CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2017/01/09 12:42:32
Modified files:
distrib/miniroot: install.sub
Log message:
Use a verified list of distribution set files extracted from
the SHA256.sig file which is signed by the OpenBSD project.
Deny the use of mirror servers where the verification fails.
Site specifc sets (siteXX.tgz and siteXX-hostname.tgz) or self
compiled sets in local setups are still supported by using the
index.txt file. Files listed in SHA256.sig override any file
listed in index.txt.
Support http://server and https://server as answers to the
"HTTP Server?" question. This allows a user to control the
logic used to download the set files on architectures that
have tls support for ftp(1).
'server' --> Use https for the sets download. If the server
does not support https, fall back to http but only after
user confirmation.
'https://server'--> Use https only for the sets download.
'http://server' --> Use http only for the sets download.
NOTE: If the autoinstall(8) feature is used, the installer
aborts the installation or upgrade in the following cases:
- a mirror server provides an invalid SHA256.sig file
- 'server' is used, https fails and the question to confirm
the fallback to http is not answered in the response file.
- 'https://server' is used but ftp(1) has no tls support.
- 'https://server' is used but not supported by the server.
Suggested by, in joint work with and OK deraadt@
Feedback, testing and OK tb@
positive feedback halex@ for the http/https part
