debian installer: allow unauthenticated local repository

2017-04-24 Thread Leroy Pubel 
I can allow all repositories to be unauthenticated during installation with
this preseed line:

"d-i debian-installer/allow_unauthenticated boolean true"

I add my local repo like this:

"d-i apt-setup/local0/repository string http://
local-ip stable testing"

Is there a way to only allow one particular repository to be
unauthenticated? I can do this on an installed system with "APT { Get {
AllowUnauthenticated "1"; }; };". I don't believe I can add that line to
the filesystem under '/target' in the installer because it isn't mounted
when the early command gets run and the late command would be run after
apt-setup is installed.



Thanks,
Le

Bug#843943: debian-cd: please mention the dinstall serial in a trace file

2017-04-24 Thread Steve McIntyre 
On Thu, Apr 13, 2017 at 02:43:24PM +0200, Cyril Brulebois wrote:
>Cyril Brulebois  (2016-11-11):
>> Since pettersson has a mirror with project/trace, which gives us access
>> to archive serial, it would be nice to have a look when the build starts
>> and to report this, maybe in a trace file alongside cdimage.debian.org?
>
>Here's a prospective and untested patch.
>
>ISTR we (ab)use cronjob.weekly for release builds, but feel free to
>test/adjust before pushing to the repository.

Looks good (ish!) The code's fine, but I'll move it to the setup.git
repo. The code in debian-cd/contrib is just a convenience copy for
publishing what we do in the package.

>> Also, as as side question, do we prevent the mirror from being updated
>> during the n-hours build of all images?
>
>Answer welcome. :)

Nope. For any given architecture build, we do ~all the parsing
up-front so it's going to be consistent. But from one arch to the next
it's possible that things will update.


-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
< sladen> I actually stayed in a hotel and arrived to find a post-it
  note stuck to the mini-bar saying "Paul: This fridge and
  fittings are the correct way around and do not need altering"

Bug#843943: debian-cd: please mention the dinstall serial in a trace file

2017-04-24 Thread Cyril Brulebois 
Steve McIntyre  (2017-04-25):
> Looks good (ish!) The code's fine, but I'll move it to the setup.git
> repo. The code in debian-cd/contrib is just a convenience copy for
> publishing what we do in the package.

Alright, thanks!

> >> Also, as as side question, do we prevent the mirror from being updated
> >> during the n-hours build of all images?
> >
> >Answer welcome. :)
> 
> Nope. For any given architecture build, we do ~all the parsing
> up-front so it's going to be consistent. But from one arch to the next
> it's possible that things will update.

It looks good enough, yeah; at least it seems to have worked just fine
so far. :-)

Thanks again.


KiBi.


signature.asc
Description: Digital signature

Bug#843943: marked as done (debian-cd: please mention the dinstall serial in a trace file)

2017-04-24 Thread Debian Bug Tracking System 
Your message dated Tue, 25 Apr 2017 01:10:44 +0100
with message-id <20170425001043.gg8...@einval.com>
and subject line Re: Bug#843943: debian-cd: please mention the dinstall serial 
in a trace file
has caused the Debian Bug report #843943,
regarding debian-cd: please mention the dinstall serial in a trace file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
843943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-cd
Severity: normal

(X-D-Cc: debian-b...@lists.debian.org)

Hi,

Since pettersson has a mirror with project/trace, which gives us access
to archive serial, it would be nice to have a look when the build starts
and to report this, maybe in a trace file alongside cdimage.debian.org?

Also, as as side question, do we prevent the mirror from being updated
during the n-hours build of all images?


Some context: This would help figure out what changed between two d-i
releases, in addition to log parsing scripts I'm already running (which
only accounts for udebs installed during the build, plus build-deps):
looking at packages getting ACCEPTED between two dates in my
debian-boot@ mailbox is not practical and is missing non-debian-boot@
packages; plus: those udebs might not have reached testing anyway.

Thanks for considering.


KiBi.
--- End Message ---
--- Begin Message ---
Pushed to the setup git repo, so marking this fixed. Thanks for the patch!

