|
@@ -98,11 +98,27 @@ function remove_proprietary_repos {
|
98
|
98
|
echo 'remove_proprietary_repos' >> $COMPLETION_FILE
|
99
|
99
|
}
|
100
|
100
|
|
|
101
|
+function https_repos {
|
|
102
|
+ # The lack of https repos by default is I think a significant security
|
|
103
|
+ # problem, potentially allowing an adversary to modify package downloads,
|
|
104
|
+ # checksums or gpg public keys in transit and also to know what is installed
|
|
105
|
+ # on your system
|
|
106
|
+ # See http://forums.debian.net/viewtopic.php?f=10&t=74444
|
|
107
|
+ # https://wiki.debian.org/SecureApt
|
|
108
|
+ if grep -Fxq "https_repos" $COMPLETION_FILE; then
|
|
109
|
+ return
|
|
110
|
+ fi
|
|
111
|
+ apt-get -y update
|
|
112
|
+ apt-get -y --force-yes install apt-transport-https
|
|
113
|
+ # Since at the present time this does not work it's commented out
|
|
114
|
+ #sed -i 's/http:/https:/g' /etc/apt/sources.list
|
|
115
|
+ echo 'https_repos' >> $COMPLETION_FILE
|
|
116
|
+}
|
|
117
|
+
|
101
|
118
|
function initial_setup {
|
102
|
119
|
if grep -Fxq "initial_setup" $COMPLETION_FILE; then
|
103
|
120
|
return
|
104
|
121
|
fi
|
105
|
|
- apt-get -y update
|
106
|
122
|
apt-get -y dist-upgrade
|
107
|
123
|
apt-get -y install ca-certificates emacs24
|
108
|
124
|
echo 'initial_setup' >> $COMPLETION_FILE
|
|
@@ -907,6 +923,7 @@ function install_final {
|
907
|
923
|
|
908
|
924
|
argument_checks
|
909
|
925
|
remove_proprietary_repos
|
|
926
|
+https_repos
|
910
|
927
|
configure_dns
|
911
|
928
|
initial_setup
|
912
|
929
|
install_editor
|