From 1e2e82fbdeb06fb97bc79c8a1f7152613c21ba43 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 19 Oct 2022 08:52:06 +0200 Subject: [PATCH 1/2] makebuildserver: use HTTPS in default debian apt source --- makebuildserver | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makebuildserver b/makebuildserver index bf165730..fe2cc9b1 100755 --- a/makebuildserver +++ b/makebuildserver @@ -76,7 +76,7 @@ BASEBOX_CHECKSUMS = { config = { 'basebox': BASEBOX_DEFAULT, - 'debian_mirror': 'http://deb.debian.org/debian/', + 'debian_mirror': 'https://deb.debian.org/debian/', 'apt_package_cache': False, 'copy_caches_from_host': False, 'boot_timeout': 600, From 1dd480405ea9eb7e9ef120f4e194a5162735dc2c Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 19 Oct 2022 09:50:01 +0200 Subject: [PATCH 2/2] buildserver: let `vagrant package ` handle insecure private key This script was overwriting the provisioning that `vagrant package` does already, and breaking `vagrant ssh`. It should have been removed in !1099 closes #990 fdroid-bootstrap-buildserver#12 !1012 !1099 c6f59565378b9f1aed83f08666f439a6f1a3ca45 --- buildserver/Vagrantfile | 2 -- .../provision-vagrant-insecure-private-key | 17 ----------------- 2 files changed, 19 deletions(-) delete mode 100755 buildserver/provision-vagrant-insecure-private-key diff --git a/buildserver/Vagrantfile b/buildserver/Vagrantfile index 89ab1940..8caa3296 100644 --- a/buildserver/Vagrantfile +++ b/buildserver/Vagrantfile @@ -83,8 +83,6 @@ Vagrant.configure("2") do |config| owner: 'root', group: 'root', create: true end - config.vm.provision "shell", name: "vagrant-insecure-private-key", - path: "provision-vagrant-insecure-private-key" config.vm.provision "shell", name: "setup-env-vars", path: "setup-env-vars", args: ["/opt/android-sdk"] config.vm.provision "shell", name: "apt-get-install", path: "provision-apt-get-install", diff --git a/buildserver/provision-vagrant-insecure-private-key b/buildserver/provision-vagrant-insecure-private-key deleted file mode 100755 index b6ed681e..00000000 --- a/buildserver/provision-vagrant-insecure-private-key +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -e -# -# Vagrant uses the "insecure private key" to establish the first SSH -# connection to a new VM based on a clean public box. In theory, the -# `vagrant package` command should do that automatically. This -# process is still using custom code instead of `vagrant package`, -# hence this script. -# -# https://gitlab.com/fdroid/fdroid-bootstrap-buildserver/-/issues/12 -# https://www.vagrantup.com/docs/vagrantfile/ssh_settings#config-ssh-private_key_path -# -# This public key can be generated using: -# ssh-keygen -y -f ~/.vagrant.d/insecure_private_key - -echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== ~/.vagrant.d/insecure_private_key" > /home/vagrant/.ssh/authorized_keys -chown vagrant:vagrant /home/vagrant/.ssh/authorized_keys -chmod 600 /home/vagrant/.ssh/authorized_keys