Browse Source

https repos

Bob Mottram 11 years ago
parent
commit
72568189a4
1 changed files with 18 additions and 1 deletions
  1. 18
    1
      install-freedombone.sh

+ 18
- 1
install-freedombone.sh View File

@@ -98,11 +98,27 @@ function remove_proprietary_repos {
98 98
   echo 'remove_proprietary_repos' >> $COMPLETION_FILE
99 99
 }
100 100
 
101
+function https_repos {
102
+  # The lack of https repos by default is I think a significant security
103
+  # problem, potentially allowing an adversary to modify package downloads,
104
+  # checksums or gpg public keys in transit and also to know what is installed
105
+  # on your system
106
+  # See http://forums.debian.net/viewtopic.php?f=10&t=74444
107
+  # https://wiki.debian.org/SecureApt
108
+  if grep -Fxq "https_repos" $COMPLETION_FILE; then
109
+	  return
110
+  fi
111
+  apt-get -y update
112
+  apt-get -y --force-yes install apt-transport-https
113
+  # Since at the present time this does not work it's commented out
114
+  #sed -i 's/http:/https:/g' /etc/apt/sources.list
115
+  echo 'https_repos' >> $COMPLETION_FILE
116
+}
117
+
101 118
 function initial_setup {
102 119
   if grep -Fxq "initial_setup" $COMPLETION_FILE; then
103 120
 	  return
104 121
   fi
105
-  apt-get -y update
106 122
   apt-get -y dist-upgrade
107 123
   apt-get -y install ca-certificates emacs24
108 124
   echo 'initial_setup' >> $COMPLETION_FILE
@@ -907,6 +923,7 @@ function install_final {
907 923
 
908 924
 argument_checks
909 925
 remove_proprietary_repos
926
+https_repos
910 927
 configure_dns
911 928
 initial_setup
912 929
 install_editor