PoP is a secure, air-gapped solution designed to deliver Ubuntu Pro services in isolated environments. It enables enterprises to bring the full power of Ubuntu Pro to networks without direct internet access, ensuring critical security updates and certified packages are available.

• Air-gapped Ubuntu Pro: Deploy Ubuntu Pro services without internet connectivity
• Resource Token Management: Efficient handling of Ubuntu Pro entitlements
• Security Package Mirroring: Offline access to ESM (Extended Security Maintenance) packages
• Automated Configuration: Simple deployment with minimal manual intervention
• Web Dashboard: Monitor entitlements, repository status, and system health
• Build Templates: Ready-to-use templates for VMs, containers, and snaps
• Snap Proxy Integration: Offline snap package management
• Reconfiguration Support: Update contract tokens without reinstallation
• FIPS Compliance: Built-in FIPS mode for VM deployments
• Size Estimation: Preview mirror size before downloading
• Production Mode: Configure services to start automatically at boot

PoP has been redesigned with a modular architecture for improved maintainability, testability, and extensibility. The codebase is organized into logical modules:

pop/
├── config/     # Configuration handling
├── core/       # Contract and auth management
├── mirror/     # Repository configuration
├── web/        # Web UI and server configuration
├── builds/     # Build template generation
├── services/   # Service management
└── utils/      # Common utilities

This architecture allows for easier development, better testing, and simplified extension with new features.

• Ubuntu 20.04 LTS (Focal) or later
• Valid Ubuntu Pro token
• Administrative (sudo) privileges
• Minimum 20GB of free disk space (more recommended for package mirroring)
• 4GB RAM or more

# Clone the repository
git clone https://github.com/ThinGuy/pop.git
cd pop

# Install the package
sudo pip install -e .

# Run PoP with your token
sudo pop --token YOUR_TOKEN

# Full installation with custom settings
sudo pop \
  --token YOUR_TOKEN \
  --dir /path/to/pop \
  --release jammy \
  --arch amd64,arm64 \
  --entitlements infra,apps,fips,cis \
  --include-source \
  --mirror-host pop.internal \
  --mirror-port 80 \
  --generate-web-ui \
  --estimate-size \
  --verbose

sudo pop --token YOUR_TOKEN

sudo pop --token YOUR_TOKEN --arch amd64,arm64,s390x

sudo pop --token YOUR_TOKEN --create-build-map

sudo pop --token NEW_TOKEN --reconfigure

sudo pop --token YOUR_TOKEN --mirror-host pop.example.com

sudo pop --token YOUR_TOKEN --estimate-size

sudo pop \
  --token YOUR_TOKEN \
  --generate-web-ui \
  --create-build-map \
  --mirror-host air-gap.internal \
  --estimate-size

sudo pop \
  --token YOUR_TOKEN \
  --generate-web-ui \
  --setup-apache \
  --production \
  --run-apt-mirror

Comprehensive documentation is available in the docs/ directory:

• Architecture Overview
• Installation Guide
• User Guide
• Module Documentation
• Troubleshooting Guide
• Migration Guide (from monolithic to modular)
• Development Guide
• Systemd Services

When enabled with --generate-web-ui, PoP creates a web interface accessible at:

http://your-server-ip/

The dashboard provides:

• Overview: Mirror status, entitlement counts, and disk usage
• Entitlements: List of available Ubuntu Pro entitlements
• Mirror Status: Repository details and synchronization information

For environments requiring FIPS-validated cryptographic modules:

1. Include the fips entitlement:

   sudo pop --token YOUR_TOKEN --entitlements infra,apps,fips,fips-updates

2. Use the VM build templates which include the required fips=1 kernel parameter:

   sudo pop --token YOUR_TOKEN --create-build-map --build-types vm

For production environments, PoP can configure systemd services to ensure all components start automatically at boot time:

1. Configure with production flag:

   sudo pop --token YOUR_TOKEN --setup-apache --generate-web-ui --production

2. This creates and enables:

   • Contract server service (pop-contracts)
   • Web server services (Apache and/or Nginx)
   • Mirror update timer (pop-mirror.timer)

3. Manage services with standard systemd commands:

   sudo systemctl status pop-contracts
   sudo systemctl status apache2
   sudo systemctl status nginx
   sudo systemctl status pop-mirror.timer

See Systemd Services for detailed documentation.

1. Add the repository:

echo "deb http://pop-server/mirror/esm.ubuntu.com/infra/ubuntu jammy main" | sudo tee /etc/apt/sources.list.d/ubuntu-pop.list

2. Add the authentication:

# Copy from PoP server
sudo scp pop-server:/srv/pop/etc/apt/auth.conf.d/91ubuntu-pro /etc/apt/auth.conf.d/
sudo scp -r pop-server:/srv/pop/etc/apt/trusted.gpg.d/* /etc/apt/trusted.gpg.d/

3. Update package lists:

sudo apt update

Contributions are welcome! Please see DEVELOPMENT.md for guidelines on contributing to the project.

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

• The Ubuntu Pro team at Canonical
• Contributors to the air-gapped Ubuntu Pro technologies