gitlab-ci: always use HTTPS for apt repos

This has been in place in a number of other places and has proven stable, so I'm introducing it here, since the "docker" job actually publishes docker images that are publicly used. So little painless security fixes are worthwhile.
2026-05-18 21:47:19 -04:00 · 2024-02-27 20:27:32 +01:00
parent 2f556a9026
commit 7b45ea7898
1 changed files with 6 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -76,7 +76,13 @@ metadata_v0:
           'Dpkg::Use-Pty "0";'
           'quiet "1";'
        >> /etc/apt/apt.conf.d/99gitlab
+    # Ubuntu and other distros often lack https:// support
+    - grep Debian /etc/issue.net
+        && { find /etc/apt/sources.list* -type f | xargs sed -i s,http:,https:, ; }
+    - echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99nocacertificates
    - apt-get update
+    - apt-get install ca-certificates
+    - rm /etc/apt/apt.conf.d/99nocacertificates
    - apt-get dist-upgrade