Bug#784812: devscripts: [rmadison] please add support for alternate CA file/path

[Cyril Brulebois]

Package: devscripts
Version: 2.15.3
Severity: important
Tags: patch

Control: block 784811 by -1

(x-d-cc: debian-boot@, please keep the list in the loop.)

Hi,

*.debian.org have a few tweaks for SSL certificates, and one needs to point
tools to /etc/ssl/ca-debian or /etc/ssl/ca-debian/ca-certificates.crt to be
able to validate *.debian.org certificates.

You'll find attached a patch which implements support for new configuration
options. Quoting the updated manpage:
|        RMADISON_SSL_CA_FILE=FILE
|            Use the specified CA file instead of the default CA bundle
|            for curl/wget, passed as --cacert to curl, and as
|            --ca-certificate to wget.
| 
|        RMADISON_SSL_CA_PATH=PATH
|            Use the specified CA directory instead of the default CA
|            bundle for curl/wget, passed as --capath to curl, and as
|            --ca-directory to wget.

I've checked that setting either of those in ~d-i/.devscripts.conf on dillon
works:
| RMADISON_SSL_CA_PATH=/etc/ssl/ca-debian
| #RMADISON_SSL_CA_FILE=/etc/ssl/ca-debian/ca-certificates.crt

both with curl and with wget (I've cheated by changing the check on -x curl
to -x curly to test the wget code path).

I think it'd be worth implementing this in jessie as well. I /could/
maintain a patched rmadison binary to be used on dillon.debian.org for d-i
needs but…

Thanks for considering.

Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-support-for-RMADISON_SSL_CA_FILE-and-RMADISON_SS.patch
Type: text/x-diff
Size: 3195 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20150509/9dc06b2e/attachment.patch>