Ubuntu Server downloading updates from strange mirror I do not recognize

Support and Help
,
1

Hi all

Ubuntu Version: Ubuntu Server 24.04

Desktop Environment (if applicable): None, just normal text based Ubuntu Server.

Problem Description:
I have an Ubuntu Server VM that I host NextCloud in using the NextCloud snap. I was going to update it, so I did “apt update” and then “apt upgrade”. There was one update: linux-firmware

But I noticed it wasn’t downloading from a mirror I recognize. This was what it said:
Get:1 h t t p://laotzu.ftp.acc.umu.se/ubuntu noble-updates/main amd64 linux-firmware amd64 20240318.git3b128b60-0ubuntu2.26 [634 MB]

This is the mirror: h t t p://laotzu.ftp.acc.umu.se

When I tried updating another VM with Ubuntu Studio it didn’t download from that mirror. However, when I tried on another Ubuntu Server VM (yes, I have several, I like VMs) it did and also got other packages (specifically linux-modules and linux-modules-extra) from:
h t t p://gemmei.ftp.acc.umu.se
h t t p://saimei.ftp.acc.umu.se

So I guess I just want to verify that his mirror is legit and not a sign of anything malicious? Is it normal to get updates from mirrors like that?

Also, I read a lot about IT security and recently there has been an uptick in supply chain attacks, so I get easily spooked! I’m like 90% sure I’m just overreacting, just want to be sure. Are these mirrors ok? Nothing suspicious going on?

Relevant System Information:
Nothing special, though I have enabled Ubuntu Pro on it. Apart from that it’s just an Ubuntu Server 24.04 with the NextCloud snap installed.

I have no PPAs or anything like that.

Screenshots or Error Messages:
This is the full output of apt upgrade before I stopped it (apart from inserting spaces into http to stop Discourse from thinking it’s a link):

Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Calculating upgrade… Done
The following upgrades have been deferred due to phasing:
apparmor libapparmor1 ubuntu-drivers-common
The following packages will be upgraded:
linux-firmware
1 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 634 MB of archives.
After this operation, 73.5 MB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 h t t p://laotzu.ftp.acc.umu.se/ubuntu noble-updates/main amd64 linux-firmware amd64 20240318.git3b128b60-0ubuntu2.26 [634 MB]
20% [1 linux-firmware 155 MB/634 MB 24%] 19.0 MB/s 25s^C

What I’ve Tried:
I googled it and had a hard time finding information. Unfortunately, I’m really bad at googling. Got those AI answers, one said it was fine, another said it wasn’t normal, but I’d like answers from a human.

2

this is the Umea University in Sweden. https://www.umu.se/en/
If a mirror does not work, it might point to another mirror.

List your /etc/apt/sources.list.d/ubuntu.sources .

URIs: http://us.archive.ubuntu.com/ubuntu/
URIs: http://security.ubuntu.com/ubuntu/

You should use those URI (country code may be different).

3

Ok. If it’s Umeå University, does that mean it’s a legit mirror? Or is there anything suspicious going on? That’s the most important thing for me to figure out since I don’t want my home server to be compromised or something (I’m sure it’s not, but better safe than sorry).

This is the content of the /etc/apt/sources.list.d/ubuntu.sources file:

http://se.archive.ubuntu.com/ubuntu/
http://security.ubuntu.com/ubuntu/

Also, in case it matters, I didn’t change anything in any of the files under /etc/apt/sources.list.d. It used those mirrors by itself without me configuring anything.

4

I assume you are in Sweden so you use mirrors closer to you. Emea Uni is legit.

During install, you set your location to Sweden so ubuntu set the URIs to se.*

5

This is may help explain it better:

$ dig se.archive.ubuntu.com

; <<>> DiG 9.18.39-0ubuntu0.24.04.3-Ubuntu <<>> se.archive.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42942
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;se.archive.ubuntu.com.         IN      A

;; ANSWER SECTION:
se.archive.ubuntu.com.  372     IN      CNAME   ftp.acc.umu.se.
ftp.acc.umu.se.         372     IN      A       194.71.11.165
ftp.acc.umu.se.         372     IN      A       194.71.11.173

;; Query time: 632 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Apr 13 22:18:56 CEST 2026
;; MSG SIZE  rcvd: 110

As you can see, se.archive.ubuntu.com is just a CNAME (canonical name) record pointing to ftp.acc.umu.se, which is Umea University, as @pavlos pointed out already.

Plus, unless you or some rogue 3rd party changed the APT key ring, there is nothing to worry about, because all packages are signed and validated before installing them. See apt-secure(8) for details.

1 Like
6

Out of interest I tried gemmei.ftp.acc.umu.se in the browser and got redirected to mirror.accum.se which mentions that the academic computer club of Umeå is in the process of migrating from acc.um.se to accum.se (without the period between c and u). The redirection you encounter might be part of that process.

2 Likes
7

The up-to-date list of legit mirrors is on Launchpad: Mirrors : Ubuntu

If your mirror is on that list, then it’s legit.

5 Likes
8

Thanks, and yeah, I’m in Sweden. Guess it’s nothing to worry about then. Maybe I should listen a bit less to stuff about hacks going on in the world, it’s making me paranoid.

Sorry for the late reply, I’ve been busy the last few days. A bit slow with responding online because of it.

9

I checked and it’s there. Thanks.

1 Like
10

Ok, thanks! I didn’t know about dig so this was very interesting.

11

Sounds plausible. I think I saw a note about that as well somewhere.

12

This topic was automatically closed after 30 days. New replies are no longer allowed.