forked from public/airgap
use https with apt wherever possible
This commit is contained in:
parent
73d0e657fa
commit
c8a07da24b
|
@ -10,9 +10,9 @@ ENV DEBIAN_FRONTEND=noninteractive \
|
|||
|
||||
ADD scripts/ /usr/local/bin/
|
||||
|
||||
## Install packages from packages.list with retry
|
||||
ADD config/container/sources.list /etc/apt/sources.list
|
||||
ADD config/container/packages.list /etc/apt/packages.list
|
||||
## Download, verify, and install packages against stored lists/hashes via https
|
||||
ADD config/container/sources.list /etc/apt/sources.list.new
|
||||
ADD config/container/packages.list /etc/apt/packages.list.new
|
||||
ADD config/container/package-hashes.txt /etc/apt/package-hashes.txt
|
||||
ADD config/container/apt.conf /etc/apt/apt.conf
|
||||
RUN apt-install
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
deb http://deb.debian.org/debian buster main
|
||||
deb http://snapshot.debian.org/archive/debian/20201016T000000Z buster main
|
||||
deb http://security.debian.org/debian-security buster/updates main
|
||||
deb http://snapshot.debian.org/archive/debian-security/20201016T000000Z buster/updates main
|
||||
deb http://deb.debian.org/debian buster-updates main
|
||||
deb http://snapshot.debian.org/archive/debian/20201016T000000Z buster-updates main
|
||||
deb https://deb.debian.org/debian buster main
|
||||
deb https://snapshot.debian.org/archive/debian/20201016T000000Z buster main
|
||||
deb https://security.debian.org/debian-security buster/updates main
|
||||
deb https://snapshot.debian.org/archive/debian-security/20201016T000000Z buster/updates main
|
||||
deb https://deb.debian.org/debian buster-updates main
|
||||
deb https://snapshot.debian.org/archive/debian/20201016T000000Z buster-updates main
|
||||
|
|
|
@ -1,8 +1,14 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e;
|
||||
|
||||
# Get latest apt-transport-https and ca-certificates for safer https apt
|
||||
apt-get update
|
||||
until apt-get install --download-only -y $(cat /etc/apt/packages.list); do
|
||||
apt-get install -y apt-transport-https ca-certificates
|
||||
|
||||
mv /etc/apt/sources.list{.new,}
|
||||
mv /etc/apt/packages.list{.new,}
|
||||
apt-get update
|
||||
until apt-get install --download-only --reinstall -y $(cat /etc/apt/packages.list); do
|
||||
echo "apt install failed. Likely throttled. Retrying in 10 mins...";
|
||||
sleep 600;
|
||||
done;
|
||||
|
@ -18,4 +24,4 @@ diff /etc/apt/package-hashes{,-compare}.txt
|
|||
|
||||
apt-get install -y $(cat /etc/apt/packages.list)
|
||||
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*;
|
||||
rm -rf /var/ache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/*;
|
||||
|
|
|
@ -5,19 +5,19 @@ set -e
|
|||
cat /etc/apt/packages-old.list | sed 's/=.*//g' \
|
||||
> /etc/apt/packages.list
|
||||
|
||||
snapshot_date=$(date -d @${GIT_EPOCH} +"%Y%m%dT000000Z")
|
||||
cat <<-EOF > /etc/apt/sources.list
|
||||
deb http://deb.debian.org/debian buster main
|
||||
deb http://snapshot.debian.org/archive/debian/${snapshot_date} buster main
|
||||
deb http://security.debian.org/debian-security buster/updates main
|
||||
deb http://snapshot.debian.org/archive/debian-security/${snapshot_date} buster/updates main
|
||||
deb http://deb.debian.org/debian buster-updates main
|
||||
deb http://snapshot.debian.org/archive/debian/${snapshot_date} buster-updates main
|
||||
EOF
|
||||
|
||||
apt-get update
|
||||
apt-get install -y --download-only $(cat /etc/apt/packages.list)
|
||||
|
||||
snapshot_date=$(date -d @${GIT_EPOCH} +"%Y%m%dT000000Z")
|
||||
cat <<-EOF > /etc/apt/sources.list
|
||||
deb https://deb.debian.org/debian buster main
|
||||
deb https://snapshot.debian.org/archive/debian/${snapshot_date} buster main
|
||||
deb https://security.debian.org/debian-security buster/updates main
|
||||
deb https://snapshot.debian.org/archive/debian-security/${snapshot_date} buster/updates main
|
||||
deb https://deb.debian.org/debian buster-updates main
|
||||
deb https://snapshot.debian.org/archive/debian/${snapshot_date} buster-updates main
|
||||
EOF
|
||||
|
||||
(
|
||||
cd /var/cache/apt/archives \
|
||||
&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
|
||||
|
|
Loading…
Reference in New Issue