From patchwork Sun Mar 25 02:22:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 1712 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id CC53160329 for ; Sat, 24 Mar 2018 16:22:26 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org X-Spam-Flag: NO X-Spam-Score: -0.55 X-Spam-Level: X-Spam-Status: No, score=-0.55 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 5D20A110886C; Sat, 24 Mar 2018 15:22:25 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dkim=pass (2048-bit key) header.d=link38.eu header.i=@link38.eu header.b="QQiJj8WG" X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx-nbg.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 6BF98108B883 for ; Sat, 24 Mar 2018 15:22:20 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=pass (p=none dis=none) header.from=link38.eu Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=peter.mueller@link38.eu DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803; t=1521904940; h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding; bh=mideCZoP6SQCogHxcAa8K0gyhXsMen0P7tXTsfZIWHo=; b=QQiJj8WGCbqL8/aBsK87rFLK5QuaeM+30np5AXcG7BCFRjc5gSUQ6RQHkuLbKJbRPNiQJw 4Af13+Yf2r06r6YoDk8obgU1Ca/lgmjp9iDYYBSMSgfEHiZFkh7kat5YJBiUyfQvBed6zr 4LhufTyXdpVzePQSxlgzhhFyR/gTsEN9A0iDQ7K1iiKLiLIHPsrqAbn70hUxrqbzQAvPdd MRSpWAgvyXlzSdh7LGxhK9Yt659Ky/dvJCiBMfGEgaVAKjmlJeO7AzNvwN9w/234lal1bS 9bMoKUhUa08a2cB0xmIcs4SWrJMH/aAGVmTyvq7JuMjjwwbaDWR5bKgBSQnokQ== Date: Sat, 24 Mar 2018 16:22:18 +0100 From: Peter =?utf-8?q?M=C3=BCller?= To: "development@lists.ipfire.org" Subject: [PATCH] use protocol defined in server-list.db for mirror communication Message-ID: <20180324162218.28f9d594.peter.mueller@link38.eu> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For each mirror server, a protocol can be specified in the server-list.db database. However, it was not used for the actual URL query to a mirror before. This might be useful for deploy HTTPS pinning for Pakfire. If a mirror is known to support HTTPS, all queries to it will be made with this protocol. This saves some overhead if HTTPS is enforced on a mirror via 301 redirects. To enable this, the server-list.db needs to be adjusted. Partially fixes #11661. Signed-off-by: Peter Müller Cc: Michael Tremer --- src/pakfire/lib/functions.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl index c97d4254d..94f9f1826 100644 --- a/src/pakfire/lib/functions.pl +++ b/src/pakfire/lib/functions.pl @@ -171,8 +171,11 @@ sub fetchfile { } } + # Use specified protocol for mirror communication (allows HTTPS pinning) + my $urlproto = lc $proto; + $final_data = undef; - my $url = "http://$host/$file"; + my $url = "$urlproto://$host/$file"; my $response; unless ($bfile =~ /^counter.py\?.*/) {