Today, I want to celebrate the new Ubuntu release: Noble Numbat. It came out a few days ago and as usual it comes with a new kernel, new Gnome, a bunch of fixes and cool new features. BUT! More importantly, it’s an LTS, a Long Term Support release, meaning it’ll receive updates for 5 years, making it a distribution of choice for a large chunk of the Ops crowd.
It also means that now starts the slow migration from previous Ubuntu versions, such as Jammy, Focal, maybe even Bionic! And it’s a perfect time to have a discussion about packaging and version lifetimes. If you’ll allow me, I’m taking you along for a tour of packaging background, with a couple of exciting announcements as well as a teaser at the end[1].
Ubuntu has Varnish packages
This shouldn’t be a surprise if you consider three factors:
- Ubuntu inherits most of its package library from Debian
- And Debian pretty much packages everything available under the sun
- Varnish is made to be POSIX compatible, so it runs on Debian. I mean, it even runs on OpenSolaris!
So, of course, Varnish is neatly packaged for Ubuntu, including noble
. However, there’s a problem. Let me show you:
noble
ships version 7.1 of Varnish, which at the time of writing, 6 hours after the noble release, has been EOL’d more than 13 months ago! How? Why?
Very simply, it’s a combination of factors:
- Varnish releases 1 new version every 6 months, and each is maintained for a year (except for the LTS)
- Ubuntu imports packages definitions from Debian before the release and then freezes their versions
- Debian being focused on stability, some packages can be slow to get updates
So, this leads to new releases being stuck with old, or even unmaintained versions of otherwise fast-moving projects. Note that I’m not dunking on anyone here, each decision makes sense individually, “we” just happened to be in that weird inefficient zone.
Thankfully, the open-source world is…well, open…and it gives us the tools to help with the situation.
Varnish has Varnish packages too
The solution is obvious: we can roll out our own packages! And we’ve actually been doing this for a long while on packagecloud.io. Every official release is packaged automatically and published by Varnish Software to make sure you have access to up-to-date packages.
And it’s not just a convenience thing, it’s a security concern too. Varnish is dedicated to being a state-of-the-art reverse-proxy, a critical part of your infrastructure. But if we patch issues without actually getting the fix into our users’ hands, it’s all for naught.
Note that we can’t package for all distributions so we mainly focus on debian
and redhat
-based ones, and we ignore rolling releases like arch
(that I use, by the way) and alpine
since they are very good at staying up-to-date, thanks to their release policy.
If you need some help installing these packages on your Ubuntu server, have a look at the tutorial we created on our Developer Portal.
The big news
Thanks to my colleague/friend/wizard Simon, the packagecloud.io repository got Varnish packages for noble
about 6 hours after the noble
release announcement, pretty great.
Pretty great, but that’s not all. If you’ve been following Varnish packages for a while (true, it’s a pretty niche topic), you’ll know that historically, when a Varnish version was released, we would package for whatever supported distribution was out at that time, and we wouldn’t look back.
It’s a simple and straightforward policy, but it’s been annoying since Varnish releases in March and September, and Ubuntu LTS releases happen in April, so users could spend as long as 5 months without packages.
All that changed today! From now on, both a Varnish release and a Ubuntu/Debian LTS release will be triggers for our packaging pipelines. In short: you’ll get up-to-date Varnish packages very, very soon after your favorite distribution releases a new version.
And there’s more (to come)!
We are not done with packaging just yet, expect a new announcement in the coming weeks!
But before I let you go, let me remind you that Varnish 7.5 is also available via our official Docker image (in alpine
and debian
, of course), and also that you can tap into the ever growing collection of open-source vmods using install-vmod.
[1] Did I just tease the teaser? I believe I did, yes.