How to create a local mirror of the Symantec Endpoint Protection (SEP) Linux repository

SEP 14.3 RU1 and newer on Linux

A local mirror of the SEP Linux repository may be desired when installing and updating SEP Linux Agent on machines that do not have connections to the internet.

Mirroring the repository

All you need is a Linux shell command line (bash, et al) connected to internet. This could be a physical Linux machine, or virtual machine (e.g. Windows Subsystem for Linux), or even the Cygwin Terminal for Windows. The lines of shell script below will mirror the entire 14.3 RU5 repository into the current working directory (assumed to be /path/to/mirror/ for the examples here). 

cd /path/to/mirror (move to the intended folder)
repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1
wget -q -x -N -nH -i $repo/latest.txt

Note that the /SAL/1.1 suffix is used in the examples on this page — Symantec Agent for Linux v1.1. This is the repository branch for SEP 14.3 RU5. Be sure to change this if you want to mirror a different version. The Symantec repository branches have the following suffixes:

SEP 14.3 RU1 thru RU3:
/sep_linux/14.3RU1
/sep_linux/14.3RU2
/sep_linux/14.3RU3

SEP 14.3 RU4:
/SAL/1.0

SEP 14.3 RU5:
/SAL/1.1

SEP 14.3 RU6:
/SAL/1.2

SEP 14.3 RU8:
/SAL/1.3

If you want to mirror only part of the Symantec repository, e.g. only the folder for for RHEL 8.x, you can filter the mirroring by Linux distribution identifier:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1
wget -q -x -N -nH $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep rhel8`)

The currently supported distribution Linux identifiers are:

amazonlinux
amazonlinux2
debian9
debian10
rhel6
rhel7
rhel8
rhel9
sles11
sles12
sles15
ubuntu14
ubuntu16
ubuntu18
ubuntu20
ubuntu22

This repository mirror can be copied or shared as a file folder or served up by an FTP or web server. How to do this is left as an exercise for the customer.

IMPORTANT: If you plan on using this mirror for installing for cloud-managed systems on Ubuntu or Debian, you need to run the following command to make the metadata available:

find /path/to/mirror/* -type d -name sep_linux | xargs -i{} ln -sf "{}" "{}_cdm"

If using Cygwin, the Windows CYGWIN environment variable should be set to winsymlinks:nativestrict for the link command above to create proper NTFS symlinks.

Just the packages, please

If you want only the *.rpm packages downloaded to the current working directory and don't want to duplicate the rest of the repo structure, then filter on Linux distribution identifier and package name:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1
wget -q $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep rhel8.*rpm`)

... or for *.deb packages, e.g. Ubuntu18:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1
wget -q $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep ubuntu18.*deb`)

The packages for Linux distribution(s) can be manually combined with the unzipped LinuxInstaller stub to create an offline installer as described in Creating an offline installation package for the Endpoint Protection Linux Agent.

Using the SEP LinuxInstaller command with a local repository

Use the -h (--local-repo) option. 

To install SEP Linux Agent and configure it to use a local repository mirror in a local folder or file share: 

./LinuxInstaller -- -h file:///path/to/mirror/SAL/1.1/

NOTE the triple backslash in example above is not a typo; that is how a local folder reference is formatted.

To install SEP Linux Agent using a repository mirror shared by a HTTPS web server:

./LinuxInstaller -- -h https://path/to/mirror/SAL/1.1/

NOTE the repository folder version referenced— /SAL/1.1/ for SEP 14.3 RU5 in installer command line examples above— must also match the version of LinuxInstaller otherwise it will return "No packages found that need update" - e.g. if LinuxInstaller version is 14.3 RU2, then use the 14.3 RU2 branch name (/sep_linux/14.3RU2/) in repository URL.