From 7b45ea78984bb13db9131910fe71f44296334b72 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 27 Feb 2024 20:27:32 +0100
Subject: [PATCH] gitlab-ci: always use HTTPS for apt repos

This has been in place in a number of other places and has proven stable,
so I'm introducing it here, since the "docker" job actually publishes
docker images that are publicly used.  So little painless security fixes
are worthwhile.
---
 .gitlab-ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 866a2ec8..bcf2ac28 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -76,7 +76,13 @@ metadata_v0:
            'Dpkg::Use-Pty "0";'
            'quiet "1";'
         >> /etc/apt/apt.conf.d/99gitlab
+    # Ubuntu and other distros often lack https:// support
+    - grep Debian /etc/issue.net
+        && { find /etc/apt/sources.list* -type f | xargs sed -i s,http:,https:, ; }
+    - echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99nocacertificates
     - apt-get update
+    - apt-get install ca-certificates
+    - rm /etc/apt/apt.conf.d/99nocacertificates
     - apt-get dist-upgrade