From e5fc3dd89b313a64e28f529e6f43fa3659287be1 Mon Sep 17 00:00:00 2001 From: Torsten Grote <t@grobox.de> Date: Mon, 18 Feb 2019 17:11:33 -0300 Subject: [PATCH] Add build argument to disable expiry checking of debian packages --- Dockerfile | 1 + README.md | 8 ++++++++ install.sh | 8 +++++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9ed82e3..bfb43d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM debian:stretch +ARG IGNORE_EXPIRY=0 ENV LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive diff --git a/README.md b/README.md index 6f7ea3e..3899be0 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,14 @@ Build our Docker image: docker build -t briar/go-reproducer go-reproducer +Building the image might fail due to expired Debian packages. +You can disable the expiry check by adding a build argument: + + docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer + +However, note that this might expose the build process to MITM attacks +which inject outdated vulnerable packages. + ### Run the verification To verify a specific version of obfs4proxy, run diff --git a/install.sh b/install.sh index a81614d..37f2413 100755 --- a/install.sh +++ b/install.sh @@ -3,12 +3,18 @@ set -e set -x # use snapshot repos for deterministic package versions -DATE="20190206T120000Z" +DATE="20190219T000000Z" cat << EOF > /etc/apt/sources.list deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main EOF +# ignore expired package releases if env variable is set +if [[ "${IGNORE_EXPIRY}" = "1" ]] +then + echo 'Acquire::Check-Valid-Until "0";' >> /etc/apt/apt.conf.d/10-ignore-expiry +fi + # update package sources apt-get update apt-get -y upgrade -- GitLab