當主機沒有安裝ca-certificates庫的時候,會發現沒辦法透過ssl協議apt-get獲取公網的包,比如網上流傳的debian書蟲的源,本來地址就是對的:
deb https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
但非常遺憾的是很多容器沒有安裝對應的证書可訪問,所以會報
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.
解決方法是把https改成http, 類似以下
deb http://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb http://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src http://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
