Jérémy Bobbio wrote:
> I had though about this for quite some time now, but it was not doable
> securely before the introduction of apt-key...
>
> Use cases:
> * Lunar frequently reinstall computers from his network
> (.tanneries.taz) where there is a local Debian mirror/apt-proxy.
> Now that he had set up a debian.tanneries.taz host, he does not even
> need to enter the hostname manually during the installation.
> * A LUG is having an "install party". Instead of having to hack the
> whole DNS system to make a better use of the bandwidth, they just
> give the name "debian.<localdomain>" to their local mirror before the
> party and... job's done.
>
> Maybe a static host is not the best option, and introducing
> zeroconf/mdns would be better. But I would really like to have a way to
> automatically select a mirror or proxy on the local network...
>
> I know that it can be done through preseeding, using DHCP, but that
> sound too much like overulling for the install party use case...
>
> What do you think?
Have to say I don't like the idea:
* dhcp preseeding can do it, so another way to do the same thing is
only useful if you're lazy or on a network you don't fully control[1].
* auto-install offers a second way to do it, by making d-i download a
preseed file from a predetermined location when booted with "auto".
* I'm sure there are many many machines out there that happen to be
named "debian"[0]. Some dhcp servers allow machines to push their
hostname into the DNS. When d-i then tries to use such a machine as a
mirror and fails, breaking a previously working install, network admins
everywhere will hate us.
* Dealing with the case where there's a "debian" machine on the network
that doesn't have a valid mirror will complicate choose-mirror.
* Even worse, what if d-i tries to use debian.domain, and succeeds? Note
that d-i disables the gpg date checking that apt normally uses[2] to
detect stale mirrors. It also doesn't implement such date checking in
net-retriever. So, if someone wanted to bring up a machine named
"debian" that happens to contain a stale debian mirror with an
exploitable package on it, they could watch installs happen, and go
root them. From inside the firewall, and without poisoning the DNS, or
exploiting a "real" Debian mirror.
--
see shy jo
[0] "debian" is, after all, the fallback default hostname in netcfg...
[1] Not being able to configure your dhcp server to use dhcp preseeding
means you don't control your network. Even if you own all the
hardware. :-)
[2] We may want to reconsider this now that we have NTP.
Attachment:
signature.asc
Description: Digital signature