On Tue, Apr 25, 2017 at 01:03:22AM +0100, Steve McIntyre wrote:
>On Thu, Apr 13, 2017 at 02:43:24PM +0200, Cyril Brulebois wrote:
>>Cyril Brulebois  (2016-11-11):
>>> Since pettersson has a mirror with project/trace, which gives us access
>>> to archive serial, it would be nice to have a look when the build starts
>>> and to report this, maybe in a trace file alongside cdimage.debian.org?
>>
>>Here's a prospective and untested patch.
>>
>>ISTR we (ab)use cronjob.weekly for release builds, but feel free to
>>test/adjust before pushing to the repository.
>
>Looks good (ish!) The code's fine, but I'll move it to the setup.git
>repo. The code in debian-cd/contrib is just a convenience copy for
>publishing what we do in the package.
>
>>> Also, as as side question, do we prevent the mirror from being updated
>>> during the n-hours build of all images?
>>
>>Answer welcome. :)
>
>Nope. For any given architecture build, we do ~all the parsing
>up-front so it's going to be consistent. But from one arch to the next
>it's possible that things will update.
>
>
>-- 
>Steve McIntyre, Cambridge, UK.st...@einval.com
>< sladen> I actually stayed in a hotel and arrived to find a post-it
>  note stuck to the mini-bar saying "Paul: This fridge and
>  fittings are the correct way around and do not need altering"
-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"The problem with defending the purity of the English language is that
 English is about as pure as a cribhouse whore. We don't just borrow words; on
 occasion, English has pursued other languages down alleyways to beat them
 unconscious and rifle their pockets for new vocabulary."  -- James D. Nicoll--- End Message ---

debian installer: allow unauthenticated local repository

2017-04-24 Thread Leroy Pubel 
A closer look at my notes reminded me that the "AllowUnauthenticated"
setting on an installed system also acts on all repositories. But, my
original question remains: is there a way to allow only one particular repo
to be unauthenticated with preseeding?

Re: debian installer: allow unauthenticated local repository

2017-04-24 Thread Colin Watson 
On Mon, Apr 24, 2017 at 06:03:43PM -0600, Leroy Pubel wrote:
> I can allow all repositories to be unauthenticated during installation with
> this preseed line:
> 
> "d-i debian-installer/allow_unauthenticated boolean true"
> 
> I add my local repo like this:
> 
> "d-i apt-setup/local0/repository string http://
> local-ip stable testing"
> 
> Is there a way to only allow one particular repository to be
> unauthenticated?

Reasonably modern versions of apt have sources.list syntax for this.
Translating to preseeding syntax, that'd be something like this:

  d-i apt-setup/local0/repository string [trusted=yes] http://...

(Fill in whatever you'd normally have after "http" - the change is just
to insert "[trusted=yes]" before it.)

-- 
Colin Watson   [cjwat...@debian.org]

Re: debian installer: allow unauthenticated local repository

2017-04-24 Thread Leroy Pubel 
This didn't work. The resulting install had the local repository line in
the sources.list, but, it was commented out per the comments in the example
preseed.cfg which indicate repos without keys will be commented out.

On Mon, Apr 24, 2017 at 6:38 PM, Colin Watson  wrote:

> On Mon, Apr 24, 2017 at 06:03:43PM -0600, Leroy Pubel wrote:
> > I can allow all repositories to be unauthenticated during installation
> with
> > this preseed line:
> >
> > "d-i debian-installer/allow_unauthenticated boolean true"
> >
> > I add my local repo like this:
> >
> > "d-i apt-setup/local0/repository string http://
> > local-ip stable testing"
> >
> > Is there a way to only allow one particular repository to be
> > unauthenticated?
>
> Reasonably modern versions of apt have sources.list syntax for this.
> Translating to preseeding syntax, that'd be something like this:
>
>   d-i apt-setup/local0/repository string [trusted=yes] http://...
>
> (Fill in whatever you'd normally have after "http" - the change is just
> to insert "[trusted=yes]" before it.)
>
> --
> Colin Watson   [cjwat...@debian.org]
>
>