openstack/diskimage-builder
Code Issues Proposed changes

Fix issue with insecure HTTPS repository

Browse Source 
The new variable ``DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS`` can be
set to the "0" value to solve the issue with an insecure HTTPS
repository that is "secured" using an insecure certificate.

Change-Id: I6f41670a4bb5f79da3223979214c175c444d7719
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This commit is contained in:
Maksim Malchuk
2026-01-30 17:08:12 +03:00
parent 61b717cc45
commit 12121be8e9
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
diskimage_builder/elements/ubuntu/README.rst
View File

@@ -21,6 +21,8 @@ Overrides:
``(universe|multiverse)``
* Setting ``DIB_DISTRIBUTION_MIRROR_UBUNTU_INSECURE`` updates apt
settings to allow insecure/unuthenticated repositories.
* Setting ``DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS`` updates apt
settings to allow insecure HTTPS repository.
* Setting ``DIB_OFFLINE`` will prevent to download again the source image
if is already present in to $DIB_IMAGE_CACHE path.
* Setting ``DIB_LOCAL_IMAGE`` to use a image from a local source (full path and file name)

4
diskimage_builder/elements/ubuntu/pre-install.d/01-set-ubuntu-mirror
View File

@@ -7,6 +7,7 @@ set -eu
set -o pipefail
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-}
DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS=${DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS:-1}
SIGNED_BY=${SIGNED_BY:-}
DEB822_SOURCES_FILE=/etc/apt/sources.list.d/ubuntu.sources
@@ -54,3 +55,6 @@ if [[ -n "${DIB_DISTRIBUTION_MIRROR_UBUNTU_INSECURE:-}" ]]; then
echo "APT::Get::AllowUnauthenticated \"true\";" | tee /etc/apt/apt.conf.d/95allow-unauthenticated
echo "Acquire::AllowInsecureRepositories \"true\";" | tee -a /etc/apt/apt.conf.d/95allow-unauthenticated
fi
if [[ "${DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS}" == "0" && ${DIB_DISTRIBUTION_MIRROR} =~ "https:" ]]; then
echo "Acquire::https::Verify-Peer \"false\";" | tee -a /etc/apt/apt.conf.d/95allow-unauthenticated
fi

6
releasenotes/notes/insecure-ubuntu-mirror-2dc80c1c8d1aa20e.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
features:
- |
The new variable ``DIB_DISTRIBUTION_MIRROR_VERIFY_HTTPS`` can be set to the
"0" value to solve the issue with an insecure HTTPS repository that is
"secured" using an insecure certificate.