On 2018-12-07, Vagrant Cascadian wrote: > On 2018-10-20, Wolfgang Schweer wrote: >> Due to security concerns, file:/// repositories are no longer considered to >> be >> trusted by default. If a complete ISO image is used to install LTSP in >> offline >> mode, such a repository is actually present. Adding [trusted=yes] enables it. ... > Rather than hard-coding that file mirrors are always trusted, can't you > instead use: > > mirror='deb [trusted=yes] file:///some/file/path DIST COMPONENTS' > > There may be cases where file mirrors still may require verification.
Looks like this isn't going to work... $MIRROR is also passed directly to debootstrap, and so it would require the debootstrap plugin to process out the [trusted=yes] (and while at it, possibly other settings passed in this manner). I still think it's possible to have a file:/// url that is signed properly, so I'm hesitant to hard-code this... But it's also possible to have some mirrors include a file:/// url that's trusted and some that are not... so it needs to be specified on a per-mirror basis. I guess the thing to do would be for debootstrap to exclude [.*] from the mirror, and then pass "[trusted=yes other_arbitrary_options=X] file:/// ..." and then it would work quite generically. live well, vagrant
signature.asc
Description: PGP signature