Re: [PATCH] APT https method improvements

To: Michael Vogt <mvogt@acm.org>
Cc: APT development ML <deity@lists.debian.org>, Axel Tillequin <axel.tillequin@eads.net>
Subject: Re: [PATCH] APT https method improvements
From: arno@natisbad.org (Arnaud Ebalard)
Date: Thu, 19 Jun 2008 13:57:51 +0200
Message-id: <[🔎] 87tzfpeiww.fsf@natisbad.org>
In-reply-to: <[🔎] 20080619103359.GA3718@tas.localdomain> (Michael Vogt's message of "Thu, 19 Jun 2008 12:34:00 +0200")
References: <[🔎] 877id7sskr.fsf@natisbad.org> <[🔎] 20080619103359.GA3718@tas.localdomain>

Hi Michael,

Michael Vogt <mvogt@acm.org> writes:

> On Mon, Jun 02, 2008 at 06:35:32PM +0200, Arnaud Ebalard wrote:
>> Hi,
> Hi,
>  
>> Attached is a set of simple patches for apt https method developed by
>> Axel and I. They add client authentication, CRL handling, and ability to
>> check issuer, and also some other things that are described in detail
>> below.
>
> Thanks a lot for your patch and sorry for the late reply.

Happy to help.

> For when is 7.18.3 scheduled? 

7.19.0 is scheduled for august (one stable release every two monthes or
so). Daniel Steinberg decided to jump from 7.18.2 (released last week
or so) to 7.19.0. Generally, the new version is almost immediately
available as a Debian package.

In the end, this lets time to improve the patches if needed.

>> +   // File containing the list of trusted CA.
>> +   string cainfo = _config->Find("Acquire::https::CaInfo","");
> [..]
>
> If this is a file, then we should probably use the "Dir::Etc"
> hirarchie together with "FindFile()". So "Dir::Etc::CaInfo". Maybe a
> new level under "Dir" instead of "Dir::Etc" if there are a lot of
> option. One of Dir::Auth, Dir::TLS, Dir::SSL? (Same for the other bits
> below were files are used). Otherwise it looks good.

Those elements are all "https-related", hence the idea of sticking with
Acquire::https not to confuse the user. I'll let you decide what is the
best.

For the Find()/FindFile(), I simply reused the Find() because it was
the method used in https.cc. I was not aware of FindFile() at that
time. I wonder what the switch to FindFile() will provide because the
strings are directly passed to curl via curl_easy_setopt(). AFAICT, the
additional features provided by FindFile() are not needed. Is that
correct?

If you make some changes to the patches, I'd be happy to test them.

>> Index: apt-0.7.13/doc/examples/apt-https-method-example.conf
>> ===================================================================
>> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
>> +++ apt-0.7.13/doc/examples/apt-https-method-example.conf	2008-05-30 12:35:14.050157887 +0200
>> @@ -0,0 +1,186 @@
>> +/* This file is a sample configuration for apt https method. Configuration
>> +   parameters found in this example file are expected to be used in main
>> +   apt.conf file, just like other configuration parameters for different
>> +   methods (ftp, file, ...).
> [..]
>
> Thanks for this configuration example with the documentation, that is
> very welcome! 

For users, it is probably more readable than sources. The drawback is
that they can complain when something documented does not work as
expected ;-)

Thanks for your time,

a+

Attachment: pgprI5HqDMJgv.pgp
Description: PGP signature

Reply to:

References:
- [PATCH] APT https method improvements
  - From: arno@natisbad.org (Arnaud Ebalard)
- Re: [PATCH] APT https method improvements
  - From: Michael Vogt <mvogt@acm.org>

Prev by Date: Re: [PATCH] APT https method improvements
Next by Date: Processed: .
Previous by thread: Re: [PATCH] APT https method improvements
Next by thread: setting package to aptitude, reassign 484258 to apt, setting package to apt
Index(es):
- Date
- Thread