summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
Diffstat (limited to 'methods')
-rw-r--r--methods/cdrom.cc34
-rw-r--r--methods/ftp.cc5
-rw-r--r--methods/gpgv.cc102
-rw-r--r--methods/http.cc7
-rw-r--r--methods/https.cc103
-rw-r--r--methods/https.h2
6 files changed, 148 insertions, 105 deletions
diff --git a/methods/cdrom.cc b/methods/cdrom.cc
index 9802eb46c..6d694e7c9 100644
--- a/methods/cdrom.cc
+++ b/methods/cdrom.cc
@@ -37,8 +37,8 @@ class CDROMMethod : public pkgAcqMethod
bool MountedByApt;
pkgUdevCdromDevices UdevCdroms;
- bool IsCorrectCD(URI want, string MountPath);
- bool AutoDetectAndMount(URI);
+ bool IsCorrectCD(URI want, string MountPath, string& NewID);
+ bool AutoDetectAndMount(const URI, string &NewID);
virtual bool Fetch(FetchItem *Itm);
string GetID(string Name);
virtual void Exit();
@@ -92,7 +92,7 @@ string CDROMMethod::GetID(string Name)
// CDROMMethod::AutoDetectAndMount /*{{{*/
// ---------------------------------------------------------------------
/* Modifies class varaiable CDROM to the mountpoint */
-bool CDROMMethod::AutoDetectAndMount(URI Get)
+bool CDROMMethod::AutoDetectAndMount(const URI Get, string &NewID)
{
vector<struct CdromDevice> v = UdevCdroms.Scan();
@@ -103,7 +103,7 @@ bool CDROMMethod::AutoDetectAndMount(URI Get)
{
if (Debug)
clog << "Checking mounted cdrom device " << v[i].DeviceName << endl;
- if (IsCorrectCD(Get, v[i].MountPath))
+ if (IsCorrectCD(Get, v[i].MountPath, NewID))
{
CDROM = v[i].MountPath;
return true;
@@ -116,23 +116,24 @@ bool CDROMMethod::AutoDetectAndMount(URI Get)
return false;
// check if we have the mount point
- if (!FileExists("/media/apt"))
- mkdir("/media/apt", 0755);
+ string AptMountPoint = _config->FindDir("Dir::Media::MountPath");
+ if (!FileExists(AptMountPoint))
+ mkdir(AptMountPoint.c_str(), 0750);
// now try mounting
for (unsigned int i=0; i < v.size(); i++)
{
if (!v[i].Mounted)
{
- if(MountCdrom("/media/apt", v[i].DeviceName))
+ if(MountCdrom(AptMountPoint, v[i].DeviceName))
{
- if (IsCorrectCD(Get, "/media/apt"))
+ if (IsCorrectCD(Get, AptMountPoint, NewID))
{
MountedByApt = true;
- CDROM = "/media/apt";
+ CDROM = AptMountPoint;
return true;
} else {
- UnmountCdrom("/media/apt");
+ UnmountCdrom(AptMountPoint);
}
}
}
@@ -144,10 +145,8 @@ bool CDROMMethod::AutoDetectAndMount(URI Get)
// CDROMMethod::IsCorrectCD /*{{{*/
// ---------------------------------------------------------------------
/* */
-bool CDROMMethod::IsCorrectCD(URI want, string MountPath)
+bool CDROMMethod::IsCorrectCD(URI want, string MountPath, string& NewID)
{
- string NewID;
-
for (unsigned int Version = 2; Version != 0; Version--)
{
if (IdentCdrom(MountPath,NewID,Version) == false)
@@ -220,23 +219,24 @@ bool CDROMMethod::Fetch(FetchItem *Itm)
return true;
}
+ bool AutoDetect = _config->FindB("Acquire::cdrom::AutoDetect", false);
CDROM = _config->FindDir("Acquire::cdrom::mount","/cdrom/");
if (Debug)
clog << "Looking for CDROM at " << CDROM << endl;
if (CDROM[0] == '.')
CDROM= SafeGetCWD() + '/' + CDROM;
- string NewID;
+ string NewID;
while (CurrentID.empty() == true)
{
- if (CDROM == "apt-udev-auto/")
- AutoDetectAndMount(Get);
+ if (AutoDetect)
+ AutoDetectAndMount(Get, NewID);
if(!IsMounted(CDROM))
MountedByApt = MountCdrom(CDROM);
- if (IsCorrectCD(Get, CDROM))
+ if (IsCorrectCD(Get, CDROM, NewID))
break;
// I suppose this should prompt somehow?
diff --git a/methods/ftp.cc b/methods/ftp.cc
index c91600ad5..3e1725823 100644
--- a/methods/ftp.cc
+++ b/methods/ftp.cc
@@ -19,6 +19,7 @@
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/error.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/netrc.h>
#include <sys/stat.h>
#include <sys/time.h>
@@ -982,7 +983,9 @@ bool FtpMethod::Fetch(FetchItem *Itm)
FetchResult Res;
Res.Filename = Itm->DestFile;
Res.IMSHit = false;
-
+
+ maybe_add_auth (Get, _config->FindFile("Dir::Etc::netrc"));
+
// Connect to the server
if (Server == 0 || Server->Comp(Get) == false)
{
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 150c1d315..c58e6cc45 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -1,10 +1,9 @@
#include <apt-pkg/error.h>
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/strutl.h>
+#include <apt-pkg/fileutl.h>
#include <apti18n.h>
-#include <sys/stat.h>
-#include <unistd.h>
#include <utime.h>
#include <stdio.h>
#include <fcntl.h>
@@ -45,42 +44,47 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
vector<string> &WorthlessSigners,
vector<string> &NoPubKeySigners)
{
+ bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
// setup a (empty) stringstream for formating the return value
std::stringstream ret;
ret.str("");
- if (_config->FindB("Debug::Acquire::gpgv", false))
- {
- std::cerr << "inside VerifyGetSigners" << std::endl;
- }
+ if (Debug == true)
+ std::clog << "inside VerifyGetSigners" << std::endl;
+
pid_t pid;
int fd[2];
FILE *pipein;
int status;
- struct stat buff;
- string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
- string pubringpath = _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
- if (_config->FindB("Debug::Acquire::gpgv", false))
+ string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
+ // FIXME: remove support for deprecated APT::GPGV setting
+ string const trustedFile = _config->FindFile("Dir::Etc::Trusted",
+ _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg").c_str());
+ string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts", "/etc/apt/trusted.gpg.d");
+ if (Debug == true)
{
- std::cerr << "gpgv path: " << gpgvpath << std::endl;
- std::cerr << "Keyring path: " << pubringpath << std::endl;
+ std::clog << "gpgv path: " << gpgvpath << std::endl;
+ std::clog << "Keyring file: " << trustedFile << std::endl;
+ std::clog << "Keyring path: " << trustedPath << std::endl;
}
- if (stat(pubringpath.c_str(), &buff) != 0)
+ vector<string> keyrings = GetListOfFilesInDir(trustedPath, "gpg", false);
+ if (FileExists(trustedFile) == true)
+ keyrings.push_back(trustedFile);
+
+ if (keyrings.empty() == true)
{
- ioprintf(ret, _("Couldn't access keyring: '%s'"), strerror(errno));
+ // TRANSLATOR: %s is the trusted keyring parts directory
+ ioprintf(ret, _("No keyring installed in %s."), trustedPath.c_str());
return ret.str();
}
+
if (pipe(fd) < 0)
- {
return "Couldn't create pipe";
- }
pid = fork();
if (pid < 0)
- {
return string("Couldn't spawn new process") + strerror(errno);
- }
else if (pid == 0)
{
const char *Args[400];
@@ -90,8 +94,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
Args[i++] = "--status-fd";
Args[i++] = "3";
Args[i++] = "--ignore-time-conflict";
- Args[i++] = "--keyring";
- Args[i++] = pubringpath.c_str();
+ for (vector<string>::const_iterator K = keyrings.begin();
+ K != keyrings.end(); ++K)
+ {
+ Args[i++] = "--keyring";
+ Args[i++] = K->c_str();
+ // check overflow (minus a bit of extra space at the end)
+ if(i >= sizeof(Args)/sizeof(char*)-5) {
+ std::clog << _("E: Too many keyrings should be passed to gpgv. Exiting.") << std::endl;
+ exit(111);
+ }
