saltstack/salt-bootstrap
1
0
Fork 0
mirror of https://github.com/saltstack/salt-bootstrap.git synced 2025-04-16 09:40:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed use of HTTP over HTTPS for anonscm.debian.org

Browse source 
Verify downloaded GPG public over HTTP
Added FIXMEs for remaining unsecure downloads over HTTP
This commit is contained in:
gdm85 2016-03-30 19:32:48 +02:00 committed by Justin Findlay
parent c709cf467b
commit 0d3371feae
1 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
bootstrap-salt.sh
View file

@ -629,6 +629,28 @@ __fetch_url() {
ftp -o "$1" "$2" >/dev/null 2>&1 # OpenBSD
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __fetch_verify
# DESCRIPTION: Retrieves a URL, verifies its content and writes it to standard output
#----------------------------------------------------------------------------------------------------------------------
__fetch_verify() {
local tmpf url sum size
url="$1"
sum="$2"
size="$3"
tmpf=$(mktemp) && \
__fetch_url "$tmpf" "$url" && \
test $(stat --format=%s "$tmpf") -eq "$size" && \
test $(md5sum "$tmpf" | awk '{ print $1 }') = "$sum" && \
cat "$tmpf" && \
rm -f "$tmpf"
if [ $? -eq 0 ]; then
return 0
fi
echo "Failed verification of $url"
return 1
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __gather_hardware_info
@ -1172,6 +1194,7 @@ __debian_derivatives_translation() {
__set_suse_pkg_repo() {
suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo"
if [ "$_DOWNSTREAM_PKG_REPO" -eq $BS_TRUE ]; then
# FIXME: cleartext download over unsecure protocol (HTTP)
suse_pkg_url_base="http://download.opensuse.org/repositories/systemsmanagement:saltstack"
else
suse_pkg_url_base="https://repo.saltstack.com/opensuse"
@ -2383,7 +2406,7 @@ install_debian_6_deps() {
fi
# shellcheck disable=SC2086
wget $_WGET_ARGS -q http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key -O - | apt-key add - || return 1
__fetch_verify http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key 267d1f152d0cc94b23eb4c6993ba3d67 3100 | apt-key add - || return 1
if [ "$_PIP_ALLOWED" -eq $BS_TRUE ]; then
echowarn "PyZMQ will be installed from PyPI in order to compile it against ZMQ3"
@ -2505,7 +2528,7 @@ install_debian_7_deps() {
fi
# shellcheck disable=SC2086
wget $_WGET_ARGS -q http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key -O - | apt-key add - || return 1
__fetch_verify http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key 267d1f152d0cc94b23eb4c6993ba3d67 3100 | apt-key add - || return 1
apt-get update || return 1
__apt_get_install_noinput -t wheezy-backports libzmq3 libzmq3-dev python-zmq python-apt || return 1
@ -2823,7 +2846,7 @@ install_debian_git_post() {
if [ -f "${_SALT_GIT_CHECKOUT_DIR}/debian/salt-$fname.init" ]; then
__copyfile "${_SALT_GIT_CHECKOUT_DIR}/debian/salt-$fname.init" "/etc/init.d/salt-$fname"
else
__fetch_url "/etc/init.d/salt-$fname" "http://anonscm.debian.org/cgit/pkg-salt/salt.git/plain/debian/salt-${fname}.init"
__fetch_url "/etc/init.d/salt-$fname" "https://anonscm.debian.org/cgit/pkg-salt/salt.git/plain/debian/salt-${fname}.init"
fi
if [ ! -f "/etc/init.d/salt-$fname" ]; then
echowarn "The init script for salt-$fname was not found, skipping it..."
@ -4446,6 +4469,7 @@ install_freebsd_restart_daemons() {
#
__choose_openbsd_mirror() {
# FIXME: cleartext download over unsecure protocol (HTTP)
MIRRORS_LIST_URL=http://www.openbsd.org/ftp.html
MIRROR_LIST_FILE=/tmp/openbsd-mirrors.html
OPENBSD_REPO=''