summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-01-25 01:24:27 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-01-25 01:57:25 +0100
commit720e0e0a9f3fa5af217e4b59fe52c1f885df07a3 (patch)
tree43c761b109dce76ad47b35d647994e68c6a18eb4 /roles/common
parentee4e9e9836ad05279647b04eb1e8a3a4b0e16568 (diff)
/etc/apt/sources.list: Use https:// URIs.
Since 1.5 (Buster) APT supports https:// natively. There is no need to install ‘apt-transport-https’ (now a dummy transitional package) anymore. Plain-text connection don't undermine security as APT checks package OpenPGP signatures locally, but there is no reason not to use TLS here.
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/templates/etc/apt/sources.list.j28
1 files changed, 4 insertions, 4 deletions
diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2
index 4ae1cb5..47a7cda 100644
--- a/roles/common/templates/etc/apt/sources.list.j2
+++ b/roles/common/templates/etc/apt/sources.list.j2
@@ -2,12 +2,12 @@
# Do NOT edit this file directly!
# vim: set filetype=debsources :
-deb http://deb.debian.org/debian {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[1] is search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %}
+deb https://deb.debian.org/debian {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[1] is search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %}
-deb http://deb.debian.org/debian-security {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[1] is search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %}
+deb https://deb.debian.org/debian-security {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[1] is search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %}
-deb http://deb.debian.org/debian {{ ansible_lsb.codename }}-updates main
+deb https://deb.debian.org/debian {{ ansible_lsb.codename }}-updates main
{% if 'backports' in group_names -%}
-deb http://deb.debian.org/debian {{ ansible_lsb.codename }}-backports main
+deb https://deb.debian.org/debian {{ ansible_lsb.codename }}-backports main
{% endif %}