John Winters wrote: > I'm trying to use the Debian Installer etch beta 2 to install systems > within a fairly tightly firewalled network. > > Although the installer prompts to ask what repository it should use for > the main packages it then tries to use a hard-coded source (presumably > security.debian.org) to check for security updates, without first > seeking permission to do this or guidance on how to do it. > > In our network, this fails (slowly) because all direct outgoing http requests > are dropped at the firewall. After a significant delay a message > appears explaining what has happened and offering the option to continue > (it advises that the problem should be investigated and corrected > later). If one then selects the "Continue" button, nothing further > happens. The installation process does not move on and there's no way > to get back to the menu.
You need to wait for it to time out a second time. This problem has already been fixed in apt-setup 0.10 unstable, which will only have the first timeout and not the second. > 1) Ask before attempting to get security updates. (Obviously default to > yes). There's no good reason to ask. If the machine is network connected it should make every possible effort to use security updates, doing anything else is asking to be insecure. If you really want to disable it, you can preseed apt-setup/security_host to an empty string, as documented in the installation manual. > 2) Ask where to get them from. I have a local copy of them but there > seems to be no way to tell the installer to use this local copy. apt-setup/security_host can be used to override this. However, the security team doesn't like mirrors of security.debian.org, and asking that kind of question in any regular install is counter to our UI guidelines. We try to avoid asking questions when there's a default that will work for 99.99% of users. > 3) Ask for proxy information. This can (and in our case does) differ > from the proxy information needed to access the main package repository. > Obviously again - default to the same proxy information as previously > entered. While it seems that apt might support per-host proxy settings, I think you'd be better off fixing your network. I doubt that anyone else will ever have such a setup, but we do accept patches... -- see shy jo
signature.asc
Description: Digital signature
