=https://packages.microsoft.com/rhel/9/prod

If appplicable, what package did you attempt to install, and from which repo?
http://packages.microsoft.com/rhel/9/prod/Packages/p/packages-microsoft-prod.rpm

Steps to Reproduce
dnf install http://packages.microsoft.com/rhel/9/prod/Packages/p/packages-microsoft-prod.rpm
grep baseurl /etc/yum.repos.d/microsoft-prod.repo

Actual Result
baseurl=https://packages.microsoft.com/rhel/9.0/prod

Expected Result
baseurl=https://packages.microsoft.com/rhel/9/prod

I notice the CRLF (a.k.a. ^M) at the end of lines in packages config files - destined for Linux machines. I would not normally expect to see these.

Examples include:

1. The vscode Ubuntu 16.04 config file: https://packages.microsoft.com/config/ubuntu/16.04/prod.list.

While this isn't the cause of my issues of installing vscode on Ubuntu 16.04. I'm sure it doesn't help.

Regards
Nigel

Describe the issue

The certificate expired for https://packages.microsoft.com/

When did the issue occur?

N/A

If applicable, what package did you attempt to install, and from which repo?

Steps to Reproduce

curl,wget,open browser,apt,yum, ect... are showing the certificate as expired

Actual Result

Expected Result

Certificate to not be expired

Screenshots

Additional context

How is this not auto renewed?

Describe the issue
The GPG key used to sign packages for Fedora uses a Positive certification of a User ID and Public Key packet with a SHA-1 signature. Due to recent attacks on SHA-1 Fedora is working to deprecate and disable signatures made with SHA-1 by default, which affects your key. See rhbz#2170878 for more details. Specifically, see comment 61 for a description of the user experience when installing Microsoft Edge on Fedora 38.

When did the issue occur?
Occurs on Fedora 38 at any point in time.

If applicable, what package did you attempt to install, and from which repo?
microsoft-edge-beta-111.0.1661.24-1.x86_64.rpm

Steps to Reproduce
curl -sL https://packages.microsoft.com/keys/microsoft.asc | pgpdump -i and check for "Hash alg - SHA1(hash 2)":

$ curl -sL 'https://packages.microsoft.com/keys/microsoft.asc' | pgpdump -i
Old: Public Key Packet(tag 6)(269 bytes)
	Ver 4 - new
	Public key creation time - Thu Oct 29 00:21:48 CET 2015
	Pub alg - RSA Encrypt or Sign(pub 1)
	RSA n(2048 bits) - c0 2a 86 61 66 52 71 18 d1 96 ce a5 7e d4 e1 b5 c6 24 1e a2 8c 0a 86 cb 06 00 ab dd f9 bb 97 08 62 12 64 9c 13 2d 76 6a 21 c2 22 2c fe e9 a9 d7 19 5a d1 3d 6d 27 3b c8 16 36 31 a9 43 a7 d2 e2 bb 42 9e 93 2c 10 e9 55 57 d5 3e f6 34 f7 f9 12 fe b1 e8 32 d5 ed a5 56 b0 2c d4 00 5f 9e 6f b0 c2 f5 f3 ee 14 b1 1d c6 63 84 62 83 e3 ce b4 3b 70 29 d2 57 82 50 c4 0a a1 53 84 fa 3a 36 ef 45 ac c6 97 76 a0 39 e8 b3 3d 79 91 96 33 2d 51 4b 6d 1d 06 67 46 1b 65 ce 49 b0 22 b5 22 bd b7 c5 3c 3f 9f 12 81 c9 d7 eb 88 75 f3 b3 65 7f 3f a0 a1 ca 2d ed a3 1f ad f6 92 fb 0d cc 91 65 44 e5 6f 18 b6 00 93 65 91 70 bb be 46 38 e0 82 2c 61 c2 20 7e 32 ef c0 f1 37 f8 57 a6 fe 62 9a 52 e3 8a bc 12 f5 6b 33 e4 2f 63 b2 cd 48 e7 df 48 ee 92 96 cc bd a2 2b 06 4d d7 c4 df d9 c2 ee 95 51
	RSA e(17 bits) - 01 00 01
Old: User ID Packet(tag 13)(55 bytes)
	User ID - Microsoft (Release signing) <[email protected]>
Old: Signature Packet(tag 2)(309 bytes)
	Ver 4 - new
	Sig type - Positive certification of a User ID and Public Key packet(0x13).
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - SHA1(hash 2)
	Hashed Sub: signature creation time(sub 2)(4 bytes)
		Time - Thu Oct 29 00:21:48 CET 2015
	Hashed Sub: key flags(sub 27)(1 bytes)
		Flag - This key may be used to certify other keys
		Flag - This key may be used to sign data
	Hashed Sub: preferred symmetric algorithms(sub 11)(5 bytes)
		Sym alg - AES with 256-bit key(sym 9)
		Sym alg - AES with 192-bit key(sym 8)
		Sym alg - AES with 128-bit key(sym 7)
		Sym alg - CAST5(sym 3)
		Sym alg - Triple-DES(sym 2)
	Hashed Sub: preferred hash algorithms(sub 21)(3 bytes)
		Hash alg - SHA1(hash 2)
		Hash alg - SHA256(hash 8)
		Hash alg - RIPEMD160(hash 3)
	Hashed Sub: preferred compression algorithms(sub 22)(2 bytes)
		Comp alg - ZLIB <RFC1950>(comp 2)
		Comp alg - ZIP <RFC1951>(comp 1)
	Hashed Sub: features(sub 30)(1 bytes)
		Flag - Modification detection (packets 18 and 19)
	Hashed Sub: key server preferences(sub 23)(1 bytes)
		Flag - No-modify
	Sub: issuer key ID(sub 16)(8 bytes)
		Key ID - 0xEB3E94ADBE1229CF
	Hash left 2 bytes - 1a 9b
	RSA m^d mod n(2047 bits) - 7d af 2b 2d bd 1e 0e 75 1f d7 5f 14 93 31 d3 f6 bf 17 ee 6f 29 e0 9e 56 a8 a6 bf 24 cc d3 80 be 5c 43 4d b9 26 d8 67 77 91 3c 71 87 14 ba 9e 30 d1 b1 b1 f6 fb 0b b6 71 11 e5 bb 27 fb d2 cd 18 07 c6 6e d9 bc 44 a2 b1 46 11 16 ad ac 82 42 7e 1c 51 11 36 ba 9f 72 2e 39 6d d8 66 ad 4b 32 ed 25 b0 f7 26 f1 74 53 a4 b9 0a 32 28 3d ed 06 68 86 7c e3 50 32 50 5a 38 c5 9d 02 c8 9c f7 ae 6b bc 9b 1d e7 36 1a 65 91 48 d5 4c 13 90 55 d5 28 9b 77 6e 9d cd 82 7d 6f 11 85 f0 8a 31 93 6b e1 57 cf a1 8b 1e e7 89 c0 5d 08 ee e8 37 e0 38 14 90 01 6f 02 cf 07 69 ca f6 0d 16 31 2f 94 49 5d d3 60 8f 82 5d db f8 3a 4f d2 27 99 64 f4 84 04 a5 8e ea fe 74 99 f3 36 23 42 91 b9 fd 29 b5 fb 27 fa 8a d4 86 d1 f3 2e 7a d3 24 66 16 c5 3e 35 d0 85 4d 6e f0 63 41 5b d5 f5 89 fb f2 93 b0 2e
		-> PKCS-1

Actual Result
SHA-1 is used in the "Positive certification of a User ID and Public Key packet" signature.

Expected Result
SHA-1 is not used in any signatures.

Additional context
Please see Microsoft's policy on SHA-1 signed content at https://learn.microsoft.com/en-us/lifecycle/announcements/sha-1-signed-content-retired

Please update your key to not use a SHA-1 signature. The sequoia project has a tool called sq-keyring-linter that can do this for you, see https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c26.

Describe the issue
Trying to install SQL Server on Ubuntu 20.04 as described here now fails with the error The repository 'https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal Release' is not signed.

When did the issue occur?
First occurred at 2023-02-28 20:56:32 UTC.

If applicable, what package did you attempt to install, and from which repo?

https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019

Steps to Reproduce

RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update \
  && apt-get install -yq curl apt-transport-https ca-certificates gnupg wget \
  # Get official Microsoft repository configuration
  && curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
  && curl https://packages.microsoft.com/config/ubuntu/20.04/mssql-server-2019.list | tee /etc/apt/sources.list.d/mssql-server.list \
  && apt-get update \
  # Install SQL Server from apt
  && apt-get install -y mssql-server \
  # Install optional packages
  && apt-get install -y mssql-server-fts \
  # Cleanup the Dockerfile
  && apt-get clean \
  && rm -rf /var/lib/apt/lists 

Actual Result

2023-02-28 20:56:28. deb [arch=amd64,armhf,arm64] https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal main
2023-02-28 20:56:28. Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
2023-02-28 20:56:28. Ign:2 https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal InRelease
2023-02-28 20:56:28. Get:3 https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal Release [2532 B]
2023-02-28 20:56:28. Ign:4 https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal Release.gpg
2023-02-28 20:56:29. Hit:5 http://archive.ubuntu.com/ubuntu focal InRelease
2023-02-28 20:56:29. Hit:6 http://archive.ubuntu.com/ubuntu focal-updates InRelease
2023-02-28 20:56:29. Hit:7 http://archive.ubuntu.com/ubuntu focal-backports InRelease
2023-02-28 20:56:29. Reading package lists...
2023-02-28 20:56:32. 
2023-02-28 20:56:32. E: The repository 'https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal Release' is not signed.

Expected Result

The installation completes without error.

Screenshots

Additional context

This build script was working fine earlier. The script has not changed. This is failing both locally and in our Codeship CI.

Describe the issue
I deployed a Red Hat Linux 8 server, but I could not find HA repository available. We need to install some packages from this repository.
How to enable HA repository on packages.microsoft.com ?

When did the issue occur?
After Installing a new Red Hat Virtual Machine

If appplicable, what package did you attempt to install, and from which repo?

Steps to Reproduce
dnf repolist command does not show HA repository

Actual Result

Expected Result

Screenshots
Not Available.

Additional context
We need to enable HA Red Hat repository in a Red Hat Virtual Machine

How do we add our 1st party packages to packages.microsoft.com?

Describe the issue
Getting consistently slow speeds on packages.microsoft.com for apt packages atleast(code in my case). Somewhere around 50KiB/s even when I am on a 300Mbps connection and getting 22-30MiB/s on other repositories.

When did the issue occur?
Has been a constant issue since atleast the past 6 months for me

If applicable, what package did you attempt to install, and from which repo?
code, from https://packages.microsoft.com/repos/code

Steps to Reproduce
setup code repo, install code, check download speed

Actual Result
~50KiB/s

Expected Result
1MiB/s atleast?

Screenshots

Source

Additional context
I am located in en-IN/India/Asia Pacific region

Describe the issue
The packages.microsoft.com team detected timeouts/504's retrieving content on 13Feb2023. The team rolled back the delivery mechanism to a previous/known-good state to mitigate impact.

The packages in debian repository have a priority of standard. The priority should be optional.

Please refer to the debian policy manual: https://www.debian.org/doc/debian-policy/ch-archive.html#s-priorities. Relevant section is as follows:

• standard: These packages provide a reasonably small but not too limited character-mode system. This is what will be installed by default if the user doesn’t select anything else. It doesn’t include many large applications.
• optional: This is the default priority for the majority of the archive. Unless a package should be installed by default on standard Debian systems, it should have a priority of optional. Packages with a priority of optional may conflict with each other.

Hello, 
there is a conflict between the azure-cli version and the documentation.
azure-iot-cli-extension states that the minium required azure-cli version is v2.32.0
azure-cli packages for RHEL hardcode the python version 3.6 until azure-cli v2.39.
This hardcoded version prevents the latest azure-iot-cli-extension to be installed, because a dependency needs at least python 3.7 (tomli 2.0)
If possible, please change the hardcoded python version or correct the documentation accordingly.
REFERENCES:

• https://github.com/Azure/azure-iot-cli-extension#installation
• Azure/azure-iot-cli-extension#624

Thank you!

An issue with repo metadata generation impacted 3 repositories today (15Mar2022) from 1930 - 2040 UTC. Those repos were:
microsoft-ubuntu-bionic-multiarch-prod
microsoft-debian-buster-prod
microsoft-ubuntu-focal-prod
Attempts to fetch metadata (i.e. apt-get update) would yield a checksum mismatch during this time.

http://packages.microsoft.com/fedora/37 no longer exists.

Describe the issue
The AADSSHLoginForLinux Extension (Version 1.0.2203.1) is currently creating /etc/yum.repos.d/microsoft-prod.repo. It should use https://packages.microsoft.com/rhel/8/prod/Packages/p/packages-microsoft-prod.rpm instead.

When did the issue occur?
This happens on every installation.

If appplicable, what package did you attempt to install, and from which repo?
https://packages.microsoft.com/rhel/8/prod/Packages/a/aadsshlogin-1.0.022090001-1.x86_64.rpm
https://packages.microsoft.com/rhel/8/prod/Packages/a/aadsshlogin-selinux-1.0.022090001-1.x86_64.rpm

Steps to Reproduce
Install AADSSHLoginForLinux extension via https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux

Actual Result

# rpm -qf /etc/yum.repos.d/microsoft-prod.repo
file /etc/yum.repos.d/microsoft-prod.repo is not owned by any package
# rpm -qa|grep -i microsoft
# (no result)

Differences in the file that it rolls out and the package:

# diff /etc/yum.repos.d/microsoft-prod.repo /etc/yum.repos.d/microsoft-prod.repo.rpmorig
3c3
< baseurl=https://packages.microsoft.com/rhel/8/prod
---
> baseurl=https://packages.microsoft.com/rhel/8/prod/
6,7c6
< gpgkey=https://packages.microsoft.com/keys/microsoft.asc
< sslverify=1
---
> gpgkey=https://packages.microsoft.com/keys/microsoft.asc
\ No newline at end of file

Expected Result

# rpm -qf /etc/yum.repos.d/microsoft-prod.repo
packages-microsoft-prod-1.0-1.noarch
# rpm -qa|grep -i microsoft
packages-microsoft-prod-1.0-1.noarch

Additional context
#30 (comment)

I noticed with the Microsoft Edge and Microsoft Visual Studio Code YUM repositories that AppStream metadata is not present in the YUM repository metadata. This makes it impossible for software centers like GNOME Software and Plasma Discover to advertise the availability of those applications when the repositories are enabled on the system.

In particular, Fedora is considering shipping the repository definitions for Visual Studio Code (pagureio#fedora-workstation#283) and Edge (pagureio#fedora-workstation#291), but the lack of proper repository metadata makes it a non-starter.

