How do I create an offline update repo that I can use with dnf on an offline fedora machine?

I have two identical systems running fedora 28. One is online whilst the other is not. I am attempting to create an offline update repo for the offline system on the online system as follows:

dnf clean all

# create directories for the repo
mkdir -p /opt/pdsw/update-repo
mkdir -p /opt/pdsw/update-repo-install

#grab the updates for the offline system
dnf update -y --releasever=28 --best --downloadonly \
    --installroot=/opt/pdsw/update-repo-install --destdir=/opt/pdsw/update-repo 

#update this system
dnf update -y --releasever=28 --best 

#convert the directory to a repo.
createrepo --database /opt/pdsw/update-repo

#create the repo file.
echo "[update-repo]
name=Fedora-$releasever - Offline Update Repo
baseurl=file:///opt/pdsw/update-repo
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-28-fedora
" > /etc/yum.repos.d/update-repo.repo

#create the tarball.
tar -cf kvx-repos.tar /opt/pdsw/update-repo
tar -uf kvx-repos.tar /opt/pdsw/update-repo-install
tar -uf kvx-repos.tar /etc/yum.repos.d/update-repo.repo

Then on the offline system I attempt to perform an update using
the tarball as follows:

#untar our repo files.
tar -C / -xf kvx-repos.tar

#use our repo files to update packages
dnf --disablerepo=\* --enablerepo=update-repo --releasever=28 --best update -y

Unfortunately, during the portion where I grab the updates for the offline system, nothing gets downloaded and I get the following:

Dependencies resolved.
Nothing to do.
Complete!

If I remove the --installroot option, I get the following:

Complete!
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.

Unfortunately, when I use the resulting tarball on the offline system, I get:

Dependencies resolved.
Nothing to do.
Complete!

I’ve tried various permutation of this process but this is where I have landed. I am obviously not understanding something about the update process. What am I doing wrong?

1 Like

So this is the first line from your script above that isn’t working? The downloadonly command?

Correct. If I change

dnf update -y --releasever=28 --best  \
    --downloadonly \
    --installroot=/opt/pdsw/update-repo-install 
    --destdir=/opt/pdsw/update-repo

to

dnf update -y --releasever=28 --best --downloadonly \
    --destdir=/opt/pdsw/update-repo 

(removing the --installroot option) then updates appear to download to destdir.

You are aware, I hope, that fedora 28 is way past EOL (more than 2 years) and the archived repo is not receiving any more updates or fixes.

What this means is that once the system is “up to date” with what is currently archived, there will be no further changes and that the system will be static from that point on. Your “nothing to do” response may be an indication of that fact.

1 Like

Hmmm, yeah: I think "installroot and downloadonly don’t make sense together, because by definition there is no install when using the latter.

But also, yeah, to what @computersavvy says… there aren’t any more F28 updates. That’s probably not going to have huge consequences on an offline system, but does mean that it’s a one-time operation.

1 Like

Yep I understand the comments from @computersavvy. (Thanks @computersavvy) The fact that I do get 506 package downloads to happen after removing the --installroot shows that I have at least one barrage of updates to process. I’m just trying to figure out how to get those onto the offline box.

Also, if I use

dnf update -y --releasever=28

on the online machine, I get the 506 packages to install/update and there are 993 transactions that occur.

See the Fedora Magazine article about the dnf local plugin. Maybe that is what you’re looking for?

1 Like

Hey @glennzo thanks for the article. This would definitely be useful for a cluster of machines on the same network. Unfortunately, I have two networks. One is connected to the web. The other is isolated.
I am downloading the updates on one network and carrying them to the other.

The current method I am trying to use for dnf update works for dnf install with the caveat that the only issue I run into is conflicting package versions (because I have not done the dnf update) and I am forced to use --allowerasing.

Fundamentally, I am just trying to understand why the method of dnf update I am trying to use is not working. Something about the process that has not been illuminated to me. But in essence, I am trying to accomplish what the dnf local plugin might accomplish.

With that said, I could try and replicate the use of the dnf local plugin on both the local and isolated networks and copy the REPO_DIR from the one network to the other once downloads occur on the one; but I would have to get the dnf local plugin installed on the isolated network without package issues. So its kind of like a chicken before the egg scenario.

But like I said, I’d really like to understand why what I am trying to do is not working and whether or not their is an adjustment I need to make to get it to work.

I have a somewhat similar situation and I simply use reposync. Then copy the repos (rsync) to a portable USB disk and upload it to the isolated environment.

On my internet machine I have a script similar to the one below. Also before running the script, create the /example/repo/f33 and /example/repo/f34 directories (or whereever the repo data goes…).

#!/bin/sh
REL=“33 34”
REPOS=“fedora updates fedora-modular updates-modular fedora-cisco-openh264”

for r in $REL
do
for i in $REPOS
do
dnf reposync --repoid=$i --download-path=/example/repo/f$r --releasever=$r --download-metadata
done
done

Note that the first time you run this it WILL take time, but every subsequent update will just download the newest or latest updates. Also I pick both Fedora 33 and 34 in this example, you may want to slim that down to only one release that you need. I would recommend to first do a manual test run on a smaller repo like the “fedora-modular” to test it out. Just replace the variables with the actual values and run the dnf reposync… on the command line.

Once finished I just rsync the repo data over to a USB disk and then rsync it up to the isolated environment.

One thing though. As mentioned you do have a very old Fedora and I’m not entirely sure when the dnf reposync module went into Fedora? I have used the approach described above since Fedora 30.

1 Like

On the online machine, you disable drpm, then download the updates (downloadonly). Then, you copy the updated rpms from dnf cache onto a usb thumbrive.
On the offline machine, you use the usb thumbrive to dnf update ./*

Great thanks! I was finally able to get back to this task and ultimately this is what worked.

On the PC connected to the internet:

dnf update -y --setopt=deltarpm=0 --releasever=28 --best --downloadonly --downloaddir=/path/to/my/dir

On the isolated PC, I mounted my drive, changed directory into the directory containing the downloaded updates, and executed

dnf update --disablerepo=\* -y ./*

I did get a few warnings like:

Package apr-util-bdb not installed, cannot update it.
No match for argument: apr-util-bdb-1.6.1-8.fc28.x86_64.rpm

however, these get installed automatically instead of updated.

2 Likes