+ }
Configuration::Item const *Opts;
Opts = _config->Tree("Acquire::gpgv::Options");
@@ -103,8 +116,9 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
if (Opts->Value.empty() == true)
continue;
Args[i++] = Opts->Value.c_str();
- if(i >= 395) {
- std::cerr << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl;
+ // check overflow (minus a bit of extra space at the end)
+ if(i >= sizeof(Args)/sizeof(char*)-5) {
+ std::clog << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl;
exit(111);
}
}
@@ -113,14 +127,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
Args[i++] = outfile;
Args[i++] = NULL;
- if (_config->FindB("Debug::Acquire::gpgv", false))
+ if (Debug == true)
{
- std::cerr << "Preparing to exec: " << gpgvpath;
+ std::clog << "Preparing to exec: " << gpgvpath;
for(unsigned int j=0;Args[j] != NULL; j++)
- std::cerr << " " << Args[j];
- std::cerr << std::endl;
+ std::clog << " " << Args[j];
+ std::clog << std::endl;
}
- int nullfd = open("/dev/null", O_RDONLY);
+ int const nullfd = open("/dev/null", O_RDONLY);
close(fd[0]);
// Redirect output to /dev/null; we read from the status fd
dup2(nullfd, STDOUT_FILENO);
@@ -159,8 +173,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
break;
*(buffer+bufferoff) = '\0';
bufferoff = 0;
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Read: " << buffer << std::endl;
+ if (Debug == true)
+ std::clog << "Read: " << buffer << std::endl;
// Push the data into three separate vectors, which
// we later concatenate. They're kept separate so
@@ -168,33 +182,33 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
// it will be better.
if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
{
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got BADSIG! " << std::endl;
+ if (Debug == true)
+ std::clog << "Got BADSIG! " << std::endl;
BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
{
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got NO_PUBKEY " << std::endl;
+ if (Debug == true)
+ std::clog << "Got NO_PUBKEY " << std::endl;
NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
{
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got NODATA! " << std::endl;
+ if (Debug == true)
+ std::clog << "Got NODATA! " << std::endl;
BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
{
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got KEYEXPIRED! " << std::endl;
+ if (Debug == true)
+ std::clog << "Got KEYEXPIRED! " << std::endl;
WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
{
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got REVKEYSIG! " << std::endl;
+ if (Debug == true)
+ std::clog << "Got REVKEYSIG! " << std::endl;
WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
@@ -204,17 +218,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
while (*p && isxdigit(*p))
p++;
*p = 0;
- if (_config->FindB("Debug::Acquire::gpgv", false))
- std::cerr << "Got GOODSIG, key ID:" << sig << std::endl;
+ if (Debug == true)
+ std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
GoodSigners.push_back(string(sig));
}
}
fclose(pipein);
waitpid(pid, &status, 0);
- if (_config->FindB("Debug::Acquire::gpgv", false))
+ if (Debug == true)
{
- std::cerr << "gpgv exited\n";
+ std::clog << "gpgv exited\n";
}
if (WEXITSTATUS(status) == 0)
@@ -305,7 +319,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm)
if (_config->FindB("Debug::Acquire::gpgv", false))
{
- std::cerr << "gpgv succeeded\n";
+ std::clog << "gpgv succeeded\n";
}
return true;
diff --git a/methods/http.cc b/methods/http.cc
index 8fcff0b5d..2dae87a02 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -29,6 +29,7 @@
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/error.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/netrc.h>
#include <sys/stat.h>
#include <sys/time.h>
@@ -42,6 +43,7 @@
#include <map>
#include <apti18n.h>
+
// Internet stuff
#include <netdb.h>
@@ -49,7 +51,6 @@
#include "connect.h"
#include "rfc2553emu.h"
#include "http.h"
-
/*}}}*/
using namespace std;
