]> git.saurik.com Git - apt.git/commitdiff
add https options which default to the ones from http for the https
authorDavid Kalnischkies <kalnischkies@gmail.com>
Thu, 10 Dec 2009 23:38:13 +0000 (00:38 +0100)
committerDavid Kalnischkies <kalnischkies@gmail.com>
Thu, 10 Dec 2009 23:38:13 +0000 (00:38 +0100)
method as this is more sane than using only the http options without
a possibility to override these for https.

debian/changelog
doc/apt.conf.5.xml
doc/examples/configure-index
methods/https.cc

index 0cfd36c00ec055afb08843a8016fd711ac8eb7fb..e930de0dd538bb073d4ce6416c064dbbaf483420 100644 (file)
@@ -56,6 +56,7 @@ apt (0.7.25) UNRELEASED; urgency=low
   * doc/po4a.conf: activate translation of guide.sgml and offline.sgml
   * doc/apt.conf.5.xml:
     - provide a few more details about APT::Immediate-Configure
+    - briefly document the behaviour of the new https options
   * doc/sources.list.5.xml:
     - add note about additional apt-transport-methods
   * doc/apt-mark.8.xml:
@@ -97,6 +98,7 @@ apt (0.7.25) UNRELEASED; urgency=low
   * methods/http{,s}.cc
     - add config setting for User-Agent to the Acquire group,
       thanks Timothy J. Miller! (Closes: #355782)
+    - add https options which default to http ones (Closes: #557085)
 
   [ Chris Leick ]
   * doc/ various manpages:
index 726bca2cc0f75ff16f148a82f70fcce9946d4e0e..d7ad51cfb4aa24f8dbd1d46e1bbca9cdf0a0de32 100644 (file)
@@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
      </varlistentry>
 
      <varlistentry><term>https</term>
-        <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
-        <literal>http</literal> method.
-        <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+        <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+        proxy options are the same as for <literal>http</literal> method and will also
+        default to the options from the <literal>http</literal> method if they are not
+        explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+        supported yet.</para>
 
         <para><literal>CaInfo</literal> suboption specifies place of file that
         holds info about trusted certificates.
index 333c8df7e413d79de90adea54b2332cb531584e1..ced390447bbb0da40e20c1d9302051910319ba02 100644 (file)
@@ -194,19 +194,34 @@ Acquire
     User-Agent "Debian APT-HTTP/1.3";
   };
 
-  // HTTPS method configuration:
-  // - uses the http proxy config 
-  // - uses the http cache-control values
-  // - uses the http Dl-Limit values
-  https 
+
+
+  // HTTPS method configuration: uses the http
+  // - proxy config
+  // - cache-control values
+  // - Dl-Limit, Timout, ... values
+  // if not set explicit for https
+  //
+  // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+  // for more examples
+  https
   {
        Verify-Peer "false";
        SslCert "/etc/apt/some.pem";
-        CaPath  "/etc/ssl/certs";
-        Verify-Host" "true";
-        AllowRedirect  "true";
+       CaPath  "/etc/ssl/certs";
+       Verify-Host" "true";
+       AllowRedirect  "true";
+
+       Timeout "120";
+       AllowRedirect  "true";
+
+       // Cache Control. Note these do not work with Squid 2.0.2
+       No-Cache "false";
+       Max-Age "86400";     // 1 Day age on index files
+       No-Store "false";    // Prevent the cache from storing archives
+       Dl-Limit "7";        // 7Kb/sec maximum download rate
 
-        User-Agent "Debian APT-CURL/1.0";
+       User-Agent "Debian APT-CURL/1.0";
   };
 
   ftp
index a4f39c3797c4c4879b85e87e15a8ec94dcdd2649..ed1f181509e1389fb8014bba5cd8914af98ad107 100644 (file)
@@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
 // Description                                                         /*{{{*/
 // $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
 /* ######################################################################
@@ -57,54 +57,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
    return 0;
 }
 
-void HttpsMethod::SetupProxy()
-{
-   URI ServerName = Queue->Uri;
-
-   // Determine the proxy setting
-   string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
-   if (!SpecificProxy.empty())
-   {
-          if (SpecificProxy == "DIRECT")
-                  Proxy = "";
-          else
-                  Proxy = SpecificProxy;
-   }
-   else
-   {
-          string DefProxy = _config->Find("Acquire::http::Proxy");
-          if (!DefProxy.empty())
-          {
-                  Proxy = DefProxy;
-          }
-          else
-          {
-                  char* result = getenv("http_proxy");
-                  Proxy = result ? result : "";
-          }
-   }
-   
-   // Parse no_proxy, a , separated list of domains
-   if (getenv("no_proxy") != 0)
-   {
-      if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
-        Proxy = "";
-   }
-   
-   // Determine what host and port to use based on the proxy settings
-   string Host;   
-   if (Proxy.empty() == true || Proxy.Host.empty() == true)
-   {
-   }
-   else
-   {
-      if (Proxy.Port != 0)
-        curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
-      curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
-   }
-}
-
-
+void HttpsMethod::SetupProxy() {                                       /*{{{*/
+       URI ServerName = Queue->Uri;
+
+       // Determine the proxy setting - try https first, fallback to http and use env at last
+       string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+                               _config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+       if (UseProxy.empty() == true)
+               UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+       // User want to use NO proxy, so nothing to setup
+       if (UseProxy == "DIRECT")
+               return;
+
+       if (UseProxy.empty() == false) {
+               // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+               // a proxy for so we stop right here if it is in the list
+               if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+                       return;
+       } else {
+               const char* result = getenv("http_proxy");
+               UseProxy = result == NULL ? "" : result;
+       }
+
+       // Determine what host and port to use based on the proxy settings
+       if (UseProxy.empty() == false) {
+               Proxy = UseProxy;
+               if (Proxy.Port != 1)
+                       curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+               curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+       }
+}                                                                      /*}}}*/
 // HttpsMethod::Fetch - Fetch an item                                  /*{{{*/
 // ---------------------------------------------------------------------
 /* This adds an item to the pipeline. We keep the pipeline at a fixed
@@ -191,12 +175,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);
 
    // cache-control
-   if(_config->FindB("Acquire::http::No-Cache",false) == false)
+   if(_config->FindB("Acquire::https::No-Cache",
+       _config->FindB("Acquire::http::No-Cache",false)) == false)
    {
       // cache enabled
-      if (_config->FindB("Acquire::http::No-Store",false) == true)
+      if (_config->FindB("Acquire::https::No-Store",
+               _config->FindB("Acquire::http::No-Store",false)) == true)
         headers = curl_slist_append(headers,"Cache-Control: no-store");
-      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+               _config->FindI("Acquire::http::Max-Age",0)));
       headers = curl_slist_append(headers, ss.str().c_str());
    } else {
       // cache disabled by user
@@ -206,7 +193,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
 
    // speed limit
-   int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+   int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+               _config->FindI("Acquire::http::Dl-Limit",0))*1024;
    if (dlLimit > 0)
       curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
 
@@ -217,14 +205,16 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
                        "Debian APT-CURL/1.0 ("VERSION")")));
 
    // set timeout
-   int timeout = _config->FindI("Acquire::http::Timeout",120);
+   int timeout = _config->FindI("Acquire::https::Timeout",
+               _config->FindI("Acquire::http::Timeout",120));
    curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
    //set really low lowspeed timeout (see #497983)
    curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED);
    curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);
 
    // set redirect options and default to 10 redirects
-   bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+   bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+       _config->FindB("Acquire::http::AllowRedirect",true));
    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
    curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);