RPMs cannot be served from site with untrusted SSL certificate

[pedantic-git]

When running the photon installer in kickstart mode, the RPMs cannot be served from an SSL site with an untrusted SSL certificate (e.g. a self-signed certificate).

This is probably a good thing for most users, but it would be a good thing to have kernel /proc/cmdline option to disable SSL certificate checking for those of us who are operating in internal environments with untrusted certificates.

As far as I can tell from the docs, you can disable SSL certificate checking by not passing the cafile parameter to urlopen() here.

[YustasSwamp]

@Vasavisirnapalli please take a look

[sidcha]

@pedantic-git, what kickstart config keys are you using to specify the RPMs URL? I don't see any existing key that matches your description.

Perhaps this issue is no longer valid?

[pedantic-git]

@cbsiddharth It's been 5 years since I raised this issue and my memory isn't fantastic from that era!

Check out https://github.com/vmware/photon/blob/master/docs/photon_user/PXE-boot.md#optional-http-server-setup which describes how to set up an HTTP server for the RPMs and seems to still be current. I think the actual URL is specified in the ks.cfg (sample_ks.cfg) but this is all from a 5-year-old memory so might be completely wrong.

[sidcha]

This is a two-part change. TDNF needs to support a new option (tacked by separate issue) sslverify=[true/false] and then this option must be allowed to pass though installer kernel command line.