@@ -724,10 +725,12 @@ void HttpMethod::SendReq(FetchItem *Itm,CircleBuf &Out)
Req += string("Proxy-Authorization: Basic ") +
Base64Encode(Proxy.User + ":" + Proxy.Password) + "\r\n";
+ maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
if (Uri.User.empty() == false || Uri.Password.empty() == false)
+ {
Req += string("Authorization: Basic ") +
Base64Encode(Uri.User + ":" + Uri.Password) + "\r\n";
-
+ }
Req += "User-Agent: " + _config->Find("Acquire::http::User-Agent",
"Debian APT-HTTP/1.3 ("VERSION")") + "\r\n\r\n";
diff --git a/methods/https.cc b/methods/https.cc
index 4daa04e32..aa6786aa8 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -14,6 +14,7 @@
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/error.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/netrc.h>
#include <sys/stat.h>
#include <sys/time.h>
@@ -56,37 +57,40 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
return 0;
}
-void HttpsMethod::SetupProxy() { /*{{{*/
- URI ServerName = Queue->Uri;
-
- // Determine the proxy setting - try https first, fallback to http and use env at last
- string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
- _config->Find("Acquire::http::Proxy::" + ServerName.Host));
-
- if (UseProxy.empty() == true)
- UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
-
- // User want to use NO proxy, so nothing to setup
- if (UseProxy == "DIRECT")
- return;
-
- if (UseProxy.empty() == false) {
- // Parse no_proxy, a comma (,) separated list of domains we don't want to use
- // a proxy for so we stop right here if it is in the list
- if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
- return;
- } else {
- const char* result = getenv("http_proxy");
- UseProxy = result == NULL ? "" : result;
- }
-
- // Determine what host and port to use based on the proxy settings
- if (UseProxy.empty() == false) {
- Proxy = UseProxy;
- if (Proxy.Port != 1)
- curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
- curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
- }
+void HttpsMethod::SetupProxy() /*{{{*/
+{
+ URI ServerName = Queue->Uri;
+
+ // Determine the proxy setting - try https first, fallback to http and use env at last
+ string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+ _config->Find("Acquire::http::Proxy::" + ServerName.Host).c_str());
+
+ if (UseProxy.empty() == true)
+ UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy").c_str());
+
+ // User want to use NO proxy, so nothing to setup
+ if (UseProxy == "DIRECT")
+ return;
+
+ if (UseProxy.empty() == false)
+ {
+ // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+ // a proxy for so we stop right here if it is in the list
+ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+ return;
+ } else {
+ const char* result = getenv("http_proxy");
+ UseProxy = result == NULL ? "" : result;
+ }
+
+ // Determine what host and port to use based on the proxy settings
+ if (UseProxy.empty() == false)
+ {
+ Proxy = UseProxy;
+ if (Proxy.Port != 1)
+ curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+ curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+ }
} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
// ---------------------------------------------------------------------
@@ -110,8 +114,10 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_reset(curl);
SetupProxy();
+ maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+
// callbacks
- curl_easy_setopt(curl, CURLOPT_URL, Itm->Uri.c_str());
+ curl_easy_setopt(curl, CURLOPT_URL, static_cast<string>(Uri).c_str());
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, this);
curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback);
@@ -119,7 +125,6 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
curl_easy_setopt(curl, CURLOPT_FILETIME, true);
- curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
// SSL parameters are set by default to the common (non mirror-specific) value
// if available (or a default one) and gets overload by mirror-specific ones.