From a practical perspective, what needs to happen after you create the repository metadata with createrepo_c is:

1. Generate AppStream repodata from the RPMs
2. Append the AppStream repodata to the YUM repository

Step 1 is done by using appstream-builder:

appstream-builder			\
	--origin=Microsoft		\
	--basename=appstream		\
	--cache-dir=/tmp/asb-cache	\
	--enable-hidpi			\
	--max-threads=1			\
	--min-icon-size=32		\
	--output-dir=/tmp/asb-md	\
	--packages-dir=x86_64/		\
	--temp-dir=/tmp/asb-icons

Step 2 is done with modifyrepo_c:

modifyrepo_c				\
	/tmp/asb-md/appstream.xml.gz	\
	x86_64/repodata/
modifyrepo_c				\
	/tmp/asb-md/appstream-icons.tar.gz	\
	x86_64/repodata/

Once this is done, you now have YUM repository metadata with AppStream repository metadata for software centers to leverage for showing your applications for users to install.

Attempting to download
https://www.microsoft.com/en-us/microsoft-teams/download-app#desktopAppDownloadregion
using the buttons there currently leading to
https://packages.microsoft.com/repos/ms-teams/pool/main/t/teams/teams_1.5.00.23861_amd64.deb
and
https://packages.microsoft.com/yumrepos/ms-teams/teams-1.5.00.23861-1.x86_64.rpm
(via redirects)
results in 404 errors.

None of the methods for downloading Ms Teams for Linux described at
https://learn.microsoft.com/en-us/microsoftteams/get-clients?tabs=Linux
currently seem to be available.

Was this release pulled? If so, is there a public statement as to why? Is there a slightly older version which is still available and safe to use?

What is the currently recommended approach for installing Ms Teams client on Linux?

Thanks.

Describe the issue

We're using ubuntu-20.04-xl in GitHub Actions. Running sudo apt-get update within the runner, it occasionally fails (i.e. flaky) although the probability is not high.

When did the issue occur?

Not really sure, but we started encountering this issue ~5 days ago

Steps to Reproduce

Here's a GitHub Actions workflow file:

name: repro
on: [push]
jobs:
  repro:
    runs-on: ubuntu-20.04-xl
    steps:
      - name: step1
        run: |
          sudo apt-get update
          sudo apt-get install postgresql-client-14

Actual Result

Running this gave us the error as follows, sometimes, saying Hash Sum mismatch on armhf packages:

Run sudo apt-get update
Hit:1 http://azure.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://azure.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://azure.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:4 http://azure.archive.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:5 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease [3065 B]
Get:6 http://azure.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2345 kB]
Hit:7 http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal InRelease
Get:8 http://azure.archive.ubuntu.com/ubuntu focal-updates/main Translation-en [405 kB]
Get:9 http://azure.archive.ubuntu.com/ubuntu focal-updates/main amd64 c-n-f Metadata [16.3 kB]
Get:10 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1021 kB]
Get:11 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe Translation-en [237 kB]
Get:12 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [23.5 kB]
Get:13 http://azure.archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [24.9 kB]
Get:14 http://azure.archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [880 B]
Get:15 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages [1968 kB]
Get:16 http://azure.archive.ubuntu.com/ubuntu focal-security/main Translation-en [322 kB]
Get:17 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [12.0 kB]
Get:18 http://azure.archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages [792 kB]
Get:19 http://azure.archive.ubuntu.com/ubuntu focal-security/universe Translation-en [154 kB]
Get:20 http://azure.archive.ubuntu.com/ubuntu focal-security/universe amd64 c-n-f Metadata [17.0 kB]
Get:21 https://packages.microsoft.com/ubuntu/20.04/prod focal/main arm64 Packages [31.5 kB]
Get:22 https://packages.microsoft.com/ubuntu/20.04/prod focal/main armhf Packages [12.3 kB]
Err:22 https://packages.microsoft.com/ubuntu/20.04/prod focal/main armhf Packages
  Hash Sum mismatch
  Hashes of expected file:
   - Filesize:12258 [weak]
   - SHA512:74d0015f1291ffe0cad4626869cbcebf1d1549bf099c4ec25c8ab013c1eefdb587425ffdf3cdf69fab22ae8917eafb73cec2301368ff06a8b543ae0284ef9c0e
   - SHA256:92bd048a636060b0aa8421130bd9e6772990b4d74faa45cb25771fd5c85e1bd9
  Hashes of received file:
   - SHA512:57367683229dfc9887ad38622ac0733922775048e960c58008837a612b0acec86d06aa7c40030cd94a89f3050f83f16a6963f9245226ca0897eae9b66eedb9ba
   - SHA256:7a0258cee1ca6235c1ae8a56a3d030b09f43fdb814f904dfa7179fc8199ae235
   - Filesize:12258 [weak]
  Last modification reported: Fri, 03 Feb 2023 01:58:39 +0000
  Release file created at: Fri, 03 Feb 2023 09:04:19 +0000
Get:23 https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64 Packages [171 kB]
Err:23 https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64 Packages
  
