X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=dgit;h=f6bf3a7cbe2e4d48075a585a5c8dc41cc88e2ce1;hb=1868619ffd6277eb01d676f816cba61b52083927;hp=4986dd081e35142222cd1152d9e18eababd5c763;hpb=3c23e61220277be62495b903ee29373a53a6d711;p=dgit.git diff --git a/dgit b/dgit index 4986dd08..f6bf3a7c 100755 --- a/dgit +++ b/dgit @@ -450,8 +450,15 @@ our %defcfg = ('dgit.default.distro' => 'debian', 'dgit-distro.debian.git-path' => '/dgit/debian/repos', 'dgit-distro.debian.git-check' => 'ssh-cmd', 'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/', - 'dgit-distro.debian.archive-query-tls-key', - '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem', +# 'dgit-distro.debian.archive-query-tls-key', +# '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem', +# ^ this does not work because curl is broken nowadays +# Fixing #790093 properly will involve providing providing the key +# in some pacagke and maybe updating these paths. +# +# 'dgit-distro.debian.archive-query-tls-curl-args', +# '--ca-path=/etc/ssl/ca-debian', +# ^ this is a workaround but works (only) on DSA-administered machines 'dgit-distro.debian.diverts.alioth' => '/alioth', 'dgit-distro.debian/alioth.git-host' => 'git.debian.org', 'dgit-distro.debian/alioth.git-user-force' => '', @@ -713,9 +720,18 @@ sub archive_api_query_cmd ($) { fail "for $url: stat $key: $!" unless $!==ENOENT; next; } - push @cmd, "--cacert", $key, "--capath", "/dev/enoent"; + fail "config requested specific TLS key but do not know". + " how to get curl to use exactly that EE key ($key)"; +# push @cmd, "--cacert", $key, "--capath", "/dev/enoent"; +# # Sadly the above line does not work because of changes +# # to gnutls. The real fix for #790093 may involve +# # new curl options. last; } + # Fixing #790093 properly will involve providing a value + # for this on clients. + my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF'); + push @cmd, split / /, $keys if defined $keys; } push @cmd, $url.$subpath; return @cmd;