Age | Commit message (Collapse) | Author |
|
The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.
For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.
- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279
|
|
Fix the order of the leap repository so it matches the correct repository
layout. Fixes #8888.
|
|
The apt sources lines for people using more experimental software was
wrong, we abolished the 'experimental' repository some time ago and
develoment happens now in the master branch.
solves #8862, #8876
|
|
For newer than jessie the 'old' code was enough. This bug didn't show up
because our testing images had the keys and sources lines already
included within /etc/apt…
solves #8862
|
|
This gets us a simple apt repository privilege separation:
(a) our key can't be used to forge other repos
(b) other keys can't be used to forge our repo.
From sources.list(5):
· Signed-By (signed-by) is either an absolute path to a keyring
file (has to be accessible and readable for the _apt user, so ensure
everyone has read-permissions on the file) or one or more
fingerprints of keys either in the trusted.gpg keyring or in the
keyrings in the trusted.gpg.d/ directory (see apt-key
fingerprint). If the option is set, only the key(s) in this keyring
or only the keys with these fingerprints are used for the
apt-secure(8) verification of this repository. Defaults to the value
of the option with the same name if set in the previously acquired
Release file. Otherwise all keys in the trusted keyrings are
considered valid signers for this repository.
|
|
|
|
Change-Id: I5f04e31e49642597c69895b5aca3ff5326dfd6ec
|
|
`site_config::default.pp` takes care the all packages are
installed before `Exec['refresh_apt']`, so we don't need to
add it here for a single package.
|
|
Providing a custom sources.platform.apt.basic value worked
with the last commit, but without that the platform would fail.
So we provide a default value now in provider_base/common.json,
which can get overridden.
|
|
So we can use the experimental-0.8 repo instead of 0.8 i.e.
Use this to customize the main LEAP deb url:
"sources": {
"apt": {
"leap": {
"basic": "http://deb.leap.se/experimental-0.9"
}
}
}
|
|
- Related: #6920
|
|
based on the hiera value 'major_version' (#6251)
Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
|
|
and apt has been refreshed
Change-Id: I485420c4ea50f8c3f6699b9b8073dc6c67b7a353
|
|
|
|
|
|
|