summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2009-11-25 23:29:57 +0100
committerDavid Kalnischkies <kalnischkies@gmail.com>2009-11-25 23:29:57 +0100
commitc0d438474bac961897f9e9472356222f79350c39 (patch)
tree6e8f83d52d01983d0e43dd8797e71ca13dc6b1d1
parentce857f32cf3c73ee67147ea0eafadb5a1c5da952 (diff)
add https options which default to the ones from http for the https
method as this is more sane than using only the http options without a possibility to override these for https.
-rw-r--r--debian/changelog2
-rw-r--r--doc/apt.conf.5.xml8
-rw-r--r--doc/examples/configure-index33
-rw-r--r--methods/https.cc100
4 files changed, 76 insertions, 67 deletions
diff --git a/debian/changelog b/debian/changelog
index ed67aaac2..1bd34e522 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* doc/po4a.conf: activate translation of guide.sgml and offline.sgml
* doc/apt.conf.5.xml:
- provide a few more details about APT::Immediate-Configure
+ - briefly document the behaviour of the new https options
* doc/sources.list.5.xml:
- add note about additional apt-transport-methods
* doc/apt-mark.8.xml:
@@ -66,6 +67,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* methods/http{,s}.cc
- add config setting for User-Agent to the Acquire group,
thanks Timothy J. Miller! (Closes: #355782)
+ - add https options which default to http ones (Closes: #557085)
[ Chris Leick ]
* doc/ various manpages:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 726bca2cc..d7ad51cfb 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
</varlistentry>
<varlistentry><term>https</term>
- <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
- <literal>http</literal> method.
- <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+ <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+ proxy options are the same as for <literal>http</literal> method and will also
+ default to the options from the <literal>http</literal> method if they are not
+ explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+ supported yet.</para>
<para><literal>CaInfo</literal> suboption specifies place of file that
holds info about trusted certificates.
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 16e864d89..7e86b3d4a 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -194,19 +194,34 @@ Acquire
User-Agent "Debian APT-HTTP/1.3";
};
- // HTTPS method configuration:
- // - uses the http proxy config
- // - uses the http cache-control values
- // - uses the http Dl-Limit values
- https
+
+
+ // HTTPS method configuration: uses the http
+ // - proxy config
+ // - cache-control values
+ // - Dl-Limit, Timout, ... values
+ // if not set explicit for https
+ //
+ // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+ // for more examples
+ https
{
Verify-Peer "false";
SslCert "/etc/apt/some.pem";
- CaPath "/etc/ssl/certs";
- Verify-Host" "true";
- AllowRedirect "true";
+ CaPath "/etc/ssl/certs";
+ Verify-Host" "true";
+ AllowRedirect "true";
+
+ Timeout "120";
+ AllowRedirect "true";
+
+ // Cache Control. Note these do not work with Squid 2.0.2
+ No-Cache "false";
+ Max-Age "86400"; // 1 Day age on index files
+ No-Store "false"; // Prevent the cache from storing archives
+ Dl-Limit "7"; // 7Kb/sec maximum download rate
- User-Agent "Debian APT-CURL/1.0";
+ User-Agent "Debian APT-CURL/1.0";
};
ftp
diff --git a/methods/https.cc b/methods/https.cc
index e8d7bb5c6..18ecfd3d2 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
// Description /*{{{*/
// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
/* ######################################################################
@@ -56,54 +56,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
return 0;
}
-void HttpsMethod::SetupProxy()
-{
- URI ServerName = Queue->Uri;
-
- // Determine the proxy setting
- string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
- if (!SpecificProxy.empty())
- {
- if (SpecificProxy == "DIRECT")
- Proxy = "";
- else
- Proxy = SpecificProxy;
- }
- else
- {
- string DefProxy = _config->Find("Acquire::http::Proxy");
- if (!DefProxy.empty())
- {
- Proxy = DefProxy;
- }
- else
- {
- char* result = getenv("http_proxy");
- Proxy = result ? result : "";
- }
- }
-
- // Parse no_proxy, a , separated list of domains
- if (getenv("no_proxy") != 0)
- {
- if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
- Proxy = "";
- }
-
- // Determine what host and port to use based on the proxy settings
- string Host;
- if (Proxy.empty() == true || Proxy.Host.empty() == true)
- {
- }
- else
- {
- if (Proxy.Port != 0)
- curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
- curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
- }
-}
-
-
+void HttpsMethod::SetupProxy() { /*{{{*/
+ URI ServerName = Queue->Uri;
+
+ // Determine the proxy setting - try https first, fallback to http and use env at last
+ string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+ _config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+ if (UseProxy.empty() == true)
+ UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+ // User want to use NO proxy, so nothing to setup
+ if (UseProxy == "DIRECT")
+ return;
+
+ if (UseProxy.empty() == false) {
+ // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+ // a proxy for so we stop right here if it is in the list
+ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+ return;
+ } else {
+ const char* result = getenv("http_proxy");
+ UseProxy = result == NULL ? "" : result;
+ }
+
+ // Determine what host and port to use based on the proxy settings
+ if (UseProxy.empty() == false) {
+ Proxy = UseProxy;
+ if (Proxy.Port != 1)
+ curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+ curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+ }
+} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
// ---------------------------------------------------------------------
/* This adds an item to the pipeline. We keep the pipeline at a fixed
@@ -189,12 +173,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
// cache-control
- if(_config->FindB("Acquire::http::No-Cache",false) == false)
+ if(_config->FindB("Acquire::https::No-Cache",
+ _config->FindB("Acquire::http::No-Cache",false)) == false)
{
// cache enabled
- if (_config->FindB("Acquire::http::No-Store",false) == true)
+ if (_config->FindB("Acquire::https::No-Store",
+ _config->FindB("Acquire::http::No-Store",false)) == true)
headers = curl_slist_append(headers,"Cache-Control: no-store");
- ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+ ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+ _config->FindI("Acquire::http::Max-Age",0)));
headers = curl_slist_append(headers, ss.str().c_str());
} else {
// cache disabled by user
@@ -204,7 +191,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
// speed limit
- int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+ int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+ _config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@@ -215,12 +203,14 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
"Debian APT-CURL/1.0 ("VERSION")")));
// set timeout
- int timeout = _config->FindI("Acquire::http::Timeout",120);
+ int timeout = _config->FindI("Acquire::https::Timeout",
+ _config->FindI("Acquire::http::Timeout",120));
curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
// set redirect options and default to 10 redirects
- bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+ bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+ _config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);