Jérémy Bobbio wrote: > I had though about this for quite some time now, but it was not doable > securely before the introduction of apt-key... > > Use cases: > * Lunar frequently reinstall computers from his network > (.tanneries.taz) where there is a local Debian mirror/apt-proxy. > Now that he had set up a debian.tanneries.taz host, he does not even > need to enter the hostname manually during the installation. > * A LUG is having an "install party". Instead of having to hack the > whole DNS system to make a better use of the bandwidth, they just > give the name "debian.<localdomain>" to their local mirror before the > party and... job's done. > > Maybe a static host is not the best option, and introducing > zeroconf/mdns would be better. But I would really like to have a way to > automatically select a mirror or proxy on the local network... > > I know that it can be done through preseeding, using DHCP, but that > sound too much like overulling for the install party use case... > > What do you think?
Have to say I don't like the idea:
* dhcp preseeding can do it, so another way to do the same thing is
only useful if you're lazy or on a network you don't fully control[1].
* auto-install offers a second way to do it, by making d-i download a
preseed file from a predetermined location when booted with "auto".
* I'm sure there are many many machines out there that happen to be
named "debian"[0]. Some dhcp servers allow machines to push their
hostname into the DNS. When d-i then tries to use such a machine as a
mirror and fails, breaking a previously working install, network admins
everywhere will hate us.
* Dealing with the case where there's a "debian" machine on the network
that doesn't have a valid mirror will complicate choose-mirror.
* Even worse, what if d-i tries to use debian.domain, and succeeds? Note
that d-i disables the gpg date checking that apt normally uses[2] to
detect stale mirrors. It also doesn't implement such date checking in
net-retriever. So, if someone wanted to bring up a machine named
"debian" that happens to contain a stale debian mirror with an
exploitable package on it, they could watch installs happen, and go
root them. From inside the firewall, and without poisoning the DNS, or
exploiting a "real" Debian mirror.
--
see shy jo
[0] "debian" is, after all, the fallback default hostname in netcfg...
[1] Not being able to configure your dhcp server to use dhcp preseeding
means you don't control your network. Even if you own all the
hardware. :-)
[2] We may want to reconsider this now that we have NTP.
signature.asc
Description: Digital signature
