From 29ba053e05b1a496500036dbd667002d1b8b5ec2 Mon Sep 17 00:00:00 2001 From: Matt Zimmerman Date: Sun, 26 Jun 2005 21:30:27 +0000 Subject: Merge with mvo Patches applied: * michael.vogt@ubuntu.com--2005/apt--bts225947--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-79 * michael.vogt@ubuntu.com--2005/apt--bts225947--0--patch-1 * merged with mainline and apt--fixes--0 * michael.vogt@ubuntu.com--2005/apt--bts225947--0--patch-2 * patch from aj (slighly modified to use auto_ptr<>) applied * michael.vogt@ubuntu.com--2005/apt--bts225947--0--patch-3 * changelog updated * michael.vogt@ubuntu.com--2005/apt--bts225947--0--patch-4 * work for arch=all packages too now * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-5 * merged with apt--main--0 * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-7 * fixed incorrect man-page example * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-8 * changelog udpate * michael.vogt@ubuntu.com--2005/apt--sane-handle-timeout--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-87 * michael.vogt@ubuntu.com--2005/apt--sane-handle-timeout--0--patch-1 * report timeouts (from Connect) and fail if they happen in pkgAcqMetaSig * michael.vogt@ubuntu.com--2005/apt--sane-handle-timeout--0--patch-2 * merged with the fixes branch to make it build again * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-1 tag of apt@packages.debian.org/apt--main--0--patch-88 * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-2 * merged apt--mvo (to make pining on components work again) * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-3 * merged with apt--fixes--0 (to make the building of the french manpages work and to fix a incorrect man-page example * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-4 * merged with the bts225947 code * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-5 * merged the imporoved timoeut handling patch * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-6 * merged with matt * michael.vogt@ubuntu.com--2005/apt--ubuntu--0--patch-7 * removed another conflict with apt--main --- methods/connect.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/connect.cc b/methods/connect.cc index 981ac1371..b85df6887 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -88,9 +88,11 @@ static bool DoConnect(struct addrinfo *Addr,string Host, /* This implements a timeout for connect by opening the connection nonblocking */ - if (WaitFd(Fd,true,TimeOut) == false) + if (WaitFd(Fd,true,TimeOut) == false) { + Owner->SetFailExtraMsg("\nFailReason: Timeout"); return _error->Error(_("Could not connect to %s:%s (%s), " "connection timed out"),Host.c_str(),Service,Name); + } // Check the socket for an error condition unsigned int Err; -- cgit v1.2.3 From be65f52793235fa0419af5bb6c867da28506c227 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 28 Jun 2005 09:16:51 +0000 Subject: * bumped the library version --- methods/makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/makefile b/methods/makefile index 089300570..06fd2a6fc 100644 --- a/methods/makefile +++ b/methods/makefile @@ -7,7 +7,7 @@ include ../buildlib/defaults.mak BIN := $(BIN)/methods # FIXME.. -LIB_APT_PKG_MAJOR = 3.5 +LIB_APT_PKG_MAJOR = 3.10 APT_DOMAIN := libapt-pkg$(LIB_APT_PKG_MAJOR) # The file method -- cgit v1.2.3 From 2a7e07c7578048abd9f7bfd4ce0ca5c3696b9f3a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 18 Aug 2005 10:38:58 +0000 Subject: * merged from main Patches applied: * apt@packages.debian.org/apt--main--0--patch-100 Use debian.org address in mainline * apt@packages.debian.org/apt--main--0--patch-101 Update pot file * apt@packages.debian.org/apt--main--0--patch-102 Open 0.6.40 * apt@packages.debian.org/apt--main--0--patch-103 Patch from Jordi Mallach to mark some additional strings for translation * apt@packages.debian.org/apt--main--0--patch-104 Updated Catalan translation from Jordi Mallach * apt@packages.debian.org/apt--main--0--patch-105 Merge from bubulle@debian.org--2005/apt--main--0 * apt@packages.debian.org/apt--main--0--patch-106 Restore lost changelog entries * apt@packages.debian.org/apt--main--0--patch-107 Merge michael.vogt@ubuntu.com--2005/apt--progress-reporting--0 * apt@packages.debian.org/apt--main--0--patch-108 Merge michael.vogt@ubuntu.com--2005/apt--progress-reporting--0 * apt@packages.debian.org/apt--main--0--patch-109 Merge michael.vogt@ubuntu.com--2005/apt--progress-reporting--0 * apt@packages.debian.org/apt--main--0--patch-110 Merge michael.vogt@ubuntu.com--2005/apt--progress-reporting--0 * bubulle@debian.org--2005/apt--main--0--patch-90 Merge with Matt * bubulle@debian.org--2005/apt--main--0--patch-91 Updated Slovak translation * bubulle@debian.org--2005/apt--main--0--patch-92 Add apt-key French man page * bubulle@debian.org--2005/apt--main--0--patch-93 Update Greek translations * bubulle@debian.org--2005/apt--main--0--patch-94 Merge with Matt * bubulle@debian.org--2005/apt--main--0--patch-95 Sync PO files with the POT file/French translation update * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-85 * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-1 * inital proof of concept code, understands what dpkg tells it already * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-2 * progress reporting works now * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-3 * added "APT::Status-Fd" variable * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-4 * do i18n now too * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-5 * define N_(x) if it is not defined already * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-6 * PackageManager::DoInstall(int status_fd) added (does not break the ABI) * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-7 * merged with apt--fixes--0 to make it build again * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-8 * added support for "error" and "conffile-prompt" messages from dpkg * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-9 merge with main * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-10 * use sizeof() for all snprintf() uses; fix a potential line break problem in the status reading code; changed the N_() to _() calls * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-11 * added APT::KeepFDs configuration list for file descriptors that apt should leave open (needed for various frontends like debconf, synaptic) * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-12 * fixed a API breakage * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-13 * doc added, should be releasable now * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-14 * merged with apt--main--0 * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-15 * more source comments, added Debug::DpkgPM debug code to inspect the dpkg<->apt communication, broke the abi (ok with matt) * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-16 * the progress reporting has it's own "Debug::pkgDPkgProgressReporting" debug variable now * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-17 * merged PackageOps and TranslatedPackageOps into a single Map with the new DpkgState struct * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-18 * clear the APT::Keep-Fds configuration when it's no longer needed * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-19 * rewrote the reading from dpkg so that it never blocks * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-20 * merged the two status arrays into one * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-21 * added support for download progress reporting too (for Kamion and base-config) * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-22 * ABI break; added Configuration::Clear(string List, {int,string} value) added (to remove a single Value from a list); test/conf_clear.cc added * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-23 * remvoed a debug string * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-24 * soname changed, fixed a bug in the parsing code when dpkg send the same state more than once (at the end) * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-25 * merged with apt@packages.debian.org/apt--main--0, added changelog entry for the 0.6.40.1 upload * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-26 * fix a bug when out-of-order states are send from dpkg * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-27 * changelog update * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-28 * a real changelog entry now * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-29 * changelog finalized * michael.vogt@ubuntu.com--2005/apt--progress-reporting--0--patch-30 * propper (and sane) support for pmerror and pmconffile added --- methods/gpgv.cc | 30 +++++++++++++++++------------- methods/makefile | 2 +- 2 files changed, 18 insertions(+), 14 deletions(-) (limited to 'methods') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 24e945b2c..5cb154f66 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -1,6 +1,7 @@ #include #include #include +#include #include #include @@ -88,7 +89,7 @@ const char *GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, continue; Args[i++] = Opts->Value.c_str(); if(i >= 395) { - std::cerr << "E: Argument list from Acquire::gpgv::Options too long. Exiting." << std::endl; + std::cerr << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl; exit(111); } } @@ -181,27 +182,28 @@ const char *GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, waitpid(pid, &status, 0); if (_config->FindB("Debug::Acquire::gpgv", false)) { - std::cerr <<"gpgv exited\n"; + std::cerr << "gpgv exited\n"; } if (WEXITSTATUS(status) == 0) { if (GoodSigners.empty()) - return "Internal error: Good signature, but could not determine key fingerprint?!"; + return _("Internal error: Good signature, but could not determine key fingerprint?!"); return NULL; } else if (WEXITSTATUS(status) == 1) { - return "At least one invalid signature was encountered."; + return _("At least one invalid signature was encountered."); } else if (WEXITSTATUS(status) == 111) { - return (string("Could not execute ") + gpgvpath + - string(" to verify signature (is gnupg installed?)")).c_str(); + // FIXME String concatenation considered harmful. + return (string(_("Could not execute ")) + gpgvpath + + string(_(" to verify signature (is gnupg installed?)"))).c_str(); } else { - return "Unknown error executing gpgv"; + return _("Unknown error executing gpgv"); } } @@ -232,14 +234,14 @@ bool GPGVMethod::Fetch(FetchItem *Itm) { if (!BadSigners.empty()) { - errmsg += "The following signatures were invalid:\n"; + errmsg += _("The following signatures were invalid:\n"); for (vector::iterator I = BadSigners.begin(); I != BadSigners.end(); I++) errmsg += (*I + "\n"); } if (!NoPubKeySigners.empty()) { - errmsg += "The following signatures couldn't be verified because the public key is not available:\n"; + errmsg += _("The following signatures couldn't be verified because the public key is not available:\n"); for (vector::iterator I = NoPubKeySigners.begin(); I != NoPubKeySigners.end(); I++) errmsg += (*I + "\n"); @@ -251,16 +253,16 @@ bool GPGVMethod::Fetch(FetchItem *Itm) // Transfer the modification times struct stat Buf; if (stat(Path.c_str(),&Buf) != 0) - return _error->Errno("stat","Failed to stat %s", Path.c_str()); + return _error->Errno("stat",_("Failed to stat %s"), Path.c_str()); struct utimbuf TimeBuf; TimeBuf.actime = Buf.st_atime; TimeBuf.modtime = Buf.st_mtime; if (utime(Itm->DestFile.c_str(),&TimeBuf) != 0) - return _error->Errno("utime","Failed to set modification time"); + return _error->Errno("utime",_("Failed to set modification time")); if (stat(Itm->DestFile.c_str(),&Buf) != 0) - return _error->Errno("stat","Failed to stat"); + return _error->Errno("stat",_("Failed to stat")); // Return a Done response Res.LastModified = Buf.st_mtime; @@ -275,7 +277,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm) if (_config->FindB("Debug::Acquire::gpgv", false)) { - std::cerr <<"gpgv suceeded\n"; + std::cerr << "gpgv succeeded\n"; } return true; @@ -284,6 +286,8 @@ bool GPGVMethod::Fetch(FetchItem *Itm) int main() { + setlocale(LC_ALL, ""); + GPGVMethod Mth; return Mth.Run(); diff --git a/methods/makefile b/methods/makefile index 06fd2a6fc..1e3b1ef85 100644 --- a/methods/makefile +++ b/methods/makefile @@ -7,7 +7,7 @@ include ../buildlib/defaults.mak BIN := $(BIN)/methods # FIXME.. -LIB_APT_PKG_MAJOR = 3.10 +LIB_APT_PKG_MAJOR = 3.11 APT_DOMAIN := libapt-pkg$(LIB_APT_PKG_MAJOR) # The file method -- cgit v1.2.3 From 6b6afec3673bd1685e62a5c4b1803531a44add82 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 26 Jun 2006 09:28:51 +0200 Subject: * apt-pkg/init.h: - increased lib-version to 3.13 --- methods/makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/makefile b/methods/makefile index 1e3b1ef85..7af5d38d1 100644 --- a/methods/makefile +++ b/methods/makefile @@ -7,7 +7,7 @@ include ../buildlib/defaults.mak BIN := $(BIN)/methods # FIXME.. -LIB_APT_PKG_MAJOR = 3.11 +LIB_APT_PKG_MAJOR = 3.13 APT_DOMAIN := libapt-pkg$(LIB_APT_PKG_MAJOR) # The file method -- cgit v1.2.3 From d546f98d46c6a1d813976825f615e39f17b7ebf5 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 19 Dec 2006 12:03:30 +0100 Subject: * added https transport method as optional pacakge --- methods/https.cc | 226 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ methods/https.h | 48 ++++++++++++ methods/makefile | 7 ++ 3 files changed, 281 insertions(+) create mode 100644 methods/https.cc create mode 100644 methods/https.h (limited to 'methods') diff --git a/methods/https.cc b/methods/https.cc new file mode 100644 index 000000000..06b7dff48 --- /dev/null +++ b/methods/https.cc @@ -0,0 +1,226 @@ +// -*- mode: cpp; mode: fold -*- +// Description /*{{{*/ +// $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $ +/* ###################################################################### + + HTTPS Aquire Method - This is the HTTPS aquire method for APT. + + It uses libcurl + + ##################################################################### */ + /*}}}*/ +// Include Files /*{{{*/ +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "config.h" +#include "https.h" + + /*}}}*/ +using namespace std; + +size_t +HttpsMethod::write_data(void *buffer, size_t size, size_t nmemb, void *userp) +{ + HttpsMethod *me = (HttpsMethod *)userp; + + if(me->File->Write(buffer, size*nmemb) != true) + return false; + + return size*nmemb; +} + +int +HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow, + double ultotal, double ulnow) +{ + HttpsMethod *me = (HttpsMethod *)clientp; + if(dltotal > 0 && me->Res.Size == 0) { + me->Res.Size = dltotal; + me->URIStart(me->Res); + } + return 0; +} + +bool HttpsMethod::SetupProxy() +{ + URI ServerName = Queue->Uri; + + // Determine the proxy setting + if (getenv("http_proxy") == 0) + { + string DefProxy = _config->Find("Acquire::http::Proxy"); + string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host); + if (SpecificProxy.empty() == false) + { + if (SpecificProxy == "DIRECT") + Proxy = ""; + else + Proxy = SpecificProxy; + } + else + Proxy = DefProxy; + } + + // Parse no_proxy, a , separated list of domains + if (getenv("no_proxy") != 0) + { + if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) + Proxy = ""; + } + + // Determine what host and port to use based on the proxy settings + int Port = 0; + string Host; + if (Proxy.empty() == true || Proxy.Host.empty() == true) + { + } + else + { + if (Proxy.Port != 0) + curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port); + curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str()); + } +} + + +// HttpsMethod::Fetch - Fetch an item /*{{{*/ +// --------------------------------------------------------------------- +/* This adds an item to the pipeline. We keep the pipeline at a fixed + depth. */ +bool HttpsMethod::Fetch(FetchItem *Itm) +{ + stringstream ss; + struct stat SBuf; + struct curl_slist *headers=NULL; + + // TODO: + // - http::Timeout + // - http::Pipeline-Depth + // - error checking/reporting + // - more debug options? (CURLOPT_DEBUGFUNCTION?) + + SetupProxy(); + + // callbacks + curl_easy_setopt(curl, CURLOPT_URL, Itm->Uri.c_str()); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, this); + curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback); + curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, this); + curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false); + curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); + + // FIXME: https: offer various options of verification + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); + + // cache-control + if(_config->FindB("Acquire::http::No-Cache",false) == false) + { + // cache enabled + if (_config->FindB("Acquire::http::No-Store",false) == true) + headers = curl_slist_append(headers,"Cache-Control: no-store"); + ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0)); + headers = curl_slist_append(headers, ss.str().c_str()); + } else { + // cache disabled by user + headers = curl_slist_append(headers, "Cache-Control: no-cache"); + headers = curl_slist_append(headers, "Pragma: no-cache"); + } + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); + + // set time values + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); + curl_easy_setopt(curl, CURLOPT_TIMEVALUE, Itm->LastModified); + + // speed limit + int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024; + if (dlLimit > 0) + curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit); + + // set header + curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")"); + + // debug + if(_config->FindB("Debug::Acquire::http", false)) + curl_easy_setopt(curl, CURLOPT_VERBOSE, true); + + // In this case we send an if-range query with a range header + if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) + curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size); + + // go for it - if the file exists, append on it + File = new FileFd(Itm->DestFile, FileFd::WriteAny); + File->Seek(File->Size()); + + // keep apt updated + Res.Filename = Itm->DestFile; + + // get it! + CURLcode success = curl_easy_perform(curl); + + + // cleanup + if(success != 0) { + Fail(); + return true; + } + + if (Res.Size == 0) + Res.Size = File->Size(); + + // check the downloaded result + struct stat Buf; + if (stat(File->Name().c_str(),&Buf) == 0) + { + Res.Size = Buf.st_size; + Res.Filename = File->Name(); + Res.LastModified = Buf.st_mtime; + Res.IMSHit = false; + if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0) + Res.IMSHit = true; + } + + // take hashes + Hashes Hash; + FileFd Fd(Res.Filename, FileFd::ReadOnly); + Hash.AddFD(Fd.Fd(), Fd.Size()); + Res.TakeHashes(Hash); + + // keep apt updated + URIDone(Res); + + // cleanup + File->Close(); + Res.Size = 0; + delete File; + curl_slist_free_all(headers); + + return true; +}; + +int main() +{ + setlocale(LC_ALL, ""); + + HttpsMethod Mth; + curl_global_init(CURL_GLOBAL_SSL) ; + + return Mth.Run(); +} + + diff --git a/methods/https.h b/methods/https.h new file mode 100644 index 000000000..6620a10fc --- /dev/null +++ b/methods/https.h @@ -0,0 +1,48 @@ +// -*- mode: cpp; mode: fold -*- +// Description /*{{{*/// $Id: http.h,v 1.12 2002/04/18 05:09:38 jgg Exp $ +// $Id: http.h,v 1.12 2002/04/18 05:09:38 jgg Exp $ +/* ###################################################################### + + HTTP Aquire Method - This is the HTTP aquire method for APT. + + ##################################################################### */ + /*}}}*/ + +#ifndef APT_HTTP_H +#define APT_HTTP_H + +#define MAXLEN 360 + +#include +#include + +using std::cout; +using std::endl; + +class HttpsMethod; + + +class HttpsMethod : public pkgAcqMethod +{ + + virtual bool Fetch(FetchItem *); + static size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp); + static int progress_callback(void *clientp, double dltotal, double dlnow, + double ultotal, double ulnow); + bool SetupProxy(); + CURL *curl; + FetchResult Res; + + public: + FileFd *File; + + HttpsMethod() : pkgAcqMethod("1.2",Pipeline | SendConfig) + { + File = 0; + curl = curl_easy_init(); + }; +}; + +URI Proxy; + +#endif diff --git a/methods/makefile b/methods/makefile index 1e3b1ef85..e3db7210a 100644 --- a/methods/makefile +++ b/methods/makefile @@ -52,6 +52,13 @@ LIB_MAKES = apt-pkg/makefile SOURCE = http.cc rfc2553emu.cc connect.cc include $(PROGRAM_H) +# The https method +PROGRAM=https +SLIBS = -lapt-pkg -lcurl +LIB_MAKES = apt-pkg/makefile +SOURCE = https.cc +include $(PROGRAM_H) + # The ftp method PROGRAM=ftp SLIBS = -lapt-pkg $(SOCKETLIBS) -- cgit v1.2.3 From 714ee06cb1f8892f283bcdcfbb7ebbba8d642193 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 19 Dec 2006 13:11:26 +0100 Subject: * methods/https.cc: - implemented various cert verification options --- methods/https.cc | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'methods') diff --git a/methods/https.cc b/methods/https.cc index 06b7dff48..b758e4ab3 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -107,6 +107,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) stringstream ss; struct stat SBuf; struct curl_slist *headers=NULL; + char curl_errorstr[CURL_ERROR_SIZE]; // TODO: // - http::Timeout @@ -126,7 +127,22 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); // FIXME: https: offer various options of verification - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); + bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); + + // sslcert file + string pem = _config->Find("Acquire::https::SslCert",""); + if(pem != "") + curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str()); + + // CA-Dir + string certdir = _config->Find("Acquire::https::CaPath",""); + if(certdir != "") + curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str()); + + // Server-verify + int verify = _config->FindI("Acquire::https::Verify-Host",2); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); // cache-control if(_config->FindB("Acquire::http::No-Cache",false) == false) @@ -156,9 +172,12 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_USERAGENT,"Debian APT-CURL/1.0 ("VERSION")"); // debug - if(_config->FindB("Debug::Acquire::http", false)) + if(_config->FindB("Debug::Acquire::https", false)) curl_easy_setopt(curl, CURLOPT_VERBOSE, true); + // error handling + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errorstr); + // In this case we send an if-range query with a range header if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) curl_easy_setopt(curl, CURLOPT_RESUME_FROM, (long)SBuf.st_size); @@ -176,6 +195,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // cleanup if(success != 0) { + _error->Error(curl_errorstr); Fail(); return true; } @@ -191,8 +211,11 @@ bool HttpsMethod::Fetch(FetchItem *Itm) Res.Filename = File->Name(); Res.LastModified = Buf.st_mtime; Res.IMSHit = false; - if (Itm->LastModified == Buf.st_mtime && Itm->LastModified != 0) + if (Itm->LastModified != 0 && Buf.st_mtime >= Itm->LastModified) + { Res.IMSHit = true; + Res.LastModified = Itm->LastModified; + } } // take hashes -- cgit v1.2.3