Bug#790565: pbuilder: support https in MIRRORSITE detection
Michael Prokop
mika at debian.org
Fri Jul 3 08:39:52 UTC 2015
* Mattia Rizzolo [Fri Jul 03, 2015 at 07:44:19AM +0000]:
> On Tue, Jun 30, 2015 at 10:54:18AM +0200, Michael Prokop wrote:
> > pbuilder fails to detect MIRRORSITE if /etc/apt/sources.list
> > includes only https entries.
> > Patch attached.
> Well, that's not enough.
> I haven't tried, by I'd say having https lines in /etc/apt/sources.list
> requires apt-transport-https.
Yes, apt-transport-https is indeed needed and that's what I'm doing
to set up the build envs:
| /usr/sbin/cowbuilder --create [,,,] --debootstrapopts --include=apt-transport-https,ca-certificates
ca-certificates isn't explicitely needed because it seems to be
pulled in anyway, but maybe we should add it explicitely as well,
what do you think?
> I don't want to install apt-transport-https by default on chroots,
Which I can understand (though it's not nice that we throw so many
pitfalls to users that care about security, but that's related to
the issue of the separate apt-transport-https package as you noted).
> so if you really want https being automatically detected and used
> then you also want to add some conditional things that install
> apt-transport-https if needed.
Would it be an option to check for usage of https in $MIRRORSITE
in /usr/lib/pbuilder/pbuilder-createbuildenv and then extend the
--include=apt option with apt-transport-https accordingly?
> Then I've never understood why apt-transport-https is on a different package
> not in the main apt binary, but that's another story.
Yeah :-/
regards,
-mika-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20150703/bcbe6c18/attachment.sig>
More information about the Pbuilder-maint
mailing list