Bug#891009: debootstrap: wrongly falls back to https://deb.debian.org when try to create Ubuntu chroot
This should be fixed in the next release. https://salsa.debian.org/installer-team/debootstrap/-/commit/7e5923030e331f466ec1b56d875b023a274e9220 OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#891009: debootstrap: wrongly falls back to https://deb.debian.org when try to create Ubuntu chroot
On Wed, 21 Feb 2018 22:31:02 +0900 Hideki Yamane wrote: > And, https assures only secure *connection*, not integrity of *contents* > as GPG does, so this behavior is not good, IMO. As I said above, what https ensures and gpg does is different, and "if there's no reliable keyring then fallback to https connection" behavior is not good. I suggest to remove this feature from debootstrap, do you have any idea for it? If so, please let me know it and why. -- Hideki Yamane
Bug#891009: debootstrap: wrongly falls back to https://deb.debian.org when try to create Ubuntu chroot
Package: debootstrap Severity: normal Vesrion: 1.0.56 Hi, If you try "debootstrap ", it automatically falls back to pre-defined HTTPS mirror. > keyring () { > if [ -z "$KEYRING" ]; then > if [ -e "$1" ]; then > KEYRING="$1" > elif [ -z "$DISABLE_KEYRING" ]; then > if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" > ] && [ -z "$FORCE_KEYRING" ]; then > info KEYRING "Keyring file not available at > %s; switching to https mirror %s" "$1" "$DEF_HTTPS_MIRROR" > USER_MIRROR="$DEF_HTTPS_MIRROR" > else But defined DEF_HTTPS_MIRROR is https://deb.debian.org, it fails with a bit wrong error message. > $ sudo debootstrap artful artful > I: Keyring file not available at > /usr/share/keyrings/ubuntu-archive-keyring.gpg; switching to https mirror > https://deb.debian.org/debian > I: Retrieving InRelease > I: Retrieving Release > E: Failed getting release file > https://deb.debian.org/debian/dists/artful/Release Expected behavior is - fails with just "Keyring file not available" error message - or falls back to Ubuntu https mirror. And, https assures only secure *connection*, not integrity of *contents* as GPG does, so this behavior is not good, IMO. -- Regards, Hideki Yamane henrich @ debian.org/iijmio-mail.jp