Infra: dgit-repos-server: unlock _template

[dgit.git] / dgit

diff --git a/dgit b/dgit
index eea4dbc53fbbbd5e89022116ada26abfbec82a24..31b5bf4c9359842c421709f6c2c20f50a1b5d406 100755 (executable)
--- a/dgit
+++ b/dgit
@@ -450,8 +450,11 @@ our %defcfg = ('dgit.default.distro' => 'debian',
               'dgit-distro.debian.git-path' => '/dgit/debian/repos',
               'dgit-distro.debian.git-check' => 'ssh-cmd',
  'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
- 'dgit-distro.debian.archive-query-tls-key',
-    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# 'dgit-distro.debian.archive-query-tls-key',
+#    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# ^ this does not work because curl is broken nowadays
+# Fixing #790093 properly will involve providing providing the key
+# in some pacagke and maybe updating these paths.
 #
 # 'dgit-distro.debian.archive-query-tls-curl-args',
 #   '--ca-path=/etc/ssl/ca-debian',
@@ -717,13 +720,18 @@ sub archive_api_query_cmd ($) {
                fail "for $url: stat $key: $!" unless $!==ENOENT;
                next;
            }
-           push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
+           fail "config requested specific TLS key but do not know".
+               " how to get curl to use exactly that EE key ($key)";
+#          push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
+#           # Sadly the above line does not work because of changes
+#           # to gnutls.   The real fix for #790093 may involve
+#           # new curl options.
            last;
        }
        # Fixing #790093 properly will involve providing a value
        # for this on clients.
-       my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
-       push @cmd, split / /, $keys if defined $keys;
+       my $kargs = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+       push @cmd, split / /, $kargs if defined $kargs;
     }
     push @cmd, $url.$subpath;
     return @cmd;