__apt_key_uri does not work with insecure / untrusted certificates #189
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#189
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Created by: telmich
INFO: cephmon01.ungleich.ch: Executing code for __apt_key_uri/ceph
gpg: no valid OpenPGP data found.
__apt_key_uri ceph
--name "Ceph release"
--uri 'https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc'
root@cephmon01:~# curl 'https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc' | apt-key add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
gpg: no valid OpenPGP data found.
root@cephmon01:~# curl -k 'https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc' | apt-key add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--: 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:100 1752 0 1752 0 0 1995 0 --:--:-- --:--:-- --:--:-- 2416
OK
closed
Created by: telmich
Maybe adding --insecure to the type is the right solution to allow using https sites for which the distro does not have a CA present