[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BeagleBone Black apt oddness

On Sun, Nov 10, 2013 at 10:15 AM, Robert Nelson wrote:

> It's one of my monthly release's.. Hides.

Your image contains SSH private keys, which means that everyone can do
MITM attacks against connections to machines running your image. It
also contains the dbus machine identifier and other machine-specific
things that should not be duplicated between instances.

In Debian we generally suggest people use d-i or debootstrap, for this
reason. Debian install methods don't yet support generating generic
images that can be installed on any host. Until this is solved I would
strongly suggest you point people at a script that runs debootstrap
instead.

At the very least you should generate multiple images, compare them,
remove the differing files and create a script that runs on first boot
to generate these files. Alternately, use debootstrap --foreign and
rely on how it runs all the postinst scripts on first boot.

> It's the latest release snapshot from the beagleboard.org kernel release..

Is this code upstreamed yet? It would be great to be able to switch to
armmp more.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
Reply to: