[elbe-devel] [PATCH v2 1/1] validate: Amend HTTPS mirror package check for buster

[Bastian Germann]

Am 09.12.20 um 11:28 schrieb Torben Hohn:
> On Tue, Nov 17, 2020 at 01:40:19PM +0100, bage at linutronix.de wrote:
>> From: Bastian Germann <bage at linutronix.de>
>>
>> apt-transport-https is not needed for HTTPS mirrors anymore with the initvm
>> switch to buster which happened over a year ago. This has an apt version
>> that has HTTPS support built-in. However, it needs ca-certificates (or a
>> manually installed certificate) for the certificate validation.
>>
>> Amend the check to give that advise to users.
>>
>> Signed-off-by: Bastian Germann <bage at linutronix.de>
> 
> would be better if, it decided based in the target distro.
> 
> this way, it would not complain, after upgrading from a stretch xml
> with apt-transport-https to buster.
> 
> the check would succeed.

The check succeeds in that case. Only if neither apt-transport-https nor 
ca-certificates is available in the includepkgs, the URLs are checked.

This is already much of a condition party here, so I am quite reluctant 
to add one more...

> 
>> ---
>>   elbepack/validate.py | 8 +++++---
>>   1 file changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/elbepack/validate.py b/elbepack/validate.py
>> index c1e5c771b..e4dc7e7a2 100644
>> --- a/elbepack/validate.py
>> +++ b/elbepack/validate.py
>> @@ -77,15 +77,17 @@ def validate_xml_content(xml):
>>   
>>       if (not https
>>           and (dbsv is None
>> -             or "apt-transport-https" not in dbsv.get("includepkgs", ""))):
>> +             or ("apt-transport-https" not in dbsv.get("includepkgs", "")
>> +             and "ca-certificates" not in dbsv.get("includepkgs", "")))):
>>           for url in xml.findall("/project/mirror/url-list/url"):
>>               b = url.findtext("binary", "")
>>               s = url.findtext("source", "")
>>               if b.startswith("https") or s.startswith("https"):
>>                   errors.append("\nThe XML contains an HTTPS mirror. "
>>                                 "Use debootstrapvariant's attribute includepkgs "
>> -                              "to make apt-transport-https available in "
>> -                              "debootstrap.\n")
>> +                              "to make apt-transport-https (stretch and older) "
>> +                              "or ca-certificates (buster and newer) available "
>> +                              "in debootstrap.\n")
>>                   break
>>   
>>       return errors
>> -- 
>> 2.29.2
>>
>> _______________________________________________
>> elbe-devel mailing list
>> elbe-devel at linutronix.de
>> https://lists.linutronix.de/mailman/listinfo/elbe-devel
>