On 2018-10-20, Wolfgang Schweer wrote:
> From e643e524802668c43ced718df07c43e80d1978dd Mon Sep 17 00:00:00 2001
> From: Wolfgang Schweer <wschw...@arcor.de>
> Date: Sat, 20 Oct 2018 10:36:57 +0200
> Subject: [PATCH] Adjust server/Debian/share/ltsp/ltsp-build-client-functions
> to be apt compliant.
>
> Due to security concerns, file:/// repositories are no longer considered to be
> trusted by default. If a complete ISO image is used to install LTSP in offline
> mode, such a repository is actually present. Adding [trusted=yes] enables it.
> ---
> server/Debian/share/ltsp/ltsp-build-client-functions | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/server/Debian/share/ltsp/ltsp-build-client-functions
> b/server/Debian/share/ltsp/ltsp-build-client-functions
> index b338847c..28421b82 100644
> --- a/server/Debian/share/ltsp/ltsp-build-client-functions
> +++ b/server/Debian/share/ltsp/ltsp-build-client-functions
> @@ -18,7 +18,9 @@ add_mirrors() {
>
> echo "deb $mirror $dist $components" >> $ROOT/etc/apt/sources.list
> case $mirror in
> - file:///*) dir=$(echo "$mirror" | sed -e 's,^file://,,g')
> + file:///*)
> + sed -i 's/deb/deb [trusted=yes]/' $ROOT/etc/apt/sources.list
> + dir=$(echo "$mirror" | sed -e 's,^file://,,g')
> mkdir -p $ROOT/$dir
> chroot_mount $dir $dir --bind
> ;;
> --
> 2.19.1Rather than hard-coding that file mirrors are always trusted, can't you instead use: mirror='deb [trusted=yes] file:///some/file/path DIST COMPONENTS' There may be cases where file mirrors still may require verification. Thanks to Alkis for the reminder about this option... live well, vagrant
signature.asc
Description: PGP signature
