forked from public/airgap
download and hash verify all packages before install
This commit is contained in:
parent
249e93bcce
commit
73d0e657fa
|
@ -13,6 +13,7 @@ ADD scripts/ /usr/local/bin/
|
||||||
## Install packages from packages.list with retry
|
## Install packages from packages.list with retry
|
||||||
ADD config/container/sources.list /etc/apt/sources.list
|
ADD config/container/sources.list /etc/apt/sources.list
|
||||||
ADD config/container/packages.list /etc/apt/packages.list
|
ADD config/container/packages.list /etc/apt/packages.list
|
||||||
|
ADD config/container/package-hashes.txt /etc/apt/package-hashes.txt
|
||||||
ADD config/container/apt.conf /etc/apt/apt.conf
|
ADD config/container/apt.conf /etc/apt/apt.conf
|
||||||
RUN apt-install
|
RUN apt-install
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
01e99d68427722e64c603d45f00063c303b02afb53d85c8d1476deca70db64c6 libreadline7_7.0-5_amd64.deb
|
01e99d68427722e64c603d45f00063c303b02afb53d85c8d1476deca70db64c6 libreadline7_7.0-5_amd64.deb
|
||||||
0226c5853f5e48d7e99796c2e6332591383e9c337ac588e1b689f537abd0a891 libssh2-1_1.8.0-2.1_amd64.deb
|
0226c5853f5e48d7e99796c2e6332591383e9c337ac588e1b689f537abd0a891 libssh2-1_1.8.0-2.1_amd64.deb
|
||||||
02f795889390fa0e1f29c6ecdd4a30cd0aae39c0c6b1379410055404b0897c66 libx11-data_2%3a1.6.7-1+deb10u1_all.deb
|
02f795889390fa0e1f29c6ecdd4a30cd0aae39c0c6b1379410055404b0897c66 libx11-data_2%3a1.6.7-1+deb10u1_all.deb
|
||||||
|
03a133833154325c731291c8a87daef5962dcfb75dee7cdb11f7fb923de2db82 openssl_1.1.1d-0+deb10u3_amd64.deb
|
||||||
042967b8267ee537ed9a1bf012533622847aab433362e3b57c9108a53bfcb99a libkrb5-3_1.17-3_amd64.deb
|
042967b8267ee537ed9a1bf012533622847aab433362e3b57c9108a53bfcb99a libkrb5-3_1.17-3_amd64.deb
|
||||||
05e64681a0c3037fa71c94c083a8aabb6eb5f40e974c4ec548e0376635cffeb0 gpg-wks-server_2.2.12-1+deb10u1_amd64.deb
|
05e64681a0c3037fa71c94c083a8aabb6eb5f40e974c4ec548e0376635cffeb0 gpg-wks-server_2.2.12-1+deb10u1_amd64.deb
|
||||||
05e90f94363055cf27cd88b7968820645180d37a649a93cf5d7ea6f3c7fe973e gcc-8_8.3.0-6_amd64.deb
|
05e90f94363055cf27cd88b7968820645180d37a649a93cf5d7ea6f3c7fe973e gcc-8_8.3.0-6_amd64.deb
|
||||||
|
@ -78,6 +79,7 @@ a65ea1c2a2c32995ea5337dc769ea2de503dd65e0ee2cde345d565ba06575d0c file_1%3a5.35-4
|
||||||
a73b05c10399636a7c7bff266205de05631dc4af502bfb441cbbc6af0a7deb2a libmpc3_1.1.0-1_amd64.deb
|
a73b05c10399636a7c7bff266205de05631dc4af502bfb441cbbc6af0a7deb2a libmpc3_1.1.0-1_amd64.deb
