sudoxreboot/fdroiddata
1
0
Fork 0
mirror of https://github.com/sudoxnym/fdroiddata.git synced 2026-05-17 11:19:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

checkupdates: workaround Terrapin vuln

Browse source
This commit is contained in:
Hans-Christoph Steiner 2024-01-18 11:43:22 +00:00
parent 7684b98b2f
commit acd03d5dfa
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitlab-ci.yml
View file

@ -300,6 +300,11 @@ checkupdates_runner:
- apt-get install -y openssh-client
- git config --global user.email "fdroidci@bubu1.eu"
- git config --global user.name "F-Droid checkupdates bot"
# gitlab.com was still vulnerable to https://terrapin-attack.com/ when this was added
- printf 'Ciphers -chacha20-poly1305@openssh.com,*-cbc\nMACs -*etm*,*-sha1*\n'
> /etc/ssh/ssh_config.d/0-terrapin-workaround.conf
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp "${GITLAB_KNOWN_HOSTS}" ~/.ssh/known_hosts