For each mirror server, a protocol can be specified in the server-list.db database. However, it was not used for the actual URL query to a mirror before.
This might be useful for deploy HTTPS pinning for Pakfire. If a mirror is known to support HTTPS, all queries to it will be made with this protocol.
This saves some overhead if HTTPS is enforced on a mirror via 301 redirects. To enable this, the server-list.db needs to be adjusted.
The second version of this patch only handles protocols HTTP and HTTPS, since we do not expect anything else here at the moment.
Partially fixes #11661.
Signed-off-by: Peter Müller peter.mueller@link38.eu Cc: Michael Tremer michael.tremer@ipfire.org --- src/pakfire/lib/functions.pl | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl index c97d4254d..6cc177128 100644 --- a/src/pakfire/lib/functions.pl +++ b/src/pakfire/lib/functions.pl @@ -31,6 +31,8 @@ use HTTP::Message; use HTTP::Request; use Net::Ping;
+use Switch; + package Pakfire;
# A small color-hash :D @@ -172,7 +174,18 @@ sub fetchfile { }
$final_data = undef; - my $url = "http://$host/$file"; + + my $url; + switch ($proto) { + case "HTTP" { $url = "http://$host/$file"; } + case "HTTPS" { $url = "https://$host/$file"; } + else { + # skip all lines with unknown protocols + logger("DOWNLOAD WARNING: Skipping Host: $host due to unknown protocol ($proto) in mirror database"); + next; + } + } + my $response; unless ($bfile =~ /^counter.py?.*/) {