[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Providing official virtualisation images of Debian

Le Tue, Jul 26, 2011 at 08:41:06PM -0400, Kyle Moffett a écrit :
> 
> My current work is here:
>   http://opensource.exmeritus.com/debian-ami/
> 
> Please report any success or problems!

Dear Kyle,

I am studying debian-installer and your procedure.  I see that in you patch for
network-console, the public keys provided by the user to the instance running
debian-installer are used not only for d-i's network console, but also copied
to the AMI in preparation.  I think that this would prevent to share the AMI
publicly, as explained in http://alestic.com/2011/06/ec2-ami-security
(authorized_keys).  Others often use a rc.local or an init.d script to install
user-provided public keys each time the instance is ran, like for instance:
https://github.com/camptocamp/ec2debian-build-ami/blob/master/init.d/ec2-get-credentials

This is actually one of the reasons why I was wondering if a package containing
such files would help to progress towrards a procedure to create AMIs using
only material distributed in Debian.

Have a nice week-end,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan
Reply to: