[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#842040: Please add https support


On Sunday, 20 November 2016 16:49:57 CET Philipp Kern wrote:
> On 2016-11-20 12:10, Julien Cristau wrote:
> > I think until there's a ca-certificates-udeb, adding wget for https in
> > all images isn't reasonable, vs google rebuilding d-i with added wget
> > and the PEM bits you need.  I guess ca-certificates-udeb would need
> > some way to preseed a list of trusted CAs.
> The problem with rebuilding d-i is that you can't really do it from the
> source package in unstable, you need to do it from the VCS.
> It boils down to the question if it's useful beyond just us. :)

FWIW, at work we've also had the need of https (and ftps) support in d-i for 
retrieving preseeds and some other files plus uploading a few logs.

Given the need of ftps we've switched from the then-proposed wget-udeb to a 
curl-based one (#839707). It is more flexible and future-proof, all in all.

As for the certificates, we don't use ca-certificates at all, we use a $company 

The above is just a part of what we end up injecting into d-i. So even though 
adding something like the curl udebs would come handy, at this point we still 
need to build a custom media.

Just my two cents, and not on behalf of my employer.

Raphael Geissert

Reply to: