For each mirror server, a protocol can be specified in the server-list.db database. However, it was not used for the actual URL query to a mirror before.
This might be useful for deploy HTTPS pinning for Pakfire. If a mirror is known to support HTTPS, all queries to it will be made with this protocol.
This saves some overhead if HTTPS is enforced on a mirror via 301 redirects. To enable this, the server-list.db needs to be adjusted.
Partially fixes #11661.
Signed-off-by: Peter Müller peter.mueller@link38.eu Cc: Michael Tremer michael.tremer@ipfire.org --- src/pakfire/lib/functions.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl index c97d4254d..94f9f1826 100644 --- a/src/pakfire/lib/functions.pl +++ b/src/pakfire/lib/functions.pl @@ -171,8 +171,11 @@ sub fetchfile { } }
+ # Use specified protocol for mirror communication (allows HTTPS pinning) + my $urlproto = lc $proto; + $final_data = undef; - my $url = "http://$host/$file"; + my $url = "$urlproto://$host/$file"; my $response; unless ($bfile =~ /^counter.py?.*/) {