search

AvANa-BBS / freepto-lb

Encrypted GNU/Linux OS (based on Debian Wheezy) which can be installed on USB flash drive. Freepto is designed for encrypt your communications, carry your documents in secure way and save your anonymity.
http://www.freepto.mx/
43 stars 14 forks source link

Freepto CA #146

Closed boyska closed 9 years ago

boyska commented 9 years ago

freepto.mx uses self-signed certificates, which prevents most users from visiting download website with both encrypted connection and good user-experience.

We need to create a freepto CA and include it.

ghost commented 9 years ago

added freepto CA: https://github.com/vinc3nt/freepto-lb/commit/a7909aa9a251354a61daf236f8b5ad106d33daa7

Created: http://ca.freepto.mx

Still missing:

ghost commented 9 years ago

I have created a deb package[1] that include all our custom CA (A/I, ortiche, riseup, freepto, sks-keyserver), in order to make simple the certificates management. A build that include my last commits [2] is available for testing on dev.freepto.mx [3]

[1] https://github.com/vinc3nt/freepto-certificates [2] https://github.com/vinc3nt/freepto-lb/tree/certificates [3] http://dev.freepto.mx/dev/certificates/141002_02.29_v0.1.2-STABLE-117-g149342e-it/

I ran a quick test using the steps below:

paranoid@freepto:~$ sudo apt-cache show freepto-certificates 
Package: freepto-certificates
Status: install ok installed
Priority: optional
Section: misc
Installed-Size: 13
Maintainer: vinc3nt <vinc3nt@riseup.net>
Architecture: i386
Version: 0.1
Depends: ca-certificates
Description: This is a Freepto package that include the certificates
 used by Freepto.
Homepage: http://www.freepto.mx/
paranoid@freepto:~$

paranoid@freepto:~$ ls /usr/local/share/ca-certificates/
ai.crt  freepto.crt  ortiche.crt  riseup.crt  sks-keyservers.crt

paranoid@freepto:~$ wget https://download.freepto.mx/makefreepto
--2014-10-02 03:01:56--  https://download.freepto.mx/makefreepto
Risoluzione di download.freepto.mx (download.freepto.mx)... 144.76.179.61
Connessione a download.freepto.mx (download.freepto.mx)|144.76.179.61|:443... connesso.
Richiesta HTTP inviata, in attesa di risposta... 200 OK
Lunghezza: 6825 (6,7K)
Salvataggio in: "makefreepto"
100%[======================================>] 6.825       --.-K/s   in 0s      
2014-10-02 03:01:57 (23,1 MB/s) - "makefreepto" salvato [6825/6825]
boyska commented 9 years ago

well done! Just a question: why have the certificates been installed in /usr/local ? that directory is not suited for packages. See also the output of lintian.

boyska

boyska commented 9 years ago

btw, ref is 99bf9560b2649b48f0190a4d0ef7b0b37784ec30

ghost commented 9 years ago

fixed: https://github.com/vinc3nt/freepto-certificates/commit/ef04a493609097f6073b60d8f30b3725a7993164 I have also updated the ortiche CA[1], I will provide a img soon.

[1] https://github.com/vinc3nt/freepto-certificates/commit/e4f256cdcdf345e06bf234113372c2b50f16eca3

boyska commented 9 years ago

e3f07cf20b359456f80c1498a1719f093984e09a and 55b85bd773e6a2d50c3e5a6543dde63244ec94a1 closed this