download debootstrap using HTTPS

RE: security issue with a dead simple fix: download debootstrap using HTTPS - originally by @eighthav - [issue 2067](dnschneid#2067) Right now, crouton downloads debootstrap from anonscm.debian.org using an HTTP link. That URL is also accessible using an HTTPS link, e.g.
DennisLfromGA · Sep 17, 2015 · 9c3c5fd · 9c3c5fd · DennisLfromGA · Sep 17, 2015
1 parent edbce11
commit 9c3c5fd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/installer/ubuntu/bootstrap b/installer/ubuntu/bootstrap
@@ -10,11 +10,11 @@
 
 # Grab the latest release of debootstrap
 echo 'Downloading latest debootstrap...' 1>&2
-d='http://anonscm.debian.org/gitweb/?p=d-i/debootstrap.git;a=snapshot;h=HEAD;sf=tgz'
+d='https://anonscm.debian.org/gitweb/?p=d-i/debootstrap.git;a=snapshot;h=HEAD;sf=tgz'
 if ! wget -O- --no-verbose --timeout=60 -t2 "$d"  \
         | tar -C "$tmp" --strip-components=1 -zx 2>/dev/null; then
     echo 'Download from Debian gitweb failed. Trying latest release...' 1>&2
-    d='http://httpredir.debian.org/debian/pool/main/d/debootstrap/'
+    d='https://httpredir.debian.org/debian/pool/main/d/debootstrap/'
     f="`wget -O- --no-verbose --timeout=60 -t2 "$d" \
             | sed -ne 's ^.*\(debootstrap_[0-9.]*.tar.gz\).*$ \1 p' \
             | tail -n 1`"