Accessing external https repo during install
Markus Köberl
markus.koeberl at tugraz.at
Wed Jan 17 17:10:33 CET 2024
On Wednesday, 17 January 2024 16:13:02 CET Diego Zuccato wrote:
> Il 17/01/2024 14:15, Carsten Aulbert ha scritto:
> >> How can I have ca-certificates installed when the repository gets added?
> >
> > I think you could either add it into your basefile
>
> Thought that, but would require regular maintenance, regenerating
> basefile every time ca-certificates is updated.
>
> > or add it to your
> > hook to install ca-certificates from Debian first.
>
> That whould be the perfect solution.
>
> > Does that make sense?
>
> Sure it does. I just have to understand how to do it the correct way :)
>
> First issue (that deranged me): I forgot to set SALT class for the
> test-fai host, but files/etc/apt/sources.list.d/salt.list/BOOKWORM got
> copied anyway... some script is fcopy-ing more than expected...
> Fixed (partially) the first issue, hooks/repository.SALT (the one that
> should create salt.list file...) finally got called and attempted to
> install ca-certificate. But it failed. Seems I'm attempting to install
> it too soon.
> Uff. Work for tomorrow...
>
> Tks for all the hints!
I have on the fai server in /etc/fai/nfsroot.conf:
FAI_DEBOOTSTRAP_OPTS="--include=ca-certificates,apt-transport-https"
and /etc/fai/nfsroot-hooks/ca-certificates:
# load deffinition of ${NFSROOT}
. /etc/fai/nfsroot.conf
mkdir -p ${NFSROOT}/usr/local/share/ca-certificates
cp /etc/fai/nfsroot-hooks/ComodoIntermediateCertificates.crt \
${NFSROOT}/usr/local/share/ca-certificates/ComodoIntermediateCertificates.crt
chroot $NFSROOT update-ca-certificates
regards
Markus Köberl
--
Markus Koeberl
Graz University of Technology
Signal Processing and Speech Communication Laboratory
E-mail: markus.koeberl at tugraz.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20240117/1ce29afd/attachment.sig>
More information about the linux-fai
mailing list