Get:24 https://packages.microsoft.com/ubuntu/20.04/prod focal/main all Packages [2176 B]
Fetched 7895 kB in 2s (4658 kB/s)
Reading package lists...
E: Failed to fetch https://packages.microsoft.com/ubuntu/20.04/prod/dists/focal/main/binary-armhf/Packages.gz  Hash Sum mismatch
   Hashes of expected file:
    - Filesize:12258 [weak]
    - SHA512:74d0015f1291ffe0cad4626869cbcebf1d1549bf099c4ec25c8ab013c1eefdb587425ffdf3cdf69fab22ae8917eafb73cec2301368ff06a8b543ae0284ef9c0e
    - SHA256:92bd048a636060b0aa8421130bd9e6772990b4d74faa45cb25771fd5c85e1bd9
   Hashes of received file:
    - SHA512:57367683229dfc9887ad38622ac0733922775048e960c58008837a612b0acec86d06aa7c40030cd94a89f3050f83f16a6963f9245226ca0897eae9b66eedb9ba
    - SHA256:7a0258cee1ca6235c1ae8a56a3d030b09f43fdb814f904dfa7179fc8199ae235
    - Filesize:12258 [weak]
   Last modification reported: Fri, 03 Feb 2023 01:58:39 +0000
   Release file created at: Fri, 03 Feb 2023 09:04:19 +0000
E: Failed to fetch https://packages.microsoft.com/ubuntu/20.04/prod/dists/focal/main/binary-amd64/Packages.gz  
E: Some index files failed to download. They have been ignored, or old ones used instead.
Error: Process completed with exit code 100.

Expected Result

It always succeeds without any errors

Additional context

I reported this issue to actions/runner-images#7067, and was suggested opening an issue here.

Right now, repoaudit processes things serially. It would greatly benefit from adding asyncio and processing things in concurrently. There are several places where we could process things concurrently so I think the first step would be to identify these places and then prioritize the ones that would be provide the biggest speed up while being easy to implement.

Describe the problem you are experiencing.
PowerShell is not in the Repository for RHEL 9 (https://packages.microsoft.com/rhel/9/)

Describe any possible solutions that you would like to see.
Add PowerShell to the repository like it is for 7 and 8 so we can properly support/patch PowerShell on Linux systems.

Describe the issue
Using the azure image

      publisher: RedHat
      offer: rhel-raw
      sku: 91-gen2

When did the issue occur?
https://packages.microsoft.com/rhel/{{ ansible_facts['distribution_major_version'] }}/prod/
but unable to fetch 9.1 version
https://packages.microsoft.com/rhel/9.1/prod/
Since the sku is released / available how do i know when it is supported in linux package repositories?

Describe the issue

When I try to run apt update I get the following error:

E: The repository 'https://packages.microsoft.com/ubuntu/22.04/prod jammy Release' is not signed.

I believe this is because https://packages.microsoft.com/ubuntu/22.04/prod/dists/ is giving a 403 - so are other versions of Ubuntu.

When did the issue occur?

I first saw this issues around 4pm EST.

If applicable, what package did you attempt to install, and from which repo?
I was attempting to install dotnet-sdk-7.0, but things failed on apt update.

Steps to Reproduce

curl -SLO "https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb" \
    && dpkg -i packages-microsoft-prod.deb \
    && rm packages-microsoft-prod.deb \
    && apt update

Actual Result

E: The repository 'https://packages.microsoft.com/ubuntu/22.04/prod jammy Release' is not signed.

Expected Result
No error.

Screenshots

Additional context

Packages:

• omi
• scx
  These packages does not contain digest information, which means they will fail to install on a system that is running in FIPS mode.
  The packages are available in both RHEL and packages.microsoft.com, and the latter is needed for getting mdatp packages.

So in my mind the packages.microsoft.com repository should contain all necessary digest information to avoid having to use --nodigest --nofiledigest for updating from it.

Describe the problem you are experiencing.

We have an on-premises CICD tool and one of our containers needs to pull from packages.microsoft.com. It is blocked by our company firewall and they require that we provide a static list of IP addresses to allow through and not an FQDN

Describe any possible solutions that you would like to see.

Could you publish a page or add to the default landing page the public IP's to expect for this page or a CIDR range if it could rotate between a few?

Additional context.

The repodata stored on packages.microsoft.com does not currently conform to industry established best practices for software versioning and errata content. Red Hat has for many years been leading in the space, with many other maintainers like Oracle, Rocky, and Alma following the same practices to allow customers and partners to interact with the repository in a meaningful way.

I'll be referencing the omi package to use as an example. https://github.com/microsoft/omi

Security Errata

The updateinfo.xml component of the repodata stores advisory details for the packages in the primary.xml and allows security plugins/parameters to be used by tools like yum/dnf when updating. OMI's most recent published CVE at the time of this posting is CVE-2022-33640. Providing security errata would allow administrators to effectively update their packages when using 'security only' update methodologies. At present moment, all updates are classified as bugfixes, "hiding" the security fixes from admins using the relatively common "security only" methodology. This is concerning and is likely causing CVEs to go un-patched in the wild.

