Jérémy Bobbio wrote: > I had though about this for quite some time now, but it was not doable > securely before the introduction of apt-key... > > Use cases: > * Lunar frequently reinstall computers from his network > (.tanneries.taz) where there is a local Debian mirror/apt-proxy. > Now that he had set up a debian.tanneries.taz host, he does not even > need to enter the hostname manually during the installation. > * A LUG is having an "install party". Instead of having to hack the > whole DNS system to make a better use of the bandwidth, they just > give the name "debian.<localdomain>" to their local mirror before the > party and... job's done. > > Maybe a static host is not the best option, and introducing > zeroconf/mdns would be better. But I would really like to have a way to > automatically select a mirror or proxy on the local network... > > I know that it can be done through preseeding, using DHCP, but that > sound too much like overulling for the install party use case... > > What do you think? Have to say I don't like the idea: * dhcp preseeding can do it, so another way to do the same thing is only useful if you're lazy or on a network you don't fully control[1]. * auto-install offers a second way to do it, by making d-i download a preseed file from a predetermined location when booted with "auto". * I'm sure there are many many machines out there that happen to be named "debian"[0]. Some dhcp servers allow machines to push their hostname into the DNS. When d-i then tries to use such a machine as a mirror and fails, breaking a previously working install, network admins everywhere will hate us. * Dealing with the case where there's a "debian" machine on the network that doesn't have a valid mirror will complicate choose-mirror. * Even worse, what if d-i tries to use debian.domain, and succeeds? Note that d-i disables the gpg date checking that apt normally uses[2] to detect stale mirrors. It also doesn't implement such date checking in net-retriever. So, if someone wanted to bring up a machine named "debian" that happens to contain a stale debian mirror with an exploitable package on it, they could watch installs happen, and go root them. From inside the firewall, and without poisoning the DNS, or exploiting a "real" Debian mirror. -- see shy jo [0] "debian" is, after all, the fallback default hostname in netcfg... [1] Not being able to configure your dhcp server to use dhcp preseeding means you don't control your network. Even if you own all the hardware. :-) [2] We may want to reconsider this now that we have NTP.
Attachment:
signature.asc
Description: Digital signature