[Bug 1135163] Re: d-i can't install against an https mirror

Micheal Waltz ecliptik at gmail.com
Fri Mar 21 00:00:56 UTC 2014 

Colin, thank you very much for your work on this issue and I'm currently
testing https installs in our environment now. I had a question on how
to properly set the installer to use a https mirror. The installer PXE
configuration line I'm using is:

KERNEL pxelinux.cfg/kernel
APPEND append initrd=pxelinux.cfg/initrd.img vga=normal fb=false auto=true priority=critical auto-install/enable=true debian-installer/allow_unauthenticated_ssl=true url=https://buildhost/trusty/preseed.cfg.pl media=https://buildhost/Ubuntu-14.04-amd64/

These are the stock kernel and initrd available for Ubuntu 14.04, and
it's hitting a nightly sync'd mirror that's available on
https://buildhost/Ubuntu-14.04-amd64/. This site has a self-signed
certificate, which debian-installer/allow_unauthenticated_ssl=true
allows us to download and use the preseed.cfg.pl over https.

The base-install of packages still uses http however, which I can see by
looking at the web server logs. I've tried the following based off of
your Debian list emails (https://lists.debian.org/debian-
boot/2014/02/msg00084.html):

1. Adding mirror/protocol=https in the append line, this results in the install prompting for a mirror
2. Adding debian-installer/mirror/protocol=https to the append line, this installs, but still goes over http
3. Adding d-i mirror/protocol string https in the preseed file, this has the same result as 1

I tried digging through the documentation for base-installer,
debootstrap, and debian-installer, but other than the emails on the
Debian list and change log entries, I couldn't find the exact syntax or
place to tell the installer to use https for our custom mirror.

This is possible, and if so could you provide the needed syntax in order
for packages to go over https as well? Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-installer in Ubuntu.
https://bugs.launchpad.net/bugs/1135163

Title:
  d-i can't install against an https mirror

Status in “apt-setup” package in Ubuntu:
  Fix Released
Status in “base-installer” package in Ubuntu:
  Fix Released
Status in “choose-mirror” package in Ubuntu:
  Fix Released
Status in “debootstrap” package in Ubuntu:
  Fix Released

Bug description:
  It happens that d-i uses the wget from busybox, and as a result, it
  can't install against an https mirror. This is clearly not intended
  behavior, because apt-config is able to deal with https. Perhaps there
  should be a wget udeb that includes the right bits to have ssl
  support, or alternatively, busybox should support it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1135163/+subscriptions

More information about the foundations-bugs mailing list