diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-06-28 16:03:47 +0100 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-06-28 16:03:47 +0100 |
commit | 380552def4af93d4f299a706a9c01e8db2f725d0 (patch) | |
tree | be7456cb1853af1ad775999afbdac0e128654712 | |
parent | 3c23e61220277be62495b903ee29373a53a6d711 (diff) |
Infra: Honour archive-query-tls-curl-ca-args
-rwxr-xr-x | dgit | 8 | ||||
-rwxr-xr-x | infra/get-dm-txt | 3 |
2 files changed, 9 insertions, 2 deletions
@@ -452,6 +452,10 @@ our %defcfg = ('dgit.default.distro' => 'debian', 'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/', 'dgit-distro.debian.archive-query-tls-key', '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem', +# +# 'dgit-distro.debian.archive-query-tls-curl-args', +# '--ca-path=/etc/ssl/ca-debian', +# ^ this is a workaround but works (only) on DSA-administered machines 'dgit-distro.debian.diverts.alioth' => '/alioth', 'dgit-distro.debian/alioth.git-host' => 'git.debian.org', 'dgit-distro.debian/alioth.git-user-force' => '', @@ -716,6 +720,10 @@ sub archive_api_query_cmd ($) { push @cmd, "--cacert", $key, "--capath", "/dev/enoent"; last; } + # Fixing #790093 properly will involve providing a value + # for this on clients. + my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF'); + push @cmd, split / /, $keys if defined $keys; } push @cmd, $url.$subpath; return @cmd; diff --git a/infra/get-dm-txt b/infra/get-dm-txt index 9885f9e..02e73f0 100755 --- a/infra/get-dm-txt +++ b/infra/get-dm-txt @@ -6,9 +6,8 @@ cd ${DGIT_INFRA_GETDMTXT_DATADIR-/srv/dgit.debian.org/data} file=dm.txt server=ftp-master.debian.org path=$file -cert=/etc/ssl/certs/$server.pem -certargs="--cacert=$cert --capath=/dev/enoent" +certargs=$(git config dgit-distro.debian.archive-query-tls-curl-ca-args) with-lock-ex -f $file.lock sh -c " if ! curl $certargs \ |