[devscripts] 01/06: Add support for RMADISON_SSL_CA_FILE and RMADISON_SSL_CA_PATH.
James McCoy
jamessan at debian.org
Sun May 10 04:38:05 UTC 2015
This is an automated email from the git hooks/post-receive script.
jamessan pushed a commit to branch master
in repository devscripts.
commit 325bf21b8106f0466ccfa2387f78699c71a7216d
Author: Cyril Brulebois <kibi at debian.org>
Date: Sat May 9 04:47:12 2015 +0200
Add support for RMADISON_SSL_CA_FILE and RMADISON_SSL_CA_PATH.
With this, one can point to system-specific locations for CA-related
files, and pass them to curl/wget via the appropriate options.
Signed-off-by: Cyril Brulebois <kibi at debian.org>
Signed-off-by: James McCoy <jamessan at debian.org>
---
debian/changelog | 3 +++
scripts/rmadison.pl | 28 +++++++++++++++++++++++++++-
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 402b31f..6bb1ea2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ devscripts (2.15.5) UNRELEASED; urgency=medium
* Update chdist bash-completion file with the architectures currently (as
of 2015-04-28) listed on buildd.debian.org and buildd.debian-ports.org.
(Closes: #783634)
+ * Add support for RMADISON_SSL_CA_FILE and RMADISON_SSL_CA_PATH, so that
+ one can point to system-specific locations for CA-related files, and pass
+ them to curl/wget via the appropriate options. (Closes: #784812)
[ James McCoy ]
* wrap-and-sort:
diff --git a/scripts/rmadison.pl b/scripts/rmadison.pl
index 7b41d0c..8008256 100755
--- a/scripts/rmadison.pl
+++ b/scripts/rmadison.pl
@@ -95,6 +95,8 @@ EOT
my $params;
my $default_arch;
+my $ssl_ca_file;
+my $ssl_ca_path;
if (@ARGV and $ARGV[0] =~ /^--no-?conf$/) {
shift;
@@ -122,6 +124,10 @@ if (@ARGV and $ARGV[0] =~ /^--no-?conf$/) {
$default_url=$1;
} elsif ($envvar =~ /^RMADISON_ARCHITECTURE=(.*)$/) {
$default_arch=$1;
+ } elsif ($envvar =~ /^RMADISON_SSL_CA_FILE=(.*)$/) {
+ $ssl_ca_file=$1;
+ } elsif ($envvar =~ /^RMADISON_SSL_CA_PATH=(.*)$/) {
+ $ssl_ca_path=$1;
}
}
}
@@ -199,7 +205,17 @@ s/:.*// for (@ARGV);
foreach my $url (@url) {
print "$url:\n" if @url > 1;
$url = $url_map{$url} if $url_map{$url};
- my @cmd = -x "/usr/bin/curl" ? qw/curl -f -s -S -L/ : qw/wget -q -O -/;
+ my @cmd;
+ if ( -x "/usr/bin/curl" ) {
+ @cmd = qw/curl -f -s -S -L/;
+ push @cmd, "--cacert", $ssl_ca_file if $ssl_ca_file;
+ push @cmd, "--capath", $ssl_ca_path if $ssl_ca_path;
+
+ } else {
+ @cmd = qw/wget -q -O -/;
+ push @cmd, "--ca-certificate=$ssl_ca_file" if $ssl_ca_file;
+ push @cmd, "--ca-directory=$ssl_ca_path" if $ssl_ca_path;
+ }
system @cmd, $url . (($url =~ m/\?/)?'&':'?')."package=" . join("+", map { uri_escape($_) } @ARGV) . "&text=on&" . join ("&", @args);
$status = 1 if ($? >> 8 != 0);
}
@@ -330,6 +346,16 @@ Set the default architecture to use unless overridden by a command line option.
To run an unrestricted query when B<RMADISON_ARCHITECTURE> is set, use
B<--architecture='*'>.
+=item B<RMADISON_SSL_CA_FILE>=I<FILE>
+
+Use the specified CA file instead of the default CA bundle for curl/wget,
+passed as --cacert to curl, and as --ca-certificate to wget.
+
+=item B<RMADISON_SSL_CA_PATH>=I<PATH>
+
+Use the specified CA directory instead of the default CA bundle for curl/wget,
+passed as --capath to curl, and as --ca-directory to wget.
+
=back
=head1 NOTES
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list