Le mercredi 31 juillet 2019 à 16:10 -0700, Brian C. Lane a écrit : > On Wed, Jul 31, 2019 at 09:05:21PM +0200, Nicolas Mailhot via devel > wrote: > > Le mercredi 31 juillet 2019 à 12:25 -0500, Jason L Tibbitts III a > > écrit : > > > > > > > > "KF" == Kevin Fenzi <kevin@xxxxxxxxx> writes: > > > > > > KF> * If you use metalinks, rpm signatures are just gravy on top, > > > in > > > the > > > KF> end you are still just trusing SSL CA's. > > > > > > Only if you trust every mirror to always serve authentic content. > > > > And, just to provide another data point, we tried this month to > > make > > the network install iso talk to https dnf repos (a reposync of > > fedora > > devel x86_64, without x86 packages, because we don't have the > > storage > > budget to mirror 32 bit packages we don't have the use for them > > anyway). The repos themselves worked fine from installed systems. > > But, > > anaconda refused to use them, till they were re-exposed in plain > > un- > > secured http. > > It's odd that they would work from an installed system and not > anaconda. > Are you using a self-signed cert on them? No, a proper public cert, that even Firefox accepts without grumbling (not an easy thing to manage those days). > If so you can pass > inst.noverifyssl to anaconda to tell it to ignore the error but still > use https. Thanks for the suggestion, I had forgotten about it. Is it possible to do that manually without a kickstart? Fot that installation workflow we start from a minimal unmodified install, and customize it in a later stage. Regards, -- Nicolas Mailhot _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