@@ -128,7 +133,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
string cainfo = _config->Find("Acquire::https::CaInfo","");
string knob = "Acquire::https::"+remotehost+"::CaInfo";
cainfo = _config->Find(knob.c_str(),cainfo.c_str());
- if(cainfo != "")
+ if(cainfo.empty() == false)
curl_easy_setopt(curl, CURLOPT_CAINFO,cainfo.c_str());
// Check server certificate against previous CA list ...
@@ -146,18 +151,25 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
default_verify = 0;
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);
+ // Also enforce issuer of server certificate using its cert
+ string issuercert = _config->Find("Acquire::https::IssuerCert","");
+ knob = "Acquire::https::"+remotehost+"::IssuerCert";
+ issuercert = _config->Find(knob.c_str(),issuercert.c_str());
+ if(issuercert.empty() == false)
+ curl_easy_setopt(curl, CURLOPT_ISSUERCERT,issuercert.c_str());
+
// For client authentication, certificate file ...
string pem = _config->Find("Acquire::https::SslCert","");
knob = "Acquire::https::"+remotehost+"::SslCert";
pem = _config->Find(knob.c_str(),pem.c_str());
- if(pem != "")
+ if(pem.empty() == false)
curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());
// ... and associated key.
string key = _config->Find("Acquire::https::SslKey","");
knob = "Acquire::https::"+remotehost+"::SslKey";
key = _config->Find(knob.c_str(),key.c_str());
- if(key != "")
+ if(key.empty() == false)
curl_easy_setopt(curl, CURLOPT_SSLKEY, key.c_str());
// Allow forcing SSL version to SSLv3 or TLSv1 (SSLv2 is not
@@ -172,6 +184,13 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
final_version = CURL_SSLVERSION_SSLv3;
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
+ // CRL file
+ string crlfile = _config->Find("Acquire::https::CrlFile","");
+ knob = "Acquire::https::"+remotehost+"::CrlFile";
+ crlfile = _config->Find(knob.c_str(),crlfile.c_str());
+ if(crlfile.empty() == false)
+ curl_easy_setopt(curl, CURLOPT_CRLFILE, crlfile.c_str());
+
// cache-control
if(_config->FindB("Acquire::https::No-Cache",
_config->FindB("Acquire::http::No-Cache",false)) == false)
@@ -191,7 +210,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
// speed limit
- int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+ int const dlLimit = _config->FindI("Acquire::https::Dl-Limit",
_config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@@ -200,16 +219,18 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_USERAGENT,
_config->Find("Acquire::https::User-Agent",
_config->Find("Acquire::http::User-Agent",
- "Debian APT-CURL/1.0 ("VERSION")")).c_str());
+ "Debian APT-CURL/1.0 ("VERSION")").c_str()).c_str());
// set timeout
- int timeout = _config->FindI("Acquire::https::Timeout",
+ int const timeout = _config->FindI("Acquire::https::Timeout",
_config->FindI("Acquire::http::Timeout",120));
- curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
+ //set really low lowspeed timeout (see #497983)
+ curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED);
+ curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);
// set redirect options and default to 10 redirects
- bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+ bool const AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
_config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);
diff --git a/methods/https.h b/methods/https.h
index 2c33d95ee..3f0c416b6 100644
--- a/methods/https.h
+++ b/methods/https.h
@@ -24,6 +24,8 @@ class HttpsMethod;
class HttpsMethod : public pkgAcqMethod
{
+ // minimum speed in bytes/se that triggers download timeout handling
+ static const int DL_MIN_SPEED = 10;
virtual bool Fetch(FetchItem *);
static size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp);
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-17 07:29:00 +0000