add https options which default to the ones from http for the https

method as this is more sane than using only the http options without a possibility to override these for https.
13 years ago · c0d438474b
4 changed files with 76 additions and 67 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -24,6 +24,7 @@ apt (0.7.25) UNRELEASED; urgency=low
  * doc/po4a.conf: activate translation of guide.sgml and offline.sgml
  * doc/apt.conf.5.xml:
    - provide a few more details about APT::Immediate-Configure
+    - briefly document the behaviour of the new https options
  * doc/sources.list.5.xml:
    - add note about additional apt-transport-methods
  * doc/apt-mark.8.xml:
@ -66,6 +67,7 @@ apt (0.7.25) UNRELEASED; urgency=low
  * methods/http{,s}.cc
    - add config setting for User-Agent to the Acquire group,
      thanks Timothy J. Miller! (Closes: #355782)
+    - add https options which default to http ones (Closes: #557085)

  [ Chris Leick ]
  * doc/ various manpages:
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
     </varlistentry>

     <varlistentry><term>https</term>
-	 <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
-	 <literal>http</literal> method.
-	 <literal>Pipeline-Depth</literal> option is not supported yet.</para>
+	 <listitem><para>HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and
+	 proxy options are the same as for <literal>http</literal> method and will also
+	 default to the options from the <literal>http</literal> method if they are not
+	 explicitly set for https. <literal>Pipeline-Depth</literal> option is not
+	 supported yet.</para>

 	 <para><literal>CaInfo</literal> suboption specifies place of file that
 	 holds info about trusted certificates.
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@ -194,19 +194,34 @@ Acquire
    User-Agent "Debian APT-HTTP/1.3";
  };

-  // HTTPS method configuration:
-  // - uses the http proxy config 
-  // - uses the http cache-control values
-  // - uses the http Dl-Limit values
-  https 
+
+
+  // HTTPS method configuration: uses the http
+  // - proxy config
+  // - cache-control values
+  // - Dl-Limit, Timout, ... values
+  // if not set explicit for https
+  //
+  // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+  // for more examples
+  https
  {
 	Verify-Peer "false";
 	SslCert "/etc/apt/some.pem";
-        CaPath  "/etc/ssl/certs";
-        Verify-Host" "true";
-        AllowRedirect  "true";
+	CaPath  "/etc/ssl/certs";
+	Verify-Host" "true";
+	AllowRedirect  "true";
+
+	Timeout "120";
+	AllowRedirect  "true";
+
+	// Cache Control. Note these do not work with Squid 2.0.2
+	No-Cache "false";
+	Max-Age "86400";     // 1 Day age on index files
+	No-Store "false";    // Prevent the cache from storing archives
+	Dl-Limit "7";        // 7Kb/sec maximum download rate

-        User-Agent "Debian APT-CURL/1.0";
+	User-Agent "Debian APT-CURL/1.0";
  };

  ftp
--- a/methods/https.cc
+++ b/methods/https.cc
@ -1,4 +1,4 @@
-// -*- mode: cpp; mode: fold -*-
+//-*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
 // $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $
 /* ######################################################################
@ -56,54 +56,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow,
   return 0;
 }

-void HttpsMethod::SetupProxy()
-{
-   URI ServerName = Queue->Uri;
-
-   // Determine the proxy setting
-   string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host);
-   if (!SpecificProxy.empty())
-   {
-	   if (SpecificProxy == "DIRECT")
-		   Proxy = "";
-	   else
-		   Proxy = SpecificProxy;
-   }
-   else
-   {
-	   string DefProxy = _config->Find("Acquire::http::Proxy");
-	   if (!DefProxy.empty())
-	   {
-		   Proxy = DefProxy;
-	   }
-	   else
-	   {
-		   char* result = getenv("http_proxy");
-		   Proxy = result ? result : "";
-	   }
-   }
-   
-   // Parse no_proxy, a , separated list of domains
-   if (getenv("no_proxy") != 0)
-   {
-      if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
-	 Proxy = "";
-   }
-   
-   // Determine what host and port to use based on the proxy settings
-   string Host;   
-   if (Proxy.empty() == true || Proxy.Host.empty() == true)
-   {
-   }
-   else
-   {
-      if (Proxy.Port != 0)
-	 curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
-      curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
-   }
-}
-
-
+void HttpsMethod::SetupProxy() {					/*{{{*/
+	URI ServerName = Queue->Uri;
+
+	// Determine the proxy setting - try https first, fallback to http and use env at last
+	string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host,
+				_config->Find("Acquire::http::Proxy::" + ServerName.Host));
+
+	if (UseProxy.empty() == true)
+		UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy"));
+
+	// User want to use NO proxy, so nothing to setup
+	if (UseProxy == "DIRECT")
+		return;
+
+	if (UseProxy.empty() == false) {
+		// Parse no_proxy, a comma (,) separated list of domains we don't want to use
+		// a proxy for so we stop right here if it is in the list
+		if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+			return;
+	} else {
+		const char* result = getenv("http_proxy");
+		UseProxy = result == NULL ? "" : result;
+	}
+
+	// Determine what host and port to use based on the proxy settings
+	if (UseProxy.empty() == false) {
+		Proxy = UseProxy;
+		if (Proxy.Port != 1)
+			curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
+		curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+	}
+}									/*}}}*/
 // HttpsMethod::Fetch - Fetch an item					/*{{{*/
 // ---------------------------------------------------------------------
 /* This adds an item to the pipeline. We keep the pipeline at a fixed
@ -189,12 +173,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
   curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);

   // cache-control
-   if(_config->FindB("Acquire::http::No-Cache",false) == false)
+   if(_config->FindB("Acquire::https::No-Cache",
+	_config->FindB("Acquire::http::No-Cache",false)) == false)
   {
      // cache enabled
-      if (_config->FindB("Acquire::http::No-Store",false) == true)
+      if (_config->FindB("Acquire::https::No-Store",
+		_config->FindB("Acquire::http::No-Store",false)) == true)
 	 headers = curl_slist_append(headers,"Cache-Control: no-store");
-      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0));
+      ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age",
+		_config->FindI("Acquire::http::Max-Age",0)));
      headers = curl_slist_append(headers, ss.str().c_str());
   } else {
      // cache disabled by user
@ -204,7 +191,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
   curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);

   // speed limit
-   int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024;
+   int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
+		_config->FindI("Acquire::http::Dl-Limit",0))*1024;
   if (dlLimit > 0)
      curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);

@ -215,12 +203,14 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
 			"Debian APT-CURL/1.0 ("VERSION")")));

   // set timeout
-   int timeout = _config->FindI("Acquire::http::Timeout",120);
+   int timeout = _config->FindI("Acquire::https::Timeout",
+		_config->FindI("Acquire::http::Timeout",120));
   curl_easy_setopt(curl, CURLOPT_TIMEOUT, timeout);
   curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);

   // set redirect options and default to 10 redirects
-   bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true);
+   bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
+	_config->FindB("Acquire::http::AllowRedirect",true));
   curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
   curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);