That wouldn't work, since salt.list is copied too early, before the
first update, so the update fails (well, in ignores the repo but logs an
error in error.log) because it can't authenticate the external repo (it
misses ca-certificates, but to install ca-certificates it needs to
update the
On Wed, 2024-01-17 at 17:10 +0100, Markus Köberl wrote:
> FAI_DEBOOTSTRAP_OPTS="--include=ca-certificates,apt-transport-https"
Hey,
My approach for this kind of thing is to have a hook that install ca-
certificates. Probably updatebase.SALT - or better,
updatebase.CACERTIFICATES and have SALT
Seems the copy is done by line 1115 of usr/lib/fai/subroutines:
fcopy -SBMir /etc/apt # copy all other apt config files from the config
space
It probably should be documented, especially since docs currently state
that files under files/ are not copied automatically but require an
fcopy. Or I
IIUC that's the same as adding 'em to the basefile. Every time an
install errors out, basefile/nfsroot must be regenerated to include
updated root certs. Error prone and time consuming.
I'm now trying to understand:
1) who is copying the whole /etc/apt/sources.list.d during
task_repository, to
Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die
eigentliche Nachricht steht dadurch in einem Anhang.
This message was wrapped to be DMARC compliant. The actual message
text is therefore in an attachment.--- Begin Message ---
On Wednesday, 17 January 2024 16:13:02 CET Diego
Il 17/01/2024 14:15, Carsten Aulbert ha scritto:
How can I have ca-certificates installed when the repository gets added?
I think you could either add it into your basefile
Thought that, but would require regular maintenance, regenerating
basefile every time ca-certificates is updated.
or
Hi
On 1/17/24 14:10, Diego Zuccato wrote:
How can I have ca-certificates installed when the repository gets added?
I think you could either add it into your basefile or add it to your
hook to install ca-certificates from Debian first.
Does that make sense?
Cheers
Carsten
--
Dr. Carsten
