From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] use protocol defined in server-list.db for mirror communication Date: Tue, 27 Mar 2018 14:37:18 +0100 Message-ID: <1522157838.556038.75.camel@ipfire.org> In-Reply-To: <20180326205021.711a8437.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5052445944902219694==" List-Id: --===============5052445944902219694== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit What if someone is getting a malformed list? Can this not be abused? FTP would not work with the Perl module of course... On Mon, 2018-03-26 at 20:50 +0200, Peter Müller wrote: > Hello Michael, > > I do not see the benefit in doing so. In functions.pl, just a few lines > above, it says: > > $proto = "HTTP" unless $proto; > > Of course, we will mostly see HTTP and a few HTTPS mirrors here, but > that leaves other protocols (FTP???) possible, thereof, I did not > strictly checked if only one of these protocols is set. > > Does that make sense to you? > > Best regards, > Peter Müller > > > Hello, > > > > would it not be a good idea to check if $proto is either HTTP or HTTPS? > > > > -Michael > > > > On Sat, 2018-03-24 at 16:22 +0100, Peter Müller wrote: > > > For each mirror server, a protocol can be specified in the > > > server-list.db database. However, it was not used for the > > > actual URL query to a mirror before. > > > > > > This might be useful for deploy HTTPS pinning for Pakfire. > > > If a mirror is known to support HTTPS, all queries to it > > > will be made with this protocol. > > > > > > This saves some overhead if HTTPS is enforced on a mirror > > > via 301 redirects. To enable this, the server-list.db > > > needs to be adjusted. > > > > > > Partially fixes #11661. > > > > > > Signed-off-by: Peter Müller > > > Cc: Michael Tremer > > > --- > > > src/pakfire/lib/functions.pl | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl > > > index c97d4254d..94f9f1826 100644 > > > --- a/src/pakfire/lib/functions.pl > > > +++ b/src/pakfire/lib/functions.pl > > > @@ -171,8 +171,11 @@ sub fetchfile { > > > } > > > } > > > > > > + # Use specified protocol for mirror communication (allows > > > HTTPS pinning) > > > + my $urlproto = lc $proto; > > > + > > > $final_data = undef; > > > - my $url = "http://$host/$file"; > > > + my $url = "$urlproto://$host/$file"; > > > my $response; > > > > > > unless ($bfile =~ /^counter.py\?.*/) { > > --===============5052445944902219694==--