|
||||||
a7857b726c3e0d16cda2fbb9020d42e024a3160d54ef858f58578612276683e8 libxau6_1%3a1.0.8-1+b2_amd64.deb
|
a7857b726c3e0d16cda2fbb9020d42e024a3160d54ef858f58578612276683e8 libxau6_1%3a1.0.8-1+b2_amd64.deb
|
||||||
ae756853eff06749370f37f717339098d7ead8eb40d8eca9050c4dd8d64be33a g++_4%3a8.3.0-1_amd64.deb
|
ae756853eff06749370f37f717339098d7ead8eb40d8eca9050c4dd8d64be33a g++_4%3a8.3.0-1_amd64.deb
|
||||||
|
b293309a892730986e779aea48e97ea94cd58f34f07fefbd432c210ee4a427e2 libssl1.1_1.1.1d-0+deb10u3_amd64.deb
|
||||||
b3392a29de0cea29f9e8e07793d1f03fcb84a3ca25b7471e2db0e0fa93ffa566 libldap-common_2.4.47+dfsg-3+deb10u2_all.deb
|
b3392a29de0cea29f9e8e07793d1f03fcb84a3ca25b7471e2db0e0fa93ffa566 libldap-common_2.4.47+dfsg-3+deb10u2_all.deb
|
||||||
b582f4bc549877d59254318feaaf1354020d695cfe9b9e6aab0aa26b65c29071 libubsan1_8.3.0-6_amd64.deb
|
b582f4bc549877d59254318feaaf1354020d695cfe9b9e6aab0aa26b65c29071 libubsan1_8.3.0-6_amd64.deb
|
||||||
b9db9483510589d939ee897b8b2b15661d243c8fac13dfa18e6daa10be5d0a2a liblsan0_8.3.0-6_amd64.deb
|
b9db9483510589d939ee897b8b2b15661d243c8fac13dfa18e6daa10be5d0a2a liblsan0_8.3.0-6_amd64.deb
|
||||||
|
|
|
@ -1,119 +1,121 @@
|
||||||
patch=2.7.6-3+deb10u1
|
base-files=10.3+deb10u6
|
||||||
libreadline7=7.0-5
|
bc=1.07.1-2+b1
|
||||||
libssh2-1=1.8.0-2.1
|
|
||||||
libx11-data=2%3a1.6.7-1+deb10u1
|
|
||||||
libkrb5-3=1.17-3
|
|
||||||
gpg-wks-server=2.2.12-1+deb10u1
|
|
||||||
gcc-8=8.3.0-6
|
|
||||||
libbsd0=0.9.1-2
|
|
||||||
perl=5.28.1-6+deb10u1
|
|
||||||
libkeyutils1=1.6-6
|
|
||||||
libperl5.28=5.28.1-6+deb10u1
|
|
||||||
libtsan0=8.3.0-6
|
|
||||||
libmagic-mgc=1%3a5.35-4+deb10u1
|
|
||||||
openssh-client=1%3a7.9p1-10+deb10u2
|
|
||||||
readline-common=7.0-5
|
|
||||||
libpcre2-8-0=10.32-5
|
|
||||||
libmagic1=1%3a5.35-4+deb10u1
|
|
||||||
libdpkg-perl=1.19.7
|
|
||||||
make=4.2.1-1.2
|
|
||||||
libncurses6=6.1+20181013-2+deb10u2
|
|
||||||
xauth=1%3a1.0.10-1
|
|
||||||
libpsl5=0.20.2-2
|
|
||||||
libksba8=1.3.5-2
|
|
||||||
lsb-base=10.2019051400
|
|
||||||
libgpm2=1.20.7-5
|
|
||||||
libxmuu1=2%3a1.1.2-2+b3
|
|
||||||
libalgorithm-diff-xs-perl=0.04-5+b1
|
|
||||||
git-man=1%3a2.20.1-2+deb10u3
|
|
||||||
gnupg=2.2.12-1+deb10u1
|
|
||||||
wget=1.20.1-1.1
|
|
||||||
build-essential=12.6
|
|
||||||
gpg-wks-client=2.2.12-1+deb10u1
|
|
||||||
perl-base=5.28.1-6+deb10u1
|
|
||||||
libc6-dev=2.28-10
|
|
||||||
libgssapi-krb5-2=1.17-3
|
|
||||||
libsasl2-2=2.1.27+dfsg-1+deb10u1