Software Versioning

Packages released typically have multiple version attributes (Epoch, Version, Release). The omi package provides a major/minor version tag in the Version attribute (1.7.0 at the time of this posting). It additionally provides a Release attribute which is commonly noted as either 0 or 1 in the release notes. In the repodata, this is maintained across all OSes.

The industry best practice is to provide some form of additional identifying information on a per-OS basis. For instance, RHEL7 and derivatives use an "{int}.el7" or "{int}.el7_9" format to denote the major/minor release of the OS. RHEL8 and derivatives use a formatting like "{int}.el8". This helps clearly identify which OS a particular RPM was built for.

If we look at the curl package, you find attributes:
Epoch: (none)
Name: curl
Version: 7.61.1
Release: 22.el8
Architecture: x86_64

The omi package has attributes:
Epoch: (none)
Name: omi
Version: 1.7.0
Release: 0
Architecture: x86_64

Seeing slow download speeds when attempting to download a package:

$ curl https://packages.microsoft.com/repos/azure-cli/pool/main/a/azure-cli/azure-cli_2.30.0-1\~bullseye_all.deb --remote-name
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  2 63.4M    2 1375k    0     0   112k      0  0:09:35  0:00:12  0:09:23  117k

Compare this to a package from deb.debian.org:

$ curl https://deb.debian.org/debian/pool/main/a/azure-cli/azure-cli_2.18.0.orig.tar.gz --remote-name
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 80 47.9M   80 38.5M    0     0  9736k      0  0:00:05  0:00:04  0:00:01 9733k

Everytime I updated edge and vscode on my ubuntu22.04, the speed is really so slow, less than 80K/s.
Is there anyway I can speed up?
this is my info :

jj@RRp:~$ dig packages.microsoft.com

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> packages.microsoft.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18409
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;packages.microsoft.com.		IN	A

;; ANSWER SECTION:
packages.microsoft.com.	1083	IN	CNAME	apt-geofence-parent.trafficmanager.net.
apt-geofence-parent.trafficmanager.net.	195 IN CNAME csd-apt-eas-d-2.eastasia.cloudapp.azure.com.
csd-apt-eas-d-2.eastasia.cloudapp.azure.com. 195 IN A 65.52.183.205

;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat May 13 17:31:49 CST 2023
;; MSG SIZE  rcvd: 173

Describe the issue
Updating package msopenjdk-17 to version 17.0.8-1 using yum fails as the rpm is signed with an unknown key.
The rpm is signed with key ID 3135ce90 when it should be signed with key ID BE1229CF.

When did the issue occur?
On 20 Jul 2023 when attempting yum update.

If applicable, what package did you attempt to install, and from which repo?
msopenjdk-17-17.0.8-1.x86_64.rpm from https://packages.microsoft.com/centos/7/prod

Steps to Reproduce
yum update

Actual Result
See attached yum output.

Expected Result
Package installs successfully.

Screenshots
yum.log

Additional context
None.

@henrytill, from microsoft/vscode#180947

• VS Code Version: N/A
• OS Version: Debian Testing

Steps to Reproduce:

1. Ensure that you have the following in /etc/apt/sources.list.d/vscode.list:

### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main

2. Run sudo apt update. You should see something like the following:

Err:5 http://packages.microsoft.com/repos/code stable/main arm64 Packages
  File has unexpected size (66877 != 66951). Mirror sync in progress? [IP: 13.93.152.112 80]
  Hashes of expected file:
   - Filesize:66951 [weak]
   - SHA512:c7d69259f8667ecfa7a3c7ae8a727984091dae27d5aba1e9641c6d6ba0db69979d1c66bd1ab2a0f5c625b2f20e2d3eeb6b613b2278016215ba3e140b9efb1a04
   - SHA256:b77837862bcdb1d00aee0943ea1b07789519af2da0841a87cb60f9adfba41dec
  Release file created at: Wed, 26 Apr 2023 06:55:46 +0000

The Teams Linux packages (rpm and deb) links from the download page point to non-existing files (404 http error) and indeed the repository for teams packages is empty since at least yesterday (2023-02-22).

Over the next two weeks starting 1/24/2023, we will be performing a scheduled configuration rollout to upgrade the PMC infrastructure. This two-week phased operation aligns with our commitment to improving PMC reliability and availability and is expected to be completed by 2/2/2023. During this time, we do not anticipate there to be any impact to our customers. We will communicate further updates, as necessary.

