'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
'dgit-distro.debian.archive-query-tls-key',
'/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+#
+# 'dgit-distro.debian.archive-query-tls-curl-args',
+# '--ca-path=/etc/ssl/ca-debian',
+# ^ this is a workaround but works (only) on DSA-administered machines
'dgit-distro.debian.diverts.alioth' => '/alioth',
'dgit-distro.debian/alioth.git-host' => 'git.debian.org',
'dgit-distro.debian/alioth.git-user-force' => '',
push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
last;
}
+ # Fixing #790093 properly will involve providing a value
+ # for this on clients.
+ my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+ push @cmd, split / /, $keys if defined $keys;
}
push @cmd, $url.$subpath;
return @cmd;
file=dm.txt
server=ftp-master.debian.org
path=$file
-cert=/etc/ssl/certs/$server.pem
-certargs="--cacert=$cert --capath=/dev/enoent"
+certargs=$(git config dgit-distro.debian.archive-query-tls-curl-ca-args)
with-lock-ex -f $file.lock sh -c "
if ! curl $certargs \