Commit c526408b authored by Tails developers's avatar Tails developers

Merge branch 'bugfix/handle-website-CA-change' into stable

parents 3b214506 ce5e5246
......@@ -2,12 +2,11 @@
set -e
echo "Creating Tails Upgrader's CA bundle"
echo "Creating CA bundle for authenticating https://tails.boum.org/"
BUNDLE=/usr/local/etc/ssl/certs/tails-iuk.pem
BUNDLE=/usr/local/etc/ssl/certs/tails.boum.org-CA.pem
cat /etc/ssl/certs/AddTrust_External_Root.pem \
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem \
> "$BUNDLE"
chmod a+r "$BUNDLE"
......@@ -48,7 +48,7 @@ use Net::SSLeay;
BEGIN {
IO::Socket::SSL::set_ctx_defaults(
verify_mode => Net::SSLeay->VERIFY_PEER(),
ca_file => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem',
ca_file => '/usr/local/etc/ssl/certs/tails.boum.org-CA.pem',
);
}
use LWP::UserAgent; # needs to be *after* IO::Socket::SSL's initialization
......
--- a/usr/share/perl5/Tails/IUK.pm
+++ b/usr/share/perl5/Tails/IUK.pm
@@ -255,6 +255,7 @@ method _build_squashfs_diff {
run_as_root(
"rsync", "--archive", "--quiet", "--delete-after", "--acls",
+ "--checksum",
sprintf("%s/", dir($new_squashfs_mount)),
sprintf("%s/", dir($union)),
);
--- a/usr/share/perl5/Tails/IUK/UpgradeDescriptionFile/Download.pm
+++ b/usr/share/perl5/Tails/IUK/UpgradeDescriptionFile/Download.pm
@@ -105,7 +105,7 @@ method _build_curl_opts {
}
else {
my $cafile = $ENV{HTTPS_CA_FILE};
- $cafile //= '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem';
+ $cafile //= '/usr/local/etc/ssl/certs/tails.boum.org-CA.pem';
push @opts, CURLOPT_SSL_VERIFYHOST, 2;
push @opts, CURLOPT_SSL_VERIFYPEER, 1;
push @opts, CURLOPT_CAINFO, $cafile;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment