Plain old http are subject to man in the middle attack, to make sure the built package can be trusted, we should remove all http URLs used when downloading source code or obtaining info about the latest HAProxy version.
To be changed:
|
VERSION=$(shell curl -s http://git.haproxy.org/git/haproxy-${MAINVERSION}.git/refs/tags/ | sed -n 's:.*>\(.*\)</a>.*:\1:p' | sed 's/^.//' | sort -rV | head -1) |
|
curl -o ./SOURCES/haproxy-${VERSION}.tar.gz http://www.haproxy.org/download/${MAINVERSION}/src/haproxy-${VERSION}.tar.gz |
|
URL: http://www.haproxy.org/ |
|
Source0: http://www.haproxy.org/download/%{mainversion}/src/%{name}-%{version}.tar.gz |
(Probably) No longer needed:
|
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* |
Plain old
httpare subject to man in the middle attack, to make sure the built package can be trusted, we should remove allhttpURLs used when downloading source code or obtaining info about the latest HAProxy version.To be changed:
rpm-haproxy/Makefile
Line 9 in 921cec1
rpm-haproxy/Makefile
Line 51 in 921cec1
rpm-haproxy/SPECS/haproxy.spec
Lines 21 to 22 in 921cec1
(Probably) No longer needed:
rpm-haproxy/Dockerfile8
Line 4 in 921cec1