当主机没有安装ca-certificates库的时候,会发现没办法透过ssl协议apt-get获取公网的包,比如网上流传的debian书虫的源,本来地址就是对的:
deb https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
但非常遗憾的是很多容器没有安装对应的证书可访问,所以会报
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.
解决方法是把https改成http, 类似以下
deb http://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
