[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#860467: apt-setup https protocol support in generators/91security for security mirror

Package: apt-setup
Severity: normal

Dear Maintainer,

This observation resulted from working on a preseed configuration for a Ubuntu install, while attempting to use an internal security mirror we have for security.ubuntu.com.  This mirror uses https, which after much debugging/digging is not a supported protocol by apt-setup for security_host and security_path.

Currently in generators/91security there is a bit of hardcoding that forces this to use the http protocol.  There is no way to override this like with mirror/protocol.  Unfortunately we had to create a non-https mirror of security.ubuntu.com as a stop-gap result.

It would be nice if there was an equivalent way to set this protocol as mirror/protocol.  Preferably, this could be apt-setup/security_protocol to coincide with the existing parameters (secuirty_host and security_path).

Example proposed preseed:

    d-i apt-setup/services-select multiselect security
    d-i apt-setup/security_protocol string https
    d-i apt-setup/security_host string internal.mirror.net
    d-i apt-setup/security_path string /current/security.ubuntu.com/ubuntu

Example resulting security mirror:


This was also requested additionally per a conversation in #ubuntu-devel:

    [17:15] <xnox_> DPK_, there is one more key for protocol i think
    [17:15] <xnox_> but i can't remember if we ask that for security too, let me check quickly
    [17:16] <xnox_> (cause we support http, ftp, https)
    [17:17] == sergiusens [~sergiusen@] has quit [Remote host closed the connection]
    [17:17] <xnox_> DPK_, ha, we do not it is hardcoded to http
    [17:17] <xnox_> for the security
    [17:18] <xnox_> DPK_, i think you may need to apply sed to either generators/91security during install; or in the install hook; or post install.
    [17:18] <xnox_> DPK_, could you please open a bug report against apt-setup requesting to support apt-setup/security_protocol key?

-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-66-generic (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to: