[elbe-devel] [PATCH v2 1/1] validate: Amend HTTPS mirror package check for buster
Torben Hohn
torben.hohn at linutronix.de
Wed Feb 10 11:48:53 CET 2021
On Mon, Jan 25, 2021 at 11:35:31PM +0100, Bastian Germann wrote:
> Am 09.12.20 um 11:28 schrieb Torben Hohn:
> > On Tue, Nov 17, 2020 at 01:40:19PM +0100, bage at linutronix.de wrote:
> > > From: Bastian Germann <bage at linutronix.de>
> > >
> > > apt-transport-https is not needed for HTTPS mirrors anymore with the initvm
> > > switch to buster which happened over a year ago. This has an apt version
> > > that has HTTPS support built-in. However, it needs ca-certificates (or a
> > > manually installed certificate) for the certificate validation.
> > >
> > > Amend the check to give that advise to users.
> > >
> > > Signed-off-by: Bastian Germann <bage at linutronix.de>
> >
> > would be better if, it decided based in the target distro.
> >
> > this way, it would not complain, after upgrading from a stretch xml
> > with apt-transport-https to buster.
> >
> > the check would succeed.
>
> The check succeeds in that case. Only if neither apt-transport-https nor
> ca-certificates is available in the includepkgs, the URLs are checked.
>
> This is already much of a condition party here, so I am quite reluctant to
> add one more...
oh well...
Acked-by: Torben Hohn <torben.hohn at linutronix.de>
>
> >
> > > ---
> > > elbepack/validate.py | 8 +++++---
> > > 1 file changed, 5 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/elbepack/validate.py b/elbepack/validate.py
> > > index c1e5c771b..e4dc7e7a2 100644
> > > --- a/elbepack/validate.py
> > > +++ b/elbepack/validate.py
> > > @@ -77,15 +77,17 @@ def validate_xml_content(xml):
> > > if (not https
> > > and (dbsv is None
> > > - or "apt-transport-https" not in dbsv.get("includepkgs", ""))):
> > > + or ("apt-transport-https" not in dbsv.get("includepkgs", "")
> > > + and "ca-certificates" not in dbsv.get("includepkgs", "")))):
> > > for url in xml.findall("/project/mirror/url-list/url"):
> > > b = url.findtext("binary", "")
> > > s = url.findtext("source", "")
> > > if b.startswith("https") or s.startswith("https"):
> > > errors.append("\nThe XML contains an HTTPS mirror. "
> > > "Use debootstrapvariant's attribute includepkgs "
> > > - "to make apt-transport-https available in "
> > > - "debootstrap.\n")
> > > + "to make apt-transport-https (stretch and older) "
> > > + "or ca-certificates (buster and newer) available "
> > > + "in debootstrap.\n")
> > > break
> > > return errors
> > > --
> > > 2.29.2
> > >
> > > _______________________________________________
> > > elbe-devel mailing list
> > > elbe-devel at linutronix.de
> > > https://lists.linutronix.de/mailman/listinfo/elbe-devel
> >
> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel
--
Torben Hohn
Linutronix GmbH | Bahnhofstrasse 3 | D-88690 Uhldingen-Mühlhofen
Phone: +49 7556 25 999 18; Fax.: +49 7556 25 999 99
Hinweise zum Datenschutz finden Sie hier (Informations on data privacy
can be found here): https://linutronix.de/kontakt/Datenschutz.php
Linutronix GmbH | Firmensitz (Registered Office): Uhldingen-Mühlhofen |
Registergericht (Registration Court): Amtsgericht Freiburg i.Br., HRB700
806 | Geschäftsführer (Managing Directors): Heinz Egger, Thomas Gleixner
More information about the elbe-devel
mailing list