[elbe-devel] [PATCH v2 1/1] validate: Amend HTTPS mirror package check for buster

[bage at linutronix.de]

From: Bastian Germann <bage at linutronix.de>

apt-transport-https is not needed for HTTPS mirrors anymore with the initvm
switch to buster which happened over a year ago. This has an apt version
that has HTTPS support built-in. However, it needs ca-certificates (or a
manually installed certificate) for the certificate validation.

Amend the check to give that advise to users.

Signed-off-by: Bastian Germann <bage at linutronix.de>
---
 elbepack/validate.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/elbepack/validate.py b/elbepack/validate.py
index c1e5c771b..e4dc7e7a2 100644
--- a/elbepack/validate.py
+++ b/elbepack/validate.py
@@ -77,15 +77,17 @@ def validate_xml_content(xml):
 
     if (not https
         and (dbsv is None
-             or "apt-transport-https" not in dbsv.get("includepkgs", ""))):
+             or ("apt-transport-https" not in dbsv.get("includepkgs", "")
+             and "ca-certificates" not in dbsv.get("includepkgs", "")))):
         for url in xml.findall("/project/mirror/url-list/url"):
             b = url.findtext("binary", "")
             s = url.findtext("source", "")
             if b.startswith("https") or s.startswith("https"):
                 errors.append("\nThe XML contains an HTTPS mirror. "
                               "Use debootstrapvariant's attribute includepkgs "
-                              "to make apt-transport-https available in "
-                              "debootstrap.\n")
+                              "to make apt-transport-https (stretch and older) "
+                              "or ca-certificates (buster and newer) available "
+                              "in debootstrap.\n")
                 break
 
     return errors
-- 
2.29.2