|
|
||||||
dpkg-dev=1.19.7
|
|
||||||
git=1%3a2.20.1-2+deb10u3
|
|
||||||
gpgsm=2.2.12-1+deb10u1
|
|
||||||
bzip2=1.0.6-9.2~deb10u1
|
|
||||||
librtmp1=2.4+20151223.gitfa8646d.1-2
|
|
||||||
less=487-0.1+b1
|
|
||||||
libcc1-0=8.3.0-6
|
|
||||||
libgdbm-compat4=1.18.1-4
|
|
||||||
liberror-perl=0.17027-2
|
|
||||||
perl-modules-5.28=5.28.1-6+deb10u1
|
|
||||||
manpages=4.16-2
|
|
||||||
libcurl3-gnutls=7.64.0-4+deb10u1
|
|
||||||
cpp-8=8.3.0-6
|
|
||||||
unzip=6.0-23+deb10u1
|
|
||||||
libnghttp2-14=1.36.0-2+deb10u1
|
|
||||||
gpg-agent=2.2.12-1+deb10u1
|
|
||||||
libpopt0=1.16-12
|
|
||||||
libxext6=2%3a1.3.3-1+b2
|
|
||||||
libmpx2=8.3.0-6
|
|
||||||
libquadmath0=8.3.0-6
|
|
||||||
libfakeroot=1.23-1
|
|
||||||
gnupg-utils=2.2.12-1+deb10u1
|
|
||||||
libsasl2-modules=2.1.27+dfsg-1+deb10u1
|
|
||||||
ca-certificates=20200601~deb10u1
|
|
||||||
libstdc++-8-dev=8.3.0-6
|
|
||||||
rsync=3.1.3-6
|
|
||||||
libitm1=8.3.0-6
|
|
||||||
libalgorithm-merge-perl=0.08-3
|
|
||||||
libxcb1=1.13.1-2
|
|
||||||
manpages-dev=4.16-2
|
|
||||||
dirmngr=2.2.12-1+deb10u1
|
|
||||||
libc-dev-bin=2.28-10
|
|
||||||
libgomp1=8.3.0-6
|
|
||||||
publicsuffix=20190415.1030-1
|
|
||||||
libassuan0=2.5.2-1
|
|
||||||
libnpth0=1.6-1
|
|
||||||
binutils-common=2.31.1-16
|
binutils-common=2.31.1-16
|
||||||
gpg=2.2.12-1+deb10u1
|
|
||||||
krb5-locales=1.17-3
|
|
||||||
libgcc-8-dev=8.3.0-6
|
|
||||||
file=1%3a5.35-4+deb10u1
|
|
||||||
libmpc3=1.1.0-1
|
|
||||||
libxau6=1%3a1.0.8-1+b2
|
|
||||||
g++=4%3a8.3.0-1
|
|
||||||
libldap-common=2.4.47+dfsg-3+deb10u2
|
|
||||||
libubsan1=8.3.0-6
|
|
||||||
liblsan0=8.3.0-6
|
|
||||||
libk5crypto3=1.17-3
|
|
||||||
libbinutils=2.31.1-16
|
|
||||||
netbase=5.6
|
|
||||||
libgnutls30=3.6.7-4+deb10u5
|
|
||||||
libcurl4=7.64.0-4+deb10u1
|
|
||||||
binutils-x86-64-linux-gnu=2.31.1-16
|
binutils-x86-64-linux-gnu=2.31.1-16
|
||||||
binutils=2.31.1-16
|
binutils=2.31.1-16
|
||||||
libalgorithm-diff-perl=1.19.03-2
|
build-essential=12.6
|
||||||
gpgconf=2.2.12-1+deb10u1
|
bzip2=1.0.6-9.2~deb10u1
|
||||||
gcc=4%3a8.3.0-1
|
ca-certificates=20200601~deb10u1
|
||||||
libsasl2-modules-db=2.1.27+dfsg-1+deb10u1
|
|
||||||
libfile-fcntllock-perl=0.22-3+b5
|
|
||||||
libedit2=3.1-20181209-1
|
|
||||||
libmpfr6=4.0.2-1
|
|
||||||
libgdbm6=1.18.1-4
|
|
||||||
g++-8=8.3.0-6
|
|
||||||
libasan5=8.3.0-6
|
|
||||||
libisl19=0.20-2
|
|
||||||
libexpat1=2.2.6-2+deb10u1
|
|
||||||
linux-libc-dev=4.19.146-1
|
|
||||||
