summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2009-12-11 00:38:13 +0100
committerDavid Kalnischkies <kalnischkies@gmail.com>2009-12-11 00:38:13 +0100
commitb9e9a44b3377cae2fb9aca3210f379ae1cb802ba (patch)
tree5c1b7ce74e82a58dcd1f81b1e04aee132df010a0
parent9f542bae2b3620887345ebc3e61970f8903123a0 (diff)
add https options which default to the ones from http for the https
method as this is more sane than using only the http options without a possibility to override these for https.
-rw-r--r--debian/changelog2
-rw-r--r--doc/apt.conf.5.xml8
-rw-r--r--doc/examples/configure-index33
-rw-r--r--methods/https.cc100
4 files changed, 76 insertions, 67 deletions
diff --git a/debian/changelog b/debian/changelog
index 0cfd36c00..e930de0dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -56,6 +56,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* doc/po4a.conf: activate translation of guide.sgml and offline.sgml
* doc/apt.conf.5.xml:
- provide a few more details about APT::Immediate-Configure
+ - briefly document the behaviour of the new https options
* doc/sources.list.5.xml:
- add note about additional apt-transport-methods
* doc/apt-mark.8.xml:
@@ -97,6 +98,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* methods/http{,s}.cc
- add config setting for User-Agent to the Acquire group,
thanks Timothy J. Miller! (Closes: #355782)
+ - add https options which default to http ones (Closes: #557085)
[ Chris Leick ]
* doc/ various manpages:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 726bca2cc..d7ad51cfb 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
</varlistentry>
<varlistentry><term>https</term>
- <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
- <literal>http</literal> method.
- <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+ <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+ proxy options are the same as for <literal>http</literal> method and will also
+ default to the options from the <literal>http</literal> method if they are not
+ explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+ supported yet.</para>
<para><literal>CaInfo</literal> suboption specifies place of file that
holds info about trusted certificates.
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 333c8df7e..ced390447 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -194,19 +194,34 @@ Acquire
User-Agent "Debian APT-HTTP/1.3";
};
- // HTTPS method configuration:
- // - uses the http proxy config
- // - uses the http cache-control values
- // - uses the http Dl-Limit values
- https
+
+
+ // HTTPS method configuration: uses the http
+ // - proxy config
+ // - cache-control values
+ // - Dl-Limit, Timout, ... values
+ // if not set explicit for https
+ //
+ // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+ // for more examples
+ https
{
Verify-Peer "false";
SslCert "/etc/apt/some.pem";
- CaPath "/etc/ssl/certs";
- Verify-Host" "true";
- AllowRedirect "true";
+ CaPath "/etc/ssl/certs";
+ Verify-Host" "true";
+ AllowRedirect "true";
+
+ Timeout "120";
+ AllowRedirect "true";
+
+ // Cache Control. Note these do not work with Squid 2.0.2
+ No-Cache "false";
+ Max-Age "86400"; // 1 Day age on index files
+ No-Store "false"; // Prevent the cache from storing archives
+ Dl-Limit "7"; // 7Kb/sec maximum download rate
- User-Agent "Debian APT-CURL/1.0";
+ User-Agent "Debian APT-CURL/1.0";
};
ftp
diff --git a/methods/https.cc b/methods/https.cc
index a4f39c379..ed1f18150 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
// Description /*{{{*/
// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
/* ######################################################################
@@ -57,54 +57,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
return 0;
}
-void HttpsMethod::SetupProxy()
-{
- URI ServerName = Queue->Uri;
-
- // Determine the proxy setting
- string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
- if (!SpecificProxy.empty())
- {
- if (SpecificProxy == "DIRECT")
- Proxy = "";
- else
- Proxy = SpecificProxy;
- }
- else
- {
- string DefProxy = _config->Find("Acquire::http::Proxy");
- if (!DefProxy.empty())
- {
- Proxy = DefProxy;
- }
- else
- {
- char* result = getenv("http_proxy");
- Proxy = result ? result : "";
- }
- }
-
- // Parse no_proxy, a , separated list of domains
- if (getenv("no_proxy") != 0)
- {
- if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
- Proxy = "";
- }
-
- // Determine what host and port to use based on the proxy settings
- string Host;
- if (Proxy.empty() == true || Proxy.Host.empty() == true)
- {
- }
- else
- {
- if (Proxy.Port != 0)
- curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
- curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
- }
-}
-
-
+void HttpsMethod::SetupProxy() { /*{{{*/
+ URI ServerName = Queue->Uri;
+
+ // Determine the proxy setting - try https first, fallback to http and use env at last
+ string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+ _config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+ if (UseProxy.empty() == true)
+ UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+ // User want to use NO proxy, so nothing to setup
+ if (UseProxy == "DIRECT")
+ return;
+
+ if (UseProxy.empty() == false) {
+ // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+ // a proxy for so we stop right here if it is in the list
+ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+ return;
+ } else {
+ const char* result = getenv("http_proxy");
+ UseProxy = result == NULL ? "" : result;
+ }
+
+ // Determine what host and port to use based on the proxy settings
+ if (UseProxy.empty() == false) {
+ Proxy = UseProxy;
+ if (Proxy.Port != 1)
+ curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+ curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+ }
+} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
// ---------------------------------------------------------------------
/* This adds an item to the pipeline. We keep the pipeline at a fixed
@@ -191,12 +175,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
// cache-control
- if(_config->FindB("Acquire::http::No-Cache",false) == false)
+ if(_config->FindB("Acquire::https::No-Cache",
+ _config->FindB("Acquire::http::No-Cache",false)) == false)
{
// cache enabled
- if (_config->FindB("Acquire::http::No-Store",false) == true)
+ if (_config->FindB("Acquire::https::No-Store",
+ _config->FindB("Acquire::http::No-Store",false)) == true)
headers = curl_slist_append(headers,"Cache-Control: no-store");
- ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+ ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+ _config->FindI("Acquire::http::Max-Age",0)));
headers = curl_slist_append(headers, ss.str().c_str());
} else {
// cache disabled by user
@@ -206,7 +193,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
// speed limit
- int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+ int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+ _config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@@ -217,14 +205,16 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
"Debian APT-CURL/1.0 ("VERSION")")));
// set timeout
- int timeout = _config->FindI("Acquire::http::Timeout",120);
+ int timeout = _config->FindI("Acquire::https::Timeout",
+ _config->FindI("Acquire::http::Timeout",120));
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
//set really low lowspeed timeout (see #497983)
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED);
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);
// set redirect options and default to 10 redirects
- bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+ bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+ _config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);