24Jan2023 at 0622 PST

Describe the issue
Azure linux AAD extension install broken - but only sometimes, this is due to repo hosting servers have inconsistent configuration. Some return a 403 vs 301 on the same url. This is an nginx config discrepancy on how it expands url paths

Cut a long story short, azure invokes this script on the vm to install the aad extension

/var/lib/waagent/Microsoft.Azure.ActiveDirectory.AADSSHLoginForLinux-1.0.2203.1/./installer.sh install

Part of this script just a url check (set -x on the script)

+ FILE_EXT=list
+ echo 'deb https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod jammy main'
+ check_url_exists https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod
++ curl -f -sL -w '%{http_code}\n' -I https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod/ -o /dev/nul
+ HTTP_CODE=200
+ '[' 200 == 200 ']'

The critical part is the curl on https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod

Some package endpoint ip return a 301 whilst others return a 403. If you get a 403 this mean a failed install. eg

# from a working machine (i am using wget as its output is more concise and shows the ip)

host-working$ wget https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod
--2023-01-25 13:57:29--  https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod
Resolving packages.microsoft.com (packages.microsoft.com)... 13.81.215.193
Connecting to packages.microsoft.com (packages.microsoft.com)|13.81.215.193|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod/ [following]
--2023-01-25 13:57:29--  https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod/
Reusing existing connection to packages.microsoft.com:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘microsoft-ubuntu-jammy-prod’

# broken machine

host-broken# wget https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod
--2023-01-25 13:57:41--  https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod
Resolving packages.microsoft.com (packages.microsoft.com)... 40.85.80.91
Connecting to packages.microsoft.com (packages.microsoft.com)|40.85.80.91|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-01-25 13:57:42 ERROR 404: Not Found.

# target working ip from above working example but from broken machine 

host-broken# curl https://13.81.215.193/repos/microsoft-ubuntu-jammy-prod -Ik -H "host: packages.microsoft.com"
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Jan 2023 14:01:42 GMT
Content-Type: text/html
Content-Length: 178
Location: https://packages.microsoft.com/repos/microsoft-ubuntu-jammy-prod/
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff

host-working# target broken ip from working machine
$ curl https://40.85.80.91/repos/microsoft-ubuntu-jammy-prod -Ik -H "host: packages.microsoft.com"
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 25 Jan 2023 14:00:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 14
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains

When did the issue occur?
I 1st saw this issue 24/01/23 @ ~ 1400-1500 UTC, it may well have been there longer though

Steps to Reproduce

Actual Result
hit or miss package install
Expected Result
301 or 200 return code every time and successful package install

Screenshots

NA
Additional context

Describe the issue
I wnat download microsoft teams but the link returns a 404.

When did the issue occur?
When i try download teams, i have the same status code with curl and wget.

If applicable, what package did you attempt to install, and from which repo?

i'm trying download microsoft teams from official page

Steps to Reproduce

1. go to link

Actual Result

returns a 404

Expected Result

start download

Screenshots

Additional context
i'm on ubuntu 22.04

Describe the issue
I'm getting errors from apt about unixodbc packages.

$ sudo apt install -f
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
The following additional packages will be installed:
  libodbc1 odbcinst odbcinst1debian2
Suggested packages:
  msodbcsql17 unixodbc-bin
The following NEW packages will be installed:
  libodbc1 odbcinst odbcinst1debian2
0 upgraded, 3 newly installed, 0 to remove and 9 not upgraded.
2 not fully installed or removed.
Need to get 0 B/607 kB of archives.
After this operation, 945 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
(Reading database ... 754326 files and directories currently installed.)
Preparing to unpack .../odbcinst_2.3.11_amd64.deb ...
Unpacking odbcinst (2.3.11) ...
dpkg: error processing archive /var/cache/apt/archives/odbcinst_2.3.11_amd64.deb
 (--unpack):
 trying to overwrite '/etc/odbc.ini', which is also in package unixodbc-common 2
.3.9-5
Preparing to unpack .../odbcinst1debian2_2.3.11_amd64.deb ...
Unpacking odbcinst1debian2:amd64 (2.3.11) ...
dpkg: error processing archive /var/cache/apt/archives/odbcinst1debian2_2.3.11_a
md64.deb (--unpack):
 trying to overwrite '/usr/lib/x86_64-linux-gnu/libodbcinst.so.2.0.0', which is 
also in package libodbcinst2:amd64 2.3.9-5
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Preparing to unpack .../libodbc1_2.3.11_amd64.deb ...
Unpacking libodbc1:amd64 (2.3.11) ...
dpkg: error processing archive /var/cache/apt/archives/libodbc1_2.3.11_amd64.deb
 (--unpack):
 trying to overwrite '/usr/lib/x86_64-linux-gnu/libodbc.so.2.0.0', which is also
 in package libodbc2:amd64 2.3.9-5
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/odbcinst_2.3.11_amd64.deb
 /var/cache/apt/archives/odbcinst1debian2_2.3.11_amd64.deb
 /var/cache/apt/archives/libodbc1_2.3.11_amd64.deb

When did the issue occur?
14 Febuary, 2023

If applicable, what package did you attempt to install, and from which repo?

Just doing automatic apt update. libodbc2 is used by many packages (unrelated to Microsoft). I have http://packages.microsoft.com/ in my apt sources for VS Code.

Steps to Reproduce

• Install an Ubuntu app that uses libodbc2, for example blender.
• Set up http://packages.microsoft.com/
• Try to do an apt upgrade.

