Turning off SSL certificate check when adding PPAs

I'm on an enterprise network where my traffic is man-in-the-middled. With pip I'm able to do --no-check-certificate.

How can I do this for adding PPAs?


Solution 1:

There's no option to disable checking of certificates for add-apt-repository, and the URL is hard-coded. You can change it, but it will be lost the next time python3-software-properties is upgraded. Edit /usr/lib/python3/dist-packages/softwareproperties/ppa.py and change LAUNCHPAD_PPA_API to 'http://launchpad.net/api/1.0/~%s/+archive/%s':

sudo sed -i.bak '/^LAUNCHPAD_PPA_API = /s/https/http/' /usr/lib/python3/dist-packages/softwareproperties/ppa.py

The PPA repository URLs themselves are not be HTTPS. You can fetch the key yourself. So, you can add the PPA manually. For example, for the GNOME3 PPA, expand the section named Technical details about this PPA. You'll see something like this:

enter image description here

The URL seen there is what you actually need. Using it, you can add the repository yourself:

printf "%s http://ppa.launchpad.net/gnome3-team/gnome3/ubuntu $(lsb_release -sc) main\n" deb deb-src | 
  sudo tee /etc/apt/sources.list.d/gnome3-ppa.list

Click on the link underneath Signing Key, and you'll be taken to the GPG key for this repo. If the link doesn't work because of a firewall/proxy, etc. (it's on a non-standard port), you can go to http://keyserver.ubuntu.com, and manually search for 0x3B1510FD (0x followed by the key fingerprint), select the public key (aka pub), and copy the text from the begin line to the end. Then do:

sudo apt-key add - 

and paste the key. Press Enter and CtrlD to complete adding the key. Done!