From e5fc3dd89b313a64e28f529e6f43fa3659287be1 Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Mon, 18 Feb 2019 17:11:33 -0300
Subject: [PATCH] Add build argument to disable expiry checking of debian
 packages

---
 Dockerfile | 1 +
 README.md  | 8 ++++++++
 install.sh | 8 +++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9ed82e3..bfb43d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:stretch
 
+ARG IGNORE_EXPIRY=0
 ENV LANG=C.UTF-8
 ENV DEBIAN_FRONTEND=noninteractive
 
diff --git a/README.md b/README.md
index 6f7ea3e..3899be0 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,14 @@ Build our Docker image:
 
     docker build -t briar/go-reproducer go-reproducer
 
+Building the image might fail due to expired Debian packages.
+You can disable the expiry check by adding a build argument:
+
+    docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer
+
+However, note that this might expose the build process to MITM attacks
+which inject outdated vulnerable packages.
+
 ### Run the verification
 
 To verify a specific version of obfs4proxy, run
diff --git a/install.sh b/install.sh
index a81614d..37f2413 100755
--- a/install.sh
+++ b/install.sh
@@ -3,12 +3,18 @@ set -e
 set -x
 
 # use snapshot repos for deterministic package versions
-DATE="20190206T120000Z"
+DATE="20190219T000000Z"
 cat << EOF > /etc/apt/sources.list
 deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main
 deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main
 EOF
 
+# ignore expired package releases if env variable is set
+if [[ "${IGNORE_EXPIRY}" = "1" ]]
+then
+    echo 'Acquire::Check-Valid-Until "0";' >> /etc/apt/apt.conf.d/10-ignore-expiry
+fi
+
 # update package sources
 apt-get update
 apt-get -y upgrade
-- 
GitLab