On Mon, Nov 15, 2010 at 4:14 PM, Daniel Pittman <[email protected]> wrote: > Matt Robinson <[email protected]> writes: > >> On Mon, Nov 15, 2010 at 2:59 PM, Sandor Szuecs >> <[email protected]> wrote: >>>> Wouldn't this be using Puppet's CA cert to try to >>>> validate connections to wherever you're getting the dmg? >>> >>> I think the use case of the pkgdmg provider is to use a local site, so >>> it is ok to use puppet's CA, or am I missing something? >> >> I may also be missing something, but I thought that the provider could use >> any site that serves up dmg's over http, so in that case using puppet's CA >> doesn't make sense. > > Yes, it does, by definition. "Anything that Open::URI accepts" is the > promised implementation, and it would certainly break some of our use of the > provider to implement that. > >> Perhaps someone more familiar with how this provider is used could weigh in >> (Nigel?). > > To my eye adding the ability to use a 'puppet' URL there, and fetch that using > the authenticated, internal file transfer mechanism (on demand) would make > sense...
Often the packages seem to be on dedicated web servers that aren't the puppetmaster. If we're going to re-use the puppet SSL chain for the https call, I'd like that to be a configurable parameter, but if you can get it to work with the puppet:// protocol, that seems a more reasonable approach for encrypted transport. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
