[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366715: installation-report: Installer gets stuck if it can't access security.debian.org

John Winters wrote:
> I'm trying to use the Debian Installer etch beta 2 to install systems
> within a fairly tightly firewalled network.
> Although the installer prompts to ask what repository it should use for
> the main packages it then tries to use a hard-coded source (presumably
> security.debian.org) to check for security updates, without first
> seeking permission to do this or guidance on how to do it.
> In our network, this fails (slowly) because all direct outgoing http requests
> are dropped at the firewall.  After a significant delay a message
> appears explaining what has happened and offering the option to continue
> (it advises that the problem should be investigated and corrected
> later).  If one then selects the "Continue" button, nothing further
> happens.  The installation process does not move on and there's no way
> to get back to the menu.

You need to wait for it to time out a second time. This problem has
already been fixed in apt-setup 0.10 unstable, which will only have the
first timeout and not the second.

> 1) Ask before attempting to get security updates.  (Obviously default to
> yes).

There's no good reason to ask. If the machine is network connected it
should make every possible effort to use security updates, doing
anything else is asking to be insecure.

If you really want to disable it, you can preseed
apt-setup/security_host to an empty string, as documented in the
installation manual.

> 2) Ask where to get them from.  I have a local copy of them but there
> seems to be no way to tell the installer to use this local copy.

apt-setup/security_host can be used to override this.
However, the security team doesn't like mirrors of security.debian.org,
and asking that kind of question in any regular install is counter to
our UI guidelines. We try to avoid asking questions when there's a
default that will work for 99.99% of users.

> 3) Ask for proxy information.  This can (and in our case does) differ
> from the proxy information needed to access the main package repository.
> Obviously again - default to the same proxy information as previously
> entered.

While it seems that apt might support per-host proxy settings, I think
you'd be better off fixing your network. I doubt that anyone else will
ever have such a setup, but we do accept patches...

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: