summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--doc/apt.conf.5.xml8
-rw-r--r--doc/examples/configure-index33
-rw-r--r--methods/https.cc100
4 files changed, 76 insertions, 67 deletions
diff --git a/debian/changelog b/debian/changelog
index 0cfd36c00..e930de0dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -56,6 +56,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* doc/po4a.conf: activate translation of guide.sgml and offline.sgml
* doc/apt.conf.5.xml:
- provide a few more details about APT::Immediate-Configure
+ - briefly document the behaviour of the new https options
* doc/sources.list.5.xml:
- add note about additional apt-transport-methods
* doc/apt-mark.8.xml:
@@ -97,6 +98,7 @@ apt (0.7.25) UNRELEASED; urgency=low
* methods/http{,s}.cc
- add config setting for User-Agent to the Acquire group,
thanks Timothy J. Miller! (Closes: #355782)
+ - add https options which default to http ones (Closes: #557085)
[ Chris Leick ]
* doc/ various manpages:
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 726bca2cc..d7ad51cfb 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
</varlistentry>
<varlistentry><term>https</term>
- <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
- <literal>http</literal> method.
- <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+ <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+ proxy options are the same as for <literal>http</literal> method and will also
+ default to the options from the <literal>http</literal> method if they are not
+ explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+ supported yet.</para>
<para><literal>CaInfo</literal> suboption specifies place of file that
holds info about trusted certificates.
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 333c8df7e..ced390447 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -194,19 +194,34 @@ Acquire
User-Agent "Debian APT-HTTP/1.3";
};
- // HTTPS method configuration:
- // - uses the http proxy config
- // - uses the http cache-control values
- // - uses the http Dl-Limit values
- https
+
+
+ // HTTPS method configuration: uses the http
+ // - proxy config
+ // - cache-control values
+ // - Dl-Limit, Timout, ... values
+ // if not set explicit for https
+ //
+ // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+ // for more examples
+ https
{
Verify-Peer "false";
SslCert "/etc/apt/some.pem";
- CaPath "/etc/ssl/certs";
- Verify-Host" "true";
- AllowRedirect "true";
+ CaPath "/etc/ssl/certs";
+ Verify-Host" "true";
+ AllowRedirect "true";
+
+ Timeout "120";
+ AllowRedirect "true";
+
+ // Cache Control. Note these do not work with Squid 2.0.2
+ No-Cache "false";
+ Max-Age "86400"; // 1 Day age on index files
+ No-Store "false"; // Prevent the cache from storing archives
+ Dl-Limit "7"; // 7Kb/sec maximum download rate
- User-Agent "Debian APT-CURL/1.0";
+ User-Agent "Debian APT-CURL/1.0";
};
ftp
diff --git a/methods/https.cc b/methods/https.cc
index a4f39c379..ed1f18150 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
// Description /*{{{*/
// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
/* ######################################################################
@@ -57,54 +57,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
return 0;
}
-void HttpsMethod::SetupProxy()
-{
- URI ServerName = Queue->Uri;
-
- // Determine the proxy setting
- string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
- if (!SpecificProxy.empty())
- {
- if (SpecificProxy == "DIRECT")
- Proxy = "";
- else
- Proxy = SpecificProxy;
- }
- else
- {
- string DefProxy = _config->Find("Acquire::http::Proxy");
- if (!DefProxy.empty())
- {
- Proxy = DefProxy;
- }
- else
- {
- char* result = getenv("http_proxy");
- Proxy = result ? result : "";
- }
- }
-
- // Parse no_proxy, a , separated list of domains
- if (getenv("no_proxy") != 0)
- {
- if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
- Proxy = "";
- }
-
- // Determine what host and port to use based on the proxy settings
- string Host;
- if (Proxy.empty() == true || Proxy.Host.empty() == true)
- {
- }
- else
- {
- if (Proxy.Port != 0)
- curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
- curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
- }
-}
-
-
+void HttpsMethod::SetupProxy() { /*{{{*/
+ URI ServerName = Queue->Uri;
+
+ // Determine the proxy setting - try https first, fallback to http and use env at last
+ string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+ _config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+ if (UseProxy.empty() == true)
+ UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+ // User want to use NO proxy, so nothing to setup
+ if (UseProxy == "DIRECT")
+ return;
+
+ if (UseProxy.empty() == false) {
+ // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+ // a proxy for so we stop right here if it is in the list
+ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+ return;
+ } else {
+ const char* result = getenv("http_proxy");
+ UseProxy = result == NULL ? "" : result;
+ }
+
+ // Determine what host and port to use based on the proxy settings
+ if (UseProxy.empty() == false) {
+ Proxy = UseProxy;
+ if (Proxy.Port != 1)
+ curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+ curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+ }
+} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
// ---------------------------------------------------------------------
/* This adds an item to the pipeline. We keep the pipeline at a fixed
@@ -191,12 +175,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
// cache-control
- if(_config->FindB("Acquire::http::No-Cache",false) == false)
+ if(_config->FindB("Acquire::https::No-Cache",
+ _config->FindB("Acquire::http::No-Cache",false)) == false)
{
// cache enabled
- if (_config->FindB("Acquire::http::No-Store",false) == true)
+ if (_config->FindB("Acquire::https::No-Store",
+ _config->FindB("Acquire::http::No-Store",false)) == true)
headers = curl_slist_append(headers,"Cache-Control: no-store");
- ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+ ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+ _config->FindI("Acquire::http::Max-Age",0)));
headers = curl_slist_append(headers, ss.str().c_str());
} else {
// cache disabled by user
@@ -206,7 +193,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
// speed limit
- int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+ int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+ _config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@@ -217,14 +205,16 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
"Debian APT-CURL/1.0 ("VERSION")")));
// set timeout
- int timeout = _config->FindI("Acquire::http::Timeout",120);
+ int timeout = _config->FindI("Acquire::https::Timeout",
+ _config->FindI("Acquire::http::Timeout",120));
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
//set really low lowspeed timeout (see #497983)
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED);
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);
// set redirect options and default to 10 redirects
- bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+ bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+ _config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);