Use HTTPS ELPA sources & verify TLS (#72)
This commit is contained in:
Henrik Lissner
parent
9dd66381dc
commit
e678d13ed6
2 changed files with 29 additions and 3 deletions
|
|
@ -399,3 +399,25 @@ calls."
|
||||||
package old-v-str new-v-str)
|
package old-v-str new-v-str)
|
||||||
(message "Aborted")))
|
(message "Aborted")))
|
||||||
(message "%s is up-to-date" package))))
|
(message "%s is up-to-date" package))))
|
||||||
|
|
||||||
|
;;;###autoload
|
||||||
|
(defun doom/am-i-secure ()
|
||||||
|
"Test to see if your root certificates are securely configured in emacs."
|
||||||
|
(declare (interactive-only t))
|
||||||
|
(interactive)
|
||||||
|
(if-let (bad-hosts
|
||||||
|
(loop for bad
|
||||||
|
in `("https://wrong.host.badssl.com/"
|
||||||
|
"https://self-signed.badssl.com/")
|
||||||
|
if (condition-case e
|
||||||
|
(url-retrieve bad (lambda (retrieved) t))
|
||||||
|
(error nil))
|
||||||
|
collect bad))
|
||||||
|
(error (format "tls seems to be misconfigured (it got %s)."
|
||||||
|
bad-hosts))
|
||||||
|
(url-retrieve "https://badssl.com"
|
||||||
|
(lambda (status)
|
||||||
|
(if (or (not status) (plist-member status :error))
|
||||||
|
(warn "Something went wrong.\n\n%s" (pp-to-string status))
|
||||||
|
(message "Your trust roots are set up properly.\n\n%s" (pp-to-string status))
|
||||||
|
t)))))
|
||||||
|
|
|
||||||
|
|
@ -78,12 +78,16 @@ base by `doom!' and for calculating how many packages exist.")
|
||||||
package-user-dir (expand-file-name "elpa" doom-packages-dir)
|
package-user-dir (expand-file-name "elpa" doom-packages-dir)
|
||||||
package-enable-at-startup nil
|
package-enable-at-startup nil
|
||||||
package-archives
|
package-archives
|
||||||
'(("gnu" . "http://elpa.gnu.org/packages/")
|
'(("gnu" . "https://elpa.gnu.org/packages/")
|
||||||
("melpa" . "http://melpa.org/packages/")
|
("melpa" . "https://melpa.org/packages/"))
|
||||||
("org" . "http://orgmode.org/elpa/"))
|
|
||||||
;; I omit Marmalade because its packages are manually submitted rather
|
;; I omit Marmalade because its packages are manually submitted rather
|
||||||
;; than pulled, so packages are often out of date with upstream.
|
;; than pulled, so packages are often out of date with upstream.
|
||||||
|
|
||||||
|
;; security settings
|
||||||
|
tls-checktrust t
|
||||||
|
gnutls-verify-error t
|
||||||
|
gnutls-trustfiles '("/etc/ssl/certs/ca-certificates.crt" "/etc/ssl/cert.pem")
|
||||||
|
|
||||||
use-package-always-defer t
|
use-package-always-defer t
|
||||||
use-package-always-ensure nil
|
use-package-always-ensure nil
|
||||||
use-package-expand-minimally (not doom-debug-mode)
|
use-package-expand-minimally (not doom-debug-mode)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue