-
Notifications
You must be signed in to change notification settings - Fork 302
Update install docs for https urls #212
Comments
@adrianschroeter, @vrothberg - Maybe it was some sort of propagation issue, but it's now working for me for SLES and OpenSuSE! |
Now that the OBS server has enabled full https (no more redirecting to http for the actual package downloads), remove the warning and switch to specifying an https repository URL. Fixes kata-containers#212. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Is this still an issue? I was looking to try out Kata but any |
Hi @robcresswell - According to @adrianschroeter this is not something OBS can control as anyone can be an OBS mirror. If you get lucky, you can download the packages via an end-to-end https channel but that cannot be guaranteed unless you configure your system to use a known OBS mirror that uses https. @adrianschroeter / @vrothberg - could you maybe give an example of a well-known OBS mirror that uses https along with basic instructions for how users might configure their systems to "pin" a package manager to use that mirror only? Alternatively, if there is a doc you could reference? /cc @egernst, @jcvenegas, @bergwolf, @sboeuf, @grahamwhaley, @marcov. |
Ah, I understand; happy to do some digging if someone could start me off on the right track. |
Hi @robcresswell, if you are concerned about (Speaking for SUSE distros), After you added the kata repository, when refreshing the repository metadata you should be prompted with this:
If you recognize that key fingerprint as valid, then you can trust packages installed even when using http. For the geeks, some more handful commands to check GPG keys:
|
Hi @jodh-intel, pinning to a specific mirror is not suggested, as in the end mirrors "come and go", and having a mirror brain taking care of redirecting to the closest mirror has its advantages. Here's the list of all openSUSE mirrors: https://mirrors.opensuse.org/
Using a HTTPS mirror directly is straightforward, just specify its URL in place of the generic |
@marcov That makes sense; apologies for my rash demand for |
Thanks for the information @marcov! @robcresswell - hope you can now give Kata a spin? 😄 |
100%. Thanks for the help. |
@jodh-intel @marcov so can we replace the warning for a note, saying that despite of the http is used the respository should be ok because uses gpg checks? |
@jcvenegas I would do the following:
I can take care of updating the docs if you want. PS: the reference pubkey / fingerprint value must be on a trusted HTTPS domain. |
That sounds good @marcov and thanks for offering to update the docs! :) |
Interesting reading. |
All the installation guides that specify OBS URLS...
... currently specify http URLs along with the following warning:
This is now very close to being fully resolved as download URLs for Ubuntu, Fedora, RHEL and CentOS all correctly redirect from https -> https fwics:
However, we're still waiting for OpenSuSE and SLES to be updated - see #83 (comment).
Once this is done, we can do the following to all the install docs:
/cc @adrianschroeter, @vrothberg.
The text was updated successfully, but these errors were encountered: