Re: HTTPS trust anchors in sysinst

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Subject: Re: HTTPS trust anchors in sysinst
From: Martin Husemann <martin%duskware.de@localhost>
Date: Sat, 26 Aug 2023 15:28:57 +0200

On Sat, Aug 26, 2023 at 12:46:48PM +0000, Taylor R Campbell wrote:
> There's a few different mechanisms to put files into install media,
> depending on the install media, and I'm not clear on how they all work
> and fit together, so maybe someone can help me decide what to do.
> 
> - For ramdisks, we can create, say, a src/distrib/common/list.certs
>   which installs cert.pem, and add that to LISTS.

Many ram disk images are very size restrained and this will be a challenge.
We struggle for every single byte on many of them.

> - For install images (USB images -- maybe also CD images?), it looks
>   like we can add cert.pem to IMGFILE_EXTRA.

For proper CD images (e.g. amd64, vax, sparc64) the certs should just
be there due to being in base.tgz. Can we just create the missing symlinks
for them to be usable?

> - Not sure about floppies (FLOPPYFILES?), but this is a path that we
>   may be able to test easily because it's how anita bootstraps anyway!
>   Of course, it might bump us to one more floppy.

Anita only uses floppies by default on a few platforms (like x86).
We struggle for every single byte on many floppy images too.

Overall I have no good/helpfull answer but expect this to be a non trivial
change.

Martin

Follow-Ups:
- Re: HTTPS trust anchors in sysinst
  - From: Taylor R Campbell

References:
- HTTPS trust anchors in sysinst
  - From: Taylor R Campbell

Prev by Date: Re: HTTPS trust anchors in sysinst
Next by Date: Re: HTTPS trust anchors in sysinst
Previous by Thread: Re: HTTPS trust anchors in sysinst
Next by Thread: Re: HTTPS trust anchors in sysinst
Indexes:

Home | Main Index | Thread Index | Old Index