Package: debmirror
Version: 1:2.14
Severity: wishlist
Tags: patch
Hi!
Add the https method for situation that repository use only https.
As options, it has disable option for ssl verification on cases that
web server use self-signed certificate.
debmirror --method https {--self-signed} ...
In attachment is two patch files. One base the last version release
(2.14) and another base master branch.
Regards,
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages debmirror depends on:
ii bzip2 1.0.6-4
pn libdigest-md5-perl <none>
ii liblockfile-simple-perl 0.208-1
ii libnet-inet6glue-perl 0.5-1
ii libwww-perl 6.04-1
ii perl [libdigest-sha-perl] 5.14.2-16
ii perl-modules [libnet-perl] 5.14.2-16
ii rsync 3.0.9-4
Versions of packages debmirror recommends:
ii ed 1.6-2
ii gpgv 1.4.12-7
ii patch 2.6.1-3
Versions of packages debmirror suggests:
ii gnupg 1.4.12-7
-- no debconf information
diff --git a/debmirror b/debmirror
index 9126548..8007749 100755
--- a/debmirror
+++ b/debmirror
@@ -103,7 +103,7 @@ directory has a F<dists> subdirectory.
=item B<--method>=I<method>
Specify the method to download files. Currently, supported methods are
-B<ftp>, B<http>, and B<rsync>.
+B<ftp>, B<http>, B<https>, and B<rsync>.
=item B<--passive>
@@ -429,6 +429,11 @@ but B<debmirror>
will automatically create a new symlink S<suite -E<gt> codename> (immediately
after moving meta files in place). This conversion should only be needed once.
+=item B<--self-signed>=I<number>
+
+By default debmirror checks if the certificate (https) is self-signed
+or not. If host certificate is self-signed, you have disable the verification ("0").
+
=item B<--debmarshal>
On each pull, keep the repository meta data from dists/* in a numbered
@@ -878,6 +883,17 @@ sub init_connection {
return;
};
+ /^https$/ && do {
+ $ua = LWP::UserAgent->new(keep_alive => 1, ssl_opts => {
+ verify_hostname => $self_signed });
+ $ua->timeout($timeout);
+ $ua->proxy('https', $ENV{http_proxy}) if $ENV{https_proxy};
+ $ua->proxy('https', $proxy) if $proxy;
+ $ua->show_progress($progress);
+ return;
+ };
+
+
/^ftp$/ && do {
if ($proxy || $ENV{ftp_proxy}) {
$ua = LWP::UserAgent->new;
@@ -1292,7 +1308,8 @@ say("Files to download: ".print_dl_size($bytes_to_get - $bytes_gotten));
batch_get();
sub batch_get {
- if ($download_method eq 'ftp' || $download_method eq 'http') {
+ if ($download_method eq 'ftp' || $download_method eq 'http' ||
+ $download_method eq 'https') {
my $dirname;
my $i=0;
foreach my $file (sort keys %files) {
@@ -1651,8 +1668,9 @@ sub remote_get {
$tdir=$tempdir unless $tdir;
chdir($tdir) or die "unable to chdir($tdir): $!\n";
- if ($download_method eq 'ftp' || $download_method eq 'http') {
- $res=$ftp ? ftp_get($file) : http_get($file);
+ if ($download_method eq 'ftp' || $download_method eq 'http' ||
+ $download_method eq 'https') {
+ $res=$ftp ? ftp_get($file) : http_get($file);
$res=$res && check_lists($file);
if (-f $file && !$res) {
say("$file failed checksum verification, removing");
diff --git a/doc/design.txt b/doc/design.txt
index 9e8875f..68b6b45 100644
--- a/doc/design.txt
+++ b/doc/design.txt
@@ -68,6 +68,7 @@ Source:
- ftp
- hftp (ftp via http://user:pass@proxy:port/)
- http
+ - https
- rsync
- wget (wget-ftp)
- print (output what should be done)
--- debmirror-2.14/debmirror 2012-06-26 20:28:46.000000000 -0300
+++ debmirror_https/debmirror 2013-01-08 04:20:25.378316228 -0200
@@ -103,7 +103,7 @@
=item B<--method>=I<method>
Specify the method to download files. Currently, supported methods are
-B<ftp>, B<http>, and B<rsync>.
+B<ftp>, B<http>, B<https>, and B<rsync>.
=item B<--passive>
@@ -402,6 +402,11 @@
will automatically create a new symlink S<suite -E<gt> codename> (immediately
after moving meta files in place). This conversion should only be needed once.
+=item B<--self-signed>=I<number>
+
+By default debmirror checks if the certificate (https) is self-signed
+or not. If host certificate is self-signed, you have disable the verification ("0").
+
=item B<--debmarshal>
On each pull, keep the repository meta data from dists/* in a numbered
@@ -581,6 +586,7 @@
our $allow_dist_rename=0;
our $debmarshal=0;
our $slow_cpu=0;
+ our $self_signed=1;
our $check_gpg=1;
our $new_mirror=0;
my @errlog;
@@ -692,6 +698,7 @@
'allow-dist-rename' => \$allow_dist_rename,
'debmarshal' => \$debmarshal,
'slow-cpu' => \$slow_cpu,
+ 'self-signed' => \$self_signed,
'help' => \$help,
) or usage;
usage if $help;
@@ -844,6 +851,16 @@
return;
};
+ /^https$/ && do {
+ $ua = LWP::UserAgent->new(keep_alive => 1, ssl_opts => {
+ verify_hostname => $self_signed });
+ $ua->timeout($timeout);
+ $ua->proxy('https', $ENV{http_proxy}) if $ENV{https_proxy};
+ $ua->proxy('https', $proxy) if $proxy;
+ $ua->show_progress($progress);
+ return;
+ };
+
/^ftp$/ && do {
if ($proxy || $ENV{ftp_proxy}) {
$ua = LWP::UserAgent->new;
@@ -1238,7 +1255,8 @@
batch_get();
sub batch_get {
- if ($download_method eq 'ftp' || $download_method eq 'http') {
+ if ($download_method eq 'ftp' || $download_method eq 'http' ||
+ $download_method eq 'https') {
my $dirname;
my $i=0;
foreach my $file (sort keys %files) {
@@ -1577,7 +1595,8 @@
$tdir=$tempdir unless $tdir;
chdir($tdir) or die "unable to chdir($tdir): $!\n";
- if ($download_method eq 'ftp' || $download_method eq 'http') {
+ if ($download_method eq 'ftp' || $download_method eq 'http' ||
+ $download_method eq 'https') {
$res=$ftp ? ftp_get($file) : http_get($file);
$res=$res && check_lists($file);
if (-f $file && !$res) {
