Allow the build-vyos-image to use custom unsigned vyos mirrors.
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Improvement (missing useful functionality)
Event Timeline
Comment Actions
Since the --vyos-mirror string is copied directly, you can simply prepend it with [trusted=yes]; a new flag isn't really necessary:
vyos_bld@5647d929bac0:/vyos/vyos-build$ sudo ./build-vyos-image iso \
--architecture amd64 \
--vyos-mirror "[trusted=yes] https://some.repo/current"
I: Checking if packages required for VyOS image build are installed
build/config
I: Cleaning the build workspace
...^C
vyos_bld@5647d929bac0:/vyos/vyos-build$ cat build/config/archives/vyos.list.chroot
deb [trusted=yes] https://some.repo/current current mainIf packages are signed in your repo, you can put the key into the live-build configuration prior to building (similar to the existing VyOS dev key):
vyos-build/data/live-build-config/archives.
Trying to use https repositories with self-signed certificates (or private CAs) is tricky, however. live-build doesn't seem to have a mechanism for getting certs into the chroot early enough (that I can find). I'm far from an expert, though.
Unless you have a specific reason to work around signing, as @syncer suggests, just get proper certs/keys and sign everything.
Comment Actions
I'm just using this for my home lab :) - that's a great suggestion @Rain I shall use that!
Comment Actions
thanks for your effort in any case @florin
"A journey of a thousand miles begins with a single step"
Comment Actions
Could this perhaps be extended into something like this in the help of the command and documentation?
--vyos-mirror --vyos-mirror-trusted