From cc3a2c7021f06e8fc2b522cd7daca37cbc8b8c78 Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Tue, 29 Nov 2016 12:36:56 +0200 Subject: [PATCH 1/2] Debian and Ubuntu: install TLS certs before cloning git repo via https --- bootstrap-salt.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 23b38c3..a6b42f0 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -2498,7 +2498,15 @@ install_ubuntu_daily_deps() { install_ubuntu_git_deps() { apt-get update - __apt_get_install_noinput git-core || return 1 + + if ! __check_command_exists git; then + __apt_get_install_noinput git-core || return 1 + fi + + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + __apt_get_install_noinput ca-certificates + fi + __git_clone_and_checkout || return 1 __PACKAGES="" @@ -2955,6 +2963,10 @@ install_debian_git_deps() { __apt_get_install_noinput git || return 1 fi + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + __apt_get_install_noinput ca-certificates + fi + __git_clone_and_checkout || return 1 __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-backports.ssl-match-hostname python-crypto" @@ -2992,6 +3004,10 @@ install_debian_8_git_deps() { __apt_get_install_noinput git || return 1 fi + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + __apt_get_install_noinput ca-certificates + fi + __git_clone_and_checkout || return 1 __PACKAGES='libzmq3 libzmq3-dev lsb-release python-apt python-crypto python-jinja2 python-msgpack python-requests python-yaml python-zmq' From efff3d46e3e382c7a56b405c07224424092384cc Mon Sep 17 00:00:00 2001 From: Denys Havrysh Date: Tue, 29 Nov 2016 18:09:48 +0200 Subject: [PATCH 2/2] RPM distros: install TLS certs before cloning git repo via https --- bootstrap-salt.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index a6b42f0..b478529 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -3301,6 +3301,11 @@ install_fedora_stable_post() { install_fedora_git_deps() { __fedora_get_package_manager + + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + $FEDORA_PACKAGE_MANAGER ca-certificates || return 1 + fi + install_fedora_deps || return 1 if ! __check_command_exists git; then @@ -3641,6 +3646,14 @@ install_centos_stable_post() { } install_centos_git_deps() { + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + if [ "$DISTRO_MAJOR_VERSION" -gt 5 ]; then + __yum_install_noinput ca-certificates || return 1 + else + __yum_install_noinput "openssl.${CPU_ARCH_L}" || return 1 + fi + fi + install_centos_stable_deps || return 1 if ! __check_command_exists git; then @@ -4248,6 +4261,10 @@ _eof } install_amazon_linux_ami_git_deps() { + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + yum -y install ca-certificates || return 1 + fi + install_amazon_linux_ami_deps || return 1 ENABLE_EPEL_CMD="" @@ -5249,6 +5266,10 @@ install_opensuse_stable_deps() { } install_opensuse_git_deps() { + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + __zypper_install ca-certificates || return 1 + fi + install_opensuse_stable_deps || return 1 if ! __check_command_exists git; then