Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
T
tails
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
944
Issues
944
List
Boards
Labels
Service Desk
Milestones
Merge Requests
11
Merge Requests
11
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
tails
tails
Commits
c526408b
Commit
c526408b
authored
Jan 04, 2015
by
Tails developers
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'bugfix/handle-website-CA-change' into stable
parents
3b214506
ce5e5246
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
34 additions
and
1 deletion
+34
-1
config/chroot_local-hooks/58-create-tails-website-CA-bundle
config/chroot_local-hooks/58-create-tails-website-CA-bundle
+12
-0
config/chroot_local-includes/usr/local/bin/tails-security-check
.../chroot_local-includes/usr/local/bin/tails-security-check
+1
-1
config/chroot_local-patches/iuk-handle-website-CA-change.patch
...g/chroot_local-patches/iuk-handle-website-CA-change.patch
+21
-0
No files found.
config/chroot_local-hooks/58-create-
upgrader
-CA-bundle
→
config/chroot_local-hooks/58-create-
tails-website
-CA-bundle
View file @
c526408b
...
...
@@ -2,12 +2,11 @@
set
-e
echo
"Creating
Tails Upgrader's CA bundle
"
echo
"Creating
CA bundle for authenticating https://tails.boum.org/
"
BUNDLE
=
/usr/local/etc/ssl/certs/tails
-iuk
.pem
BUNDLE
=
/usr/local/etc/ssl/certs/tails
.boum.org-CA
.pem
cat
/etc/ssl/certs/AddTrust_External_Root.pem
\
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
\
>
"
$BUNDLE
"
chmod
a+r
"
$BUNDLE
"
config/chroot_local-includes/usr/local/bin/tails-security-check
View file @
c526408b
...
...
@@ -48,7 +48,7 @@ use Net::SSLeay;
BEGIN
{
IO::Socket::SSL::
set_ctx_defaults
(
verify_mode
=>
Net::
SSLeay
->
VERIFY_PEER
(),
ca_file
=>
'
/
etc/ssl/certs/UTN_USERFirst_Hardware_Root_
CA.pem
',
ca_file
=>
'
/
usr/local/etc/ssl/certs/tails.boum.org-
CA.pem
',
);
}
use
LWP::
UserAgent
;
# needs to be *after* IO::Socket::SSL's initialization
...
...
config/chroot_local-patches/iuk-handle-website-CA-change.patch
0 → 100644
View file @
c526408b
--- a/usr/share/perl5/Tails/IUK.pm
+++ b/usr/share/perl5/Tails/IUK.pm
@@ -255,6 +255,7 @@
method _build_squashfs_diff {
run_as_root(
"rsync", "--archive", "--quiet", "--delete-after", "--acls",
+ "--checksum",
sprintf("%s/", dir($new_squashfs_mount)),
sprintf("%s/", dir($union)),
);
--- a/usr/share/perl5/Tails/IUK/UpgradeDescriptionFile/Download.pm
+++ b/usr/share/perl5/Tails/IUK/UpgradeDescriptionFile/Download.pm
@@ -105,7 +105,7 @@
method _build_curl_opts {
}
else {
my $cafile = $ENV{HTTPS_CA_FILE};
- $cafile //= '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem';
+ $cafile //= '/usr/local/etc/ssl/certs/tails.boum.org-CA.pem';
push @opts, CURLOPT_SSL_VERIFYHOST, 2;
push @opts, CURLOPT_SSL_VERIFYPEER, 1;
push @opts, CURLOPT_CAINFO, $cafile;
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