cpio=2.12+dfsg-9
|
cpio=2.12+dfsg-9
|
||||||
liblocale-gettext-perl=1.07-3+b4
|
cpp-8=8.3.0-6
|
||||||
xz-utils=5.2.4-1
|
cpp=4:8.3.0-1
|
||||||
libkrb5support0=1.17-3
|
|
||||||
libldap-2.4-2=2.4.47+dfsg-3+deb10u2
|
|
||||||
curl=7.64.0-4+deb10u1
|
curl=7.64.0-4+deb10u1
|
||||||
|
dirmngr=2.2.12-1+deb10u1
|
||||||
|
dpkg-dev=1.19.7
|
||||||
fakeroot=1.23-1
|
fakeroot=1.23-1
|
||||||
|
file=1:5.35-4+deb10u1
|
||||||
|
g++-8=8.3.0-6
|
||||||
|
g++=4:8.3.0-1
|
||||||
|
gcc-8=8.3.0-6
|
||||||
|
gcc=4:8.3.0-1
|
||||||
|
git-man=1:2.20.1-2+deb10u3
|
||||||
|
git=1:2.20.1-2+deb10u3
|
||||||
gnupg-l10n=2.2.12-1+deb10u1
|
gnupg-l10n=2.2.12-1+deb10u1
|
||||||
cpp=4%3a8.3.0-1
|
gnupg-utils=2.2.12-1+deb10u1
|
||||||
libxdmcp6=1%3a1.1.2-3
|
gnupg=2.2.12-1+deb10u1
|
||||||
base-files=10.3+deb10u6
|
gpg-agent=2.2.12-1+deb10u1
|
||||||
pinentry-curses=1.1.0-2
|
gpg-wks-client=2.2.12-1+deb10u1
|
||||||
|
gpg-wks-server=2.2.12-1+deb10u1
|
||||||
|
gpg=2.2.12-1+deb10u1
|
||||||
|
gpgconf=2.2.12-1+deb10u1
|
||||||
|
gpgsm=2.2.12-1+deb10u1
|
||||||
|
krb5-locales=1.17-3
|
||||||
|
less=487-0.1+b1
|
||||||
|
libalgorithm-diff-perl=1.19.03-2
|
||||||
|
libalgorithm-diff-xs-perl=0.04-5+b1
|
||||||
|
libalgorithm-merge-perl=0.08-3
|
||||||
|
libasan5=8.3.0-6
|
||||||
|
libassuan0=2.5.2-1
|
||||||
libatomic1=8.3.0-6
|
libatomic1=8.3.0-6
|
||||||
bc=1.07.1-2+b1
|
libbinutils=2.31.1-16
|
||||||
libx11-6=2%3a1.6.7-1+deb10u1
|
libbsd0=0.9.1-2
|
||||||
|
libc-dev-bin=2.28-10
|
||||||
|
libc6-dev=2.28-10
|
||||||
|
libcc1-0=8.3.0-6
|
||||||
|
libcurl3-gnutls=7.64.0-4+deb10u1
|
||||||
|
libcurl4=7.64.0-4+deb10u1
|
||||||
|
libdpkg-perl=1.19.7
|
||||||
|
libedit2=3.1-20181209-1
|
||||||
|
liberror-perl=0.17027-2
|
||||||
|
libexpat1=2.2.6-2+deb10u1
|
||||||
|
libfakeroot=1.23-1
|
||||||
|
libfile-fcntllock-perl=0.22-3+b5
|
||||||
|
libgcc-8-dev=8.3.0-6
|
||||||
|
libgdbm-compat4=1.18.1-4
|
||||||
|
libgdbm6=1.18.1-4
|
||||||
|
libgnutls30=3.6.7-4+deb10u5
|
||||||
|
libgomp1=8.3.0-6
|
||||||
|
libgpm2=1.20.7-5
|
||||||
|
libgssapi-krb5-2=1.17-3
|
||||||
|
libisl19=0.20-2
|
||||||
|
libitm1=8.3.0-6
|
||||||
|
libk5crypto3=1.17-3
|
||||||
|
libkeyutils1=1.6-6
|
||||||
|
libkrb5-3=1.17-3
|
||||||
|
libkrb5support0=1.17-3
|
||||||
|
libksba8=1.3.5-2
|
||||||
|
libldap-2.4-2=2.4.47+dfsg-3+deb10u2
|
||||||
|
libldap-common=2.4.47+dfsg-3+deb10u2
|
||||||
|
liblocale-gettext-perl=1.07-3+b4
|
||||||
|
liblsan0=8.3.0-6
|
||||||
|
libmagic-mgc=1:5.35-4+deb10u1
