From dcbd8a1f42b60f74b2d118b5d56c7d9bedabc84e Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Sat, 5 Jun 2021 17:58:50 +0200
Subject: Update the Saltstack repo URL and disable HTTPS cert verification.

Jessie lacks a CA or intermediate cert for the Amazon cert that Saltstack is now using,
so build fails because the cert looks untrusted.

Since APT will always verify GPG signatures, server authentication
is redundant and disabling it doesn't create a security issue.
---
 data/defaults.json        | 2 +-
 scripts/live-build-config | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/defaults.json b/data/defaults.json
index 952ac03d..dd9a08e8 100644
--- a/data/defaults.json
+++ b/data/defaults.json
@@ -9,7 +9,7 @@
   "kernel_flavor": "amd64-vyos",
   "release_train": "crux",
   "additional_repositories": [
-    "deb http://archive.repo.saltstack.com/apt/debian/8/amd64/2017.7 jessie main",
+    "deb https://archive.repo.saltproject.io/apt/debian/8/amd64/2017.7/ jessie main",
     "deb http://archive.debian.org/debian/ jessie-backports main"
   ],
   "custom_packages": []
diff --git a/scripts/live-build-config b/scripts/live-build-config
index 4fedfeb1..aad076b0 100755
--- a/scripts/live-build-config
+++ b/scripts/live-build-config
@@ -58,7 +58,8 @@ lb config noauto \
         --updates false \
         --security true \
         --apt-options "--yes -oAcquire::Check-Valid-Until=false -oDebug::BuildDeps=true -oDebug::pkgDepCache::AutoInstall=true \
-                             -oDebug::pkgDepCache::Marker=true -oDebug::pkgProblemResolver=true -oDebug::Acquire::gpgv=true" \
+                             -oDebug::pkgDepCache::Marker=true -oDebug::pkgProblemResolver=true -oDebug::Acquire::gpgv=true \
+                             -o Acquire::https::Verify-Peer=false" \
         --apt-indices false
         "${@}"
 """
-- 
cgit v1.2.3