txt-sysinstall scrapped
Warner Losh
imp at bsdimp.com
Tue Nov 9 06:10:31 UTC 2010
On 11/06/2010 10:24, Nathan Whitehorn wrote:
> On 11/06/10 01:04, Garrett Cooper wrote:
>> On Fri, Nov 5, 2010 at 10:06 PM, Warner Losh<imp at bsdimp.com> wrote:
>>>> Just to add to that (because I do find it a novel idea), 1) how
>>>> are you going to properly prevent man in the middle attacks (SSL, TLS,
>>>> etc?), and 2) what webserver would you use?
>>> https or ssh.
>>>
>>> We're also toying with the idea of having a partition that you could
>>> 'dd' your certs and keys to (so any system can customize the image
>>> with keys to make sure you were talking to who you think you are).
>>> We'd just reserve 1MB of space on partition s3. We'd then check to
>>> see if there was a tar ball. If so, we'd extract it and do the
>>> intelligent thing with the keys we find there.
>> Wouldn't it be better just to go with a read-write media solution
>> (USB) like Matt Dillon was suggesting at today then? Then again,
>> determining the root device to date is still a bit kludgy isn't it?
> But this breaks badly for people who don't own USB sticks of sufficient
> size, are installing on machines without USB ports, can't boot from USB,
> want to install from a shared medium like PXE, are installing on blades
> with convenient shared CD drives but not USB etc. etc. Everything in the
> world can boot from CD, and we have to ensure that continues working.
Yes. We won't break that, although you might have more functionality if
you do have a USB stick.
> I also have mixed feelings about needing to use a web browser to
> instruct a web app inside a bundled web server to write a config file to
> be interpreted by shell scripts just in order to run gpart, newfs, and
> tar. But if you get it working, it's better than sysinstall no matter
> how baroque.
We'll see how it all plays out?
Warner
> -Nathan
>
>
>
More information about the freebsd-hackers
mailing list