From dccd27ed8bf4da446db68e274d211f28489b654a Mon Sep 17 00:00:00 2001 From: Miguel Figueiredo Date: Fri, 10 Sep 2010 20:53:27 +0000 Subject: support for https on debootstrap r64676 --- debian/changelog | 5 +++++ debootstrap | 32 +++++++++++++++++++++++++++++++- debootstrap.8 | 9 +++++++++ functions | 17 ++++++++++++++++- 4 files changed, 61 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 5598bb1..f9a0f8a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,10 @@ debootstrap (1.0.24) UNRELEASED; urgency=low + [ Miguel Figueiredo ] + * Apply patches from by Jonathan Klee and Guillaume Chauvel + to add support to https (closes: #521196). + + [ Colin Watson ] * Add (Ubuntu) natty as a symlink to gutsy. -- Colin Watson Wed, 18 Aug 2010 12:07:52 +0100 diff --git a/debootstrap b/debootstrap index 171a5ef..0d230c8 100755 --- a/debootstrap +++ b/debootstrap @@ -94,6 +94,9 @@ usage() (supported: $EXTRACTORS_SUPPORTED) --boot-floppies used for internal purposes by boot-floppies --debian-installer used for internal purposes by debian-installer + --private-key=file read the private key from file + --certificate=file use the client certificate stored in file (PEM) + --no-check-certificate do not check certificate against certificate authorities EOF } @@ -301,6 +304,32 @@ if [ $# != 0 ] ; then error 1 NEEDARG "option requires an argument %s" "$1" fi ;; + --certificate|--certificate=?*) + if [ "$1" = "--certificate" -a -n "$2" ]; then + CERTIFICATE="--certificate=$2" + shift 2 + elif [ "$1" != "${1#--certificate=}" ]; then + CERTIFICATE="--certificate=${1#--certificate=}" + shift 1 + else + error 1 NEEDARG "option requires an argument %s" "$1" + fi + ;; + --private-key|--private-key=?*) + if [ "$1" = "--private-key" -a -n "$2" ]; then + PRIVATEKEY="$2" + shift 2 + elif [ "$1" != "${1#--private-key=}" ]; then + PRIVATEKEY="--private--key=${1#--private-key=}" + shift 1 + else + error 1 NEEDARG "option requires an argument %s" "$1" + fi + ;; + --no-check-certificate) + CHECKCERTIF="--no-check-certificate" + shift + ;; --*) error 1 BADARG "unrecognized or invalid option %s" "$1" ;; @@ -477,6 +506,7 @@ fi ########################################################################### if am_doing_phase finddebs; then + echo "finddebs!!!" if [ "$FINDDEBS_NEEDS_INDICES" = "true" ] || \ [ "$RESOLVE_DEPS" = "true" ]; then download_indices @@ -577,7 +607,7 @@ if am_doing_phase second_stage; then if [ -e "$TARGET/etc/apt/sources.list" ]; then rm -f "$TARGET/etc/apt/sources.list" fi - if [ "${MIRRORS#http://}" != "$MIRRORS" ]; then + if [ "${MIRRORS#http*://}" != "$MIRRORS" ]; then setup_apt_sources "${MIRRORS%% *}" mv_invalid_to "${MIRRORS%% *}" else diff --git a/debootstrap.8 b/debootstrap.8 index ec13649..d32d19b 100644 --- a/debootstrap.8 +++ b/debootstrap.8 @@ -137,6 +137,15 @@ Override automatic .deb extractor selection to .IR TYPE . Supported extractors are: dpkg-deb and ar. .IP +.IP "\fB\-\-no\-check\-certificate\fP" +Do not check certificate against certificate authorities +.IP +.IP "\fB\-\-certificate=FILE\fP" +Use the client certificate stored in file (PEM) +.IP +.IP "\fB\-\-private\-key=FILE\fP" +Read the private key from file + .SH EXAMPLES . .PP diff --git a/functions b/functions index 14f86ff..07b56d2 100644 --- a/functions +++ b/functions @@ -70,7 +70,7 @@ wgetprogress () { wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3 ret=$? else - wget $QSWITCH "$@" + wget $QSWITCH "$@" ret=$? fi return $ret @@ -342,6 +342,21 @@ just_get () { rm -f "$dest" return 1 fi + elif [ "${from#https://}" != "$from" ] ; then + # http/ftp mirror + if wgetprogress $CHECKCERTIF $CERTIFICATE $PRIVATEKEY -O "$dest" "$from"; then + return 0 + elif [ -s "$dest" ]; then + local iters=0 + while [ "$iters" -lt 3 ]; do + warning RETRYING "Retrying failed download of %s" "$from" + if wgetprogress $CHECKCERTIF $CERTIFICATE $PRIVATEKEY -c -O "$dest" "$from"; then break; fi + iters="$(($iters + 1))" + done + else + rm -f "$dest" + return 1 + fi elif [ "${from#file:}" != "$from" ]; then local base="${from#file:}" if [ "${base#//}" != "$base" ]; then -- cgit v0.12