|
|
@@ -389,9 +389,6 @@ EOF
|
|
|
echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
|
|
|
echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
|
|
|
echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
|
|
|
- if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
|
|
|
- echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
|
|
|
- fi
|
|
|
|
|
|
configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
|
|
|
confighashes 'SHA256' # these are tests, not security best-practices
|
|
|
@@ -411,6 +408,12 @@ EOF
|
|
|
unset LANGUAGE APT_CONFIG
|
|
|
unset GREP_OPTIONS DEB_BUILD_PROFILES
|
|
|
unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
|
|
|
+
|
|
|
+ # If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
|
|
|
+ if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
|
|
|
+ echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
|
|
|
+ fi
|
|
|
+
|
|
|
msgdone "info"
|
|
|
}
|
|
|
|