Actual Result

Apt fails because of conflicts. The Microsoft version of the package is shipping the v2 library in a libodbc1 package instead of a libodbc2 package. Apt tries to install both at the same time and it can't because both packages try to install the same file.

Expected Result

Microsoft should not be shipping updates to upstream packages in a general package archive like this. Or at minimum, it should be opt-in rather than opt out.

Screenshots

Additional context

Describe the issue
An Azure VM is running CentOS 8.5 (CentOS release = CentOS Linux release 8.5.2111)
and it will not discover azure-client binaries newer than 2.38.0.

Microsoft Rep asked me to create this issue: "
See this official release notes page, James: Manuals/ReleaseNotes/CentOS8.2111 - CentOS Wiki

It appears this version of CentOS went EoL on Dec. 31, 2021 and CentOS 8 Stream needs to be used instead. I'm not sure if this is related, but do note this EoL status.

It looks like https://packages.microsoft.com/yumrepos/azure-cli/Packages/a/ hold no versions of azure-cli above 2.38, so if possible, can you please create a new Github issue with this same request in the Linux Package Repositories github repository, so that the maintainers can properly address why the updated AZ CLI packages aren't made available? This is the best course of action at this time as it will allow you to open direct communication with the repo maintainers about the issue at hand here. let me know once that request is created as well.

Warm Regards,

Skylar Onstot"

The azure-cli rpm packages does not provide versions newer than 2.39.0.

When did the issue occur?
Anytime after 8/2/2022.
according to this page:
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=dnf

If applicable, what package did you attempt to install, and from which repo?

I attempted to install azure-cli from repo at https://packages.microsoft.com/yumrepos/azure-cli

Steps to Reproduce

1. Install VM with CentOS 8.5
2. Install azure-cli repo
3. yum install azure-cli
4. yum list --showduplicates azure-cli

Actual Result

azure-cli 2.39.0 was installed

Expected Result

azure-cli 2.49.0 would be installed.

Screenshots

Additional context

This version of CentOS was selected because it appears on this webpage:
https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching

If and when CentOS 8 Stream appears on the list of supported images for AzureOrchestratedPatching in this webpage, we will be glad to switch to that new OS version.

Describe the issue
Repo config file contains forbidden characters in name. Then dnf/yum cannot sync with repo.

When did the issue occur?
I am a new user, but happened on 2/06/2023 onwards. I do not know if it happened long ago.

If applicable, what package did you attempt to install, and from which repo?

Steps to Reproduce

curl https://packages.microsoft.com/rhel/9/prod/config.repo > /etc/yum.repos.d/msprod.repo
cat etc/yum.repos.d/msprod.repo
dnf update -y

Actual Result

Bad id for repo: rhel/9/prod, byte = / 4

Expected Result
I expected to update dnf cache with repo data, GPG keys, etc.

As you can see, repo's name (rhel/9/prod) is taken from URL or an automated process. DNF complaints about it, if I change these lines everything works as expected:

[packages-microsoft-com-prod-el9]
name=packages-microsoft-com-prod-el9
...

dnf update -y
packages-microsoft-com-prod-el9                 350  B/s | 481  B     00:01    
packages-microsoft-com-prod-el9                 790  B/s | 949  B     00:01    
Importing GPG key 0xBE1229CF:
 Userid     : "Microsoft (Release signing) <[email protected]>"
 Fingerprint: BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
 From       : http://packages.microsoft.com:80/rhel/9/prod/repodata/repomd.xml.key
packages-microsoft-com-prod-el9                 1.2 MB/s | 3.2 MB     00:02    
Last metadata expiration check: 0:00:03 ago on Tue 06 Jun 2023 10:50:56 AM CEST.
Dependencies resolved.
Nothing to do.
Complete!

I set MS repo in a container, so I have tu push an edited local file, which is a hassle...
RPM version is not affected: dnf install -y https://packages.microsoft.com/rhel/9.0/prod/Packages/p/packages-microsoft-prod.rpm
Screenshots

Additional context

Describe the problem you are experiencing.
We want to secure the creation of our linux VMs with disallowing most internet traffic. However during installation certain sources need to be able to be accessed. For other resources such as RHUI Microsoft provides a list of IP addresses which could be whitelisted: https://learn.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-rhui#the-ips-for-the-rhui-content-delivery-servers

Without this information it is not possible for us to allow this traffic or we would need to add another FW that would allow traffic based on DNS.

Describe any possible solutions that you would like to see.

1. List of ip addresses that are behind packages.microsoft.com or even a split per distribution
2. A servicetag in Azure would even be better to allow certain traffic so we don't have to update IP addresses when they change

Over the next two weeks starting 11/7/2022, we will be performing a scheduled configuration rollout to upgrade the PMC infrastructure. This two-week phased operation aligns with our commitment to improving PMC reliability and availability and is expected to be completed by 11/17/2022. During this time, we do not anticipate there to be any impact to our customers. We will communicate further updates, as necessary.

7Nov2022 at 1000 PST