Bug#842040: Please add https support
On Sunday, 20 November 2016 16:49:57 CET Philipp Kern wrote:
> On 2016-11-20 12:10, Julien Cristau wrote:
> > I think until there's a ca-certificates-udeb, adding wget for https in
> > all images isn't reasonable, vs google rebuilding d-i with added wget
> > and the PEM bits you need. I guess ca-certificates-udeb would need
> > some way to preseed a list of trusted CAs.
> The problem with rebuilding d-i is that you can't really do it from the
> source package in unstable, you need to do it from the VCS.
> It boils down to the question if it's useful beyond just us. :)
FWIW, at work we've also had the need of https (and ftps) support in d-i for
retrieving preseeds and some other files plus uploading a few logs.
Given the need of ftps we've switched from the then-proposed wget-udeb to a
curl-based one (#839707). It is more flexible and future-proof, all in all.
As for the certificates, we don't use ca-certificates at all, we use a $company
The above is just a part of what we end up injecting into d-i. So even though
adding something like the curl udebs would come handy, at this point we still
need to build a custom media.
Just my two cents, and not on behalf of my employer.