Update the Saltstack repo URL and disable HTTPS cert verification.

Jessie lacks a CA or intermediate cert for the Amazon cert that Saltstack is now using,
so build fails because the cert looks untrusted.

Since APT will always verify GPG signatures, server authentication
is redundant and disabling it doesn't create a security issue.

2 files changed, 3 insertions, 2 deletions

diff --git a/data/defaults.json b/data/defaults.json
index 952ac03d..dd9a08e8 100644
--- a/data/defaults.json
+++ b/data/defaults.json
@@ -9,7 +9,7 @@
   "kernel_flavor": "amd64-vyos",
   "release_train": "crux",
   "additional_repositories": [
-    "deb http://archive.repo.saltstack.com/apt/debian/8/amd64/2017.7 jessie main",
+    "deb https://archive.repo.saltproject.io/apt/debian/8/amd64/2017.7/ jessie main",
     "deb http://archive.debian.org/debian/ jessie-backports main"
   ],
   "custom_packages": []
diff --git a/scripts/live-build-config b/scripts/live-build-config
index 4fedfeb1..aad076b0 100755
--- a/scripts/live-build-config
+++ b/scripts/live-build-config
@@ -58,7 +58,8 @@ lb config noauto \
         --updates false \
         --security true \
         --apt-options "--yes -oAcquire::Check-Valid-Until=false -oDebug::BuildDeps=true -oDebug::pkgDepCache::AutoInstall=true \
-                             -oDebug::pkgDepCache::Marker=true -oDebug::pkgProblemResolver=true -oDebug::Acquire::gpgv=true" \
+                             -oDebug::pkgDepCache::Marker=true -oDebug::pkgProblemResolver=true -oDebug::Acquire::gpgv=true \
+                             -o Acquire::https::Verify-Peer=false" \
         --apt-indices false
         "${@}"
 """