Add build argument to disable expiry checking of debian packages

parent 5b7ed6c2
Pipeline #3031 passed with stages
in 9 minutes and 22 seconds
FROM debian:stretch
ARG IGNORE_EXPIRY=0
ENV LANG=C.UTF-8
ENV DEBIAN_FRONTEND=noninteractive
......
......@@ -51,6 +51,14 @@ Build our Docker image:
docker build -t briar/go-reproducer go-reproducer
Building the image might fail due to expired Debian packages.
You can disable the expiry check by adding a build argument:
docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer
However, note that this might expose the build process to MITM attacks
which inject outdated vulnerable packages.
### Run the verification
To verify a specific version of obfs4proxy, run
......
......@@ -3,12 +3,18 @@ set -e
set -x
# use snapshot repos for deterministic package versions
DATE="20190206T120000Z"
DATE="20190219T000000Z"
cat << EOF > /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main
deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main
EOF
# ignore expired package releases if env variable is set
if [[ "${IGNORE_EXPIRY}" = "1" ]]
then
echo 'Acquire::Check-Valid-Until "0";' >> /etc/apt/apt.conf.d/10-ignore-expiry
fi
# update package sources
apt-get update
apt-get -y upgrade
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment