Use HTTPS, not HTTP, in install scripts

Summary: Via HackerOne. A researcher correctly reports that our install scripts use `HTTP`, not `HTTPS`, to fetch resources and execute them as `root`, which is a potentially significant vulnerability. Instead, use `HTTPS`. Test Plan: Verified that these URIs function correctly over `HTTPS`. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D16958
2024-11-09 16:32:39 +01:00 · 2016-11-29 05:25:53 -08:00 · 2016-11-29 05:25:53 -08:00 · 2d7abfd9fa
commit 2d7abfd9fa
parent d1838fa5ec
1 changed files with 2 additions and 2 deletions
--- a/scripts/install/install_rhel-derivs.sh
+++ b/scripts/install/install_rhel-derivs.sh
@ -67,7 +67,7 @@ then
  if [ $? -ne 0 ]; then
    echo "It doesn't look like you have the EPEL repo enabled. We are to add it"
    echo "for you, so that we can install git."
-    $SUDO rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
+    $SUDO rpm -Uvh https://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
  fi
  YUMCOMMAND="$SUDO yum install httpd git php53 php53-cli php53-mysql php53-process php53-devel php53-gd gcc wget make pcre-devel mysql-server"
 else
@ -92,7 +92,7 @@ then
  # Now that we've ensured all the devel packages required for pecl/apc are there, let's
  # set up PEAR, and install apc.
  echo "Attempting to install PEAR"
-  wget http://pear.php.net/go-pear.phar
+  wget https://pear.php.net/go-pear.phar
  $SUDO php go-pear.phar && $SUDO pecl install apc
 fi