|
||||||
|
libmagic1=1:5.35-4+deb10u1
|
||||||
|
libmpc3=1.1.0-1
|
||||||
|
libmpfr6=4.0.2-1
|
||||||
|
libmpx2=8.3.0-6
|
||||||
|
libncurses6=6.1+20181013-2+deb10u2
|
||||||
|
libnghttp2-14=1.36.0-2+deb10u1
|
||||||
|
libnpth0=1.6-1
|
||||||
|
libpcre2-8-0=10.32-5
|
||||||
|
libperl5.28=5.28.1-6+deb10u1
|
||||||
|
libpopt0=1.16-12
|
||||||
|
libpsl5=0.20.2-2
|
||||||
|
libquadmath0=8.3.0-6
|
||||||
|
libreadline7=7.0-5
|
||||||
|
librtmp1=2.4+20151223.gitfa8646d.1-2
|
||||||
|
libsasl2-2=2.1.27+dfsg-1+deb10u1
|
||||||
|
libsasl2-modules-db=2.1.27+dfsg-1+deb10u1
|
||||||
|
libsasl2-modules=2.1.27+dfsg-1+deb10u1
|
||||||
libsqlite3-0=3.27.2-3
|
libsqlite3-0=3.27.2-3
|
||||||
|
libssh2-1=1.8.0-2.1
|
||||||
|
libssl1.1=1.1.1d-0+deb10u3
|
||||||
|
libstdc++-8-dev=8.3.0-6
|
||||||
|
libtsan0=8.3.0-6
|
||||||
|
libubsan1=8.3.0-6
|
||||||
|
libx11-6=2:1.6.7-1+deb10u1
|
||||||
|
libx11-data=2:1.6.7-1+deb10u1
|
||||||
|
libxau6=1:1.0.8-1+b2
|
||||||
|
libxcb1=1.13.1-2
|
||||||
|
libxdmcp6=1:1.1.2-3
|
||||||
|
libxext6=2:1.3.3-1+b2
|
||||||
|
libxmuu1=2:1.1.2-2+b3
|
||||||
|
linux-libc-dev=4.19.146-1
|
||||||
|
lsb-base=10.2019051400
|
||||||
|
make=4.2.1-1.2
|
||||||
|
manpages-dev=4.16-2
|
||||||
|
manpages=4.16-2
|
||||||
|
netbase=5.6
|
||||||
|
openssh-client=1:7.9p1-10+deb10u2
|
||||||
|
openssl=1.1.1d-0+deb10u3
|
||||||
|
patch=2.7.6-3+deb10u1
|
||||||
|
perl-base=5.28.1-6+deb10u1
|
||||||
|
perl-modules-5.28=5.28.1-6+deb10u1
|
||||||
|
perl=5.28.1-6+deb10u1
|
||||||
|
pinentry-curses=1.1.0-2
|
||||||
|
publicsuffix=20190415.1030-1
|
||||||
|
readline-common=7.0-5
|
||||||
|
rsync=3.1.3-6
|
||||||
|
unzip=6.0-23+deb10u1
|
||||||
|
wget=1.20.1-1.1
|
||||||
|
xauth=1:1.0.10-1
|
||||||
|
xz-utils=5.2.4-1
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
deb http://deb.debian.org/debian buster main
|
deb http://deb.debian.org/debian buster main
|
||||||
deb http://snapshot.debian.org/archive/debian/20201015T000000Z buster main
|
deb http://snapshot.debian.org/archive/debian/20201016T000000Z buster main
|
||||||
deb http://security.debian.org/debian-security buster/updates main
|
deb http://security.debian.org/debian-security buster/updates main
|
||||||
deb http://snapshot.debian.org/archive/debian-security/20201015T000000Z buster/updates main
|
deb http://snapshot.debian.org/archive/debian-security/20201016T000000Z buster/updates main
|
||||||
deb http://deb.debian.org/debian buster-updates main
|
deb http://deb.debian.org/debian buster-updates main
|
||||||
deb http://snapshot.debian.org/archive/debian/20201015T000000Z buster-updates main
|
deb http://snapshot.debian.org/archive/debian/20201016T000000Z buster-updates main
|
||||||
|
|
|
@ -2,9 +2,20 @@
|
||||||
set -e;
|
set -e;
|
||||||
|
|
||||||
apt-get update
|
apt-get update
|
||||||
until apt-get install -y $(cat /etc/apt/packages.list); do
|
until apt-get install --download-only -y $(cat /etc/apt/packages.list); do
|
||||||
echo "apt install failed. Likely throttled. Retrying in 10 mins...";
|
echo "apt install failed. Likely throttled. Retrying in 10 mins...";
|
||||||
sleep 600;
|
sleep 600;
|
||||||
done;
|
done;
|
||||||
|
|
||||||
|
(
|
||||||
|
cd /var/cache/apt/archives \
|
||||||
|
&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
|
||||||
|
| sed 's/.\///g' \
|
||||||
|
| LC_ALL=C sort
|
||||||
|
) > /etc/apt/package-hashes-compare.txt
|
||||||
|
|
||||||
|
diff /etc/apt/package-hashes{,-compare}.txt
|
||||||
|
|
||||||
|
apt-get install -y $(cat /etc/apt/packages.list)
|
||||||
|
|
||||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*;
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*;
|
||||||
|
|
|
@ -16,17 +16,18 @@ deb http://snapshot.debian.org/archive/debian/${snapshot_date} buster-updates ma
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
apt-get update
|
apt-get update
|
||||||
apt install -y openssl
|
|
||||||
apt-get install -y --download-only $(cat /etc/apt/packages.list)
|
apt-get install -y --download-only $(cat /etc/apt/packages.list)
|
||||||
|
|
||||||
(
|
(
|
||||||
cd /var/cache/apt/archives \
|
cd /var/cache/apt/archives \
|
||||||
&& find . -type f \( -iname \*.deb \) -exec openssl sha256 -r {} \; \
|
&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
|
||||||
| sed 's/ \*.\// /g' \
|
| sed 's/.\///g' \
|
||||||
| LC_ALL=C sort
|
| LC_ALL=C sort
|
||||||
) > /etc/apt/package-hashes.txt
|
) > /etc/apt/package-hashes.txt
|
||||||
|
|
||||||
cat /etc/apt/package-hashes.txt \
|
cp /dev/null /etc/apt/packages.list
|
||||||
| awk '{ print $2 }' \
|
for deb in /var/cache/apt/archives/*.deb; do
|
||||||
| sed -e 's/_[a-z0-9]\+\.deb//g' -e 's/_/=/g' \
|
package=$(dpkg-deb -f $deb Package);
|
||||||
> /etc/apt/packages.list
|
version=$(dpkg --info ${deb} | grep "^ Version: " | sed 's/^ Version: //g');
|
||||||
|
echo "${package}=${version}" >> /etc/apt/packages.list;
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue