Bug#697687: debmirror: [PATCH] add https method

[Fernando Ike]

On 11-01-2013 18:05, Joey Hess wrote:

Fernando Ike wrote:

  You are rigth about documentation. Have you some suggestion?

I think that naming it --disable-ssl-verification would make the
documentation easy to write.

  I changed name to --disable-ssl-verification. It's better same.

  My fault, sorry! What's version is better for you to apply patch?
stable release ou git?

git. Use "git-format-patch HEAD^" after committing to your local git
repository.

  The patch is attached and I used git-format-patch as your tip


Best Regards,
--
Fernando Ike
http://fernandoike.com

>From 7975d91fd85b7baf6253bd7b1a1d7b016064dde6 Mon Sep 17 00:00:00 2001
From: fike <f...@midstorm.org>
Date: Thu, 17 Jan 2013 23:20:01 -0200
Subject: [PATCH] * added http method and disable ssl verification

---
 debmirror      |   38 +++++++++++++++++++++++++++++++++-----
 doc/design.txt |    1 +
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/debmirror b/debmirror
index 9126548..5e25dcc 100755
--- a/debmirror
+++ b/debmirror
@@ -103,7 +103,7 @@ directory has a F<dists> subdirectory.
 =item B<--method>=I<method>
 
 Specify the method to download files. Currently, supported methods are
-B<ftp>, B<http>, and B<rsync>.
+B<ftp>, B<http>, B<https>, and B<rsync>.
 
 =item B<--passive>
 
@@ -429,6 +429,12 @@ but B<debmirror>
 will automatically create a new symlink S<suite -E<gt> codename> (immediately
 after moving meta files in place). This conversion should only be needed once.
 
+=item B<--disable-ssl-verification>
+
+To use https method, the debmirror has to check if SSL certificate is 
+valid or not. If download server is a self-signed SSL certificate, 
+it needs to be disabled adding "--disable-ssl-verification"
+
 =item B<--debmarshal>
 
 On each pull, keep the repository meta data from dists/* in a numbered
@@ -611,6 +617,8 @@ our $gzip_options="-9 -n --rsyncable";
 our $omit_suite_symlinks=0;
 our $allow_dist_rename=0;
 our $debmarshal=0;
+our $self_signed=1;
+our $disable_ssl_verification;
 our $slow_cpu=0;
 our $check_gpg=1;
 our $new_mirror=0;
@@ -725,7 +733,8 @@ GetOptions('debug'                  => \$debug,
 	   'allow-dist-rename'      => \$allow_dist_rename,
 	   'debmarshal'             => \$debmarshal,
 	   'slow-cpu'               => \$slow_cpu,
-           'keyring=s'              => \@keyrings,
+	   'disable-ssl-verification' => \$disable_ssl_verification,	
+       'keyring=s'              => \@keyrings,
 	   'help'                   => \$help,
 ) or usage;
 usage if $help;
@@ -825,6 +834,7 @@ if ($post_cleanup) {
 }
 say("Dry run.") if $dry_run;
 say("Debmarshal snapshots kept.") if $debmarshal;
+say("Disable SSL verification.") if $disable_ssl_verification;
 
 # Set up mirror directory and resolve $mirrordir to a full path for
 # locking and rsync
@@ -866,6 +876,11 @@ $files{$lockfile}=1;
 my $rsynctempfile;
 END { unlink $rsynctempfile if $rsynctempfile }
 
+# Set up if it disable ssl verification
+if ($self_signed eq $disable_ssl_verification) {
+   $self_signed = 0;
+}
+
 sub init_connection {
   $_ = $download_method;
 
@@ -877,6 +892,17 @@ sub init_connection {
     $ua->show_progress($progress);
     return;
   };
+  
+  /^https$/ && do {
+    $ua = LWP::UserAgent->new(keep_alive => 1, ssl_opts => {
+    verify_hostname => $self_signed });
+    $ua->timeout($timeout);
+    $ua->proxy('https', $ENV{http_proxy}) if $ENV{https_proxy};
+	$ua->proxy('https', $proxy) if $proxy;
+    $ua->show_progress($progress);
+    return;
+  };
+
 
   /^ftp$/ && do {
     if ($proxy || $ENV{ftp_proxy}) {
@@ -1292,7 +1318,8 @@ say("Files to download: ".print_dl_size($bytes_to_get - $bytes_gotten));
 batch_get();
 
 sub batch_get {
-  if ($download_method eq 'ftp' || $download_method eq 'http') {
+  if ($download_method eq 'ftp' || $download_method eq 'http' ||
+   $download_method eq 'https') {
     my $dirname;
     my $i=0;
     foreach my $file (sort keys %files) {
@@ -1651,8 +1678,9 @@ sub remote_get {
   $tdir=$tempdir unless $tdir;
   chdir($tdir) or die "unable to chdir($tdir): $!\n";
 
-  if ($download_method eq 'ftp' || $download_method eq 'http') {
-    $res=$ftp ? ftp_get($file) : http_get($file);
+  if ($download_method eq 'ftp' || $download_method eq 'http' ||
+    $download_method eq 'https') {
+	$res=$ftp ? ftp_get($file) : http_get($file);
     $res=$res && check_lists($file);
     if (-f $file && !$res) {
       say("$file failed checksum verification, removing");
diff --git a/doc/design.txt b/doc/design.txt
index 9e8875f..68b6b45 100644
--- a/doc/design.txt
+++ b/doc/design.txt
@@ -68,6 +68,7 @@ Source:
    - ftp
    - hftp (ftp via http://user:pass@proxy:port/)
    - http
+   - https
    - rsync
    - wget (wget-ftp)
    - print (output what should be done)
-- 
1.7.10.4