[Bug 1135163] Re: d-i can't install against an https mirror

Colin Watson cjwatson at canonical.com
Tue Feb 11 16:07:54 UTC 2014 

I looked into the debootstrap side of this, and thought about having
debootstrap install apt-transport-https if installing from an HTTPS
mirror.  (At the moment it observes that apt can't handle HTTPS by
itself and configures the end result to use an HTTP mirror, although it
does manage to do the actual bootstrap from HTTPS.)

The tricky bit here is that we'd also need to copy in any relevant
certificates.  With the work I've been doing recently
(https://lists.debian.org/debian-boot/2014/02/msg00084.html etc.), it's
possible to build d-i with the necessary certificates for your local
mirror, so they'll be in /usr/lib/ssl/certs/; we could just copy the
contents of that directory across.  On the other hand, if you're
debootstrapping from a full Unix system which just happens not to have
the Debian keyring installed, there might be quite a lot of certificates
in that directory, and we can't tell which is used.

To avoid this problem, I think it's best to handle the installation of
apt-transport-https and the certificate copying in base-installer
instead.  That way we know it's d-i-specific and that any certificates
we find are ones that the person who prepared the installation medium
explicitly wanted.

** Also affects: base-installer (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: base-installer (Ubuntu)
   Importance: Undecided => High

** Changed in: base-installer (Ubuntu)
       Status: New => In Progress

** Changed in: base-installer (Ubuntu)
     Assignee: (unassigned) => Colin Watson (cjwatson)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-installer in Ubuntu.
https://bugs.launchpad.net/bugs/1135163

Title:
  d-i can't install against an https mirror

Status in “base-installer” package in Ubuntu:
  In Progress
Status in “choose-mirror” package in Ubuntu:
  In Progress

Bug description:
  It happens that d-i uses the wget from busybox, and as a result, it
  can't install against an https mirror. This is clearly not intended
  behavior, because apt-config is able to deal with https. Perhaps there
  should be a wget udeb that includes the right bits to have ssl
  support, or alternatively, busybox should support it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-installer/+bug/1135163/+subscriptions

More information about the foundations-bugs mailing list