Hi, On Sunday, 20 November 2016 16:49:57 CET Philipp Kern wrote: > On 2016-11-20 12:10, Julien Cristau wrote: > > I think until there's a ca-certificates-udeb, adding wget for https in > > all images isn't reasonable, vs google rebuilding d-i with added wget > > and the PEM bits you need. I guess ca-certificates-udeb would need > > some way to preseed a list of trusted CAs. [...] > The problem with rebuilding d-i is that you can't really do it from the > source package in unstable, you need to do it from the VCS. > > It boils down to the question if it's useful beyond just us. :)
FWIW, at work we've also had the need of https (and ftps) support in d-i for retrieving preseeds and some other files plus uploading a few logs. Given the need of ftps we've switched from the then-proposed wget-udeb to a curl-based one (#839707). It is more flexible and future-proof, all in all. As for the certificates, we don't use ca-certificates at all, we use a $company CA. The above is just a part of what we end up injecting into d-i. So even though adding something like the curl udebs would come handy, at this point we still need to build a custom media. Just my two cents, and not on behalf of my employer. Cheers, -- Raphael Geissert
