diff options
| author | Ben Hutchings <ben.hutchings@codethink.co.uk> | 2020-08-07 00:59:52 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben.hutchings@codethink.co.uk> | 2020-08-12 14:34:26 +0100 |
| commit | bdfa301998218e879281de58e1ab8097d34d6f08 (patch) | |
| tree | 7fbb7f8588fad90e40870fa9e3231a18b22ad702 /lorry | |
| parent | e24858ad11582082f0a329650325c1f8b0fda277 (diff) | |
| download | lorry-bdfa301998218e879281de58e1ab8097d34d6f08.tar.gz | |
lorry: Enable TLS server certificate validation by default
Lorry is not only used in Baserock, and it's reasonable to assume that
there is normally a useful CA certificate store available. It's also
no longer common for open source projects to avoid the "CA cartel" by
using self-signed or CAcert certificates.
* Enable validation by default for Bazaar, Git, and Mercurial
* Add a configuration option to disable it
* Add and document a .lorry keyword to disable it
We already validate server certificates for file downloads since the
Python standard library enabled it by default. We also never disabled
validation for Subversion. Since this seems to have worked OK, don't
add the option to disable it for these upstream types.
Closes #9.
Diffstat (limited to 'lorry')
| -rwxr-xr-x | lorry | 33 |
1 files changed, 25 insertions, 8 deletions
@@ -231,6 +231,9 @@ class Lorry(cliapp.Application): 'command used to access Bazaar repositories', metavar='COMMAND', default=find_bazaar_command()) + self.settings.boolean(['check-certificates'], + 'validate SSL/TLS server certificates', + default=True) def process_args(self, args): status = 0 @@ -267,6 +270,10 @@ class Lorry(cliapp.Application): #print 'total failed:',status sys.exit(status) + def should_check_certificates(self, spec): + return self.settings['check-certificates'] \ + and spec.get('check-certificates', True) + def bundle(self, name, gitdir): if self.settings['bundle'] == 'never': return if len(self.settings['mirror-base-url-fetch']) == 0: return @@ -452,10 +459,11 @@ class Lorry(cliapp.Application): return dest def mirror_git(self, project_name, dirname, gitdir, spec): - # Turn off git's SSL/TLS certificate verification, until Baserock - # has an CA management infrastructure. - env = dict(os.environ) - env['GIT_SSL_NO_VERIFY'] = 'true' + if self.should_check_certificates(spec): + env = os.environ + else: + env = dict(os.environ) + env['GIT_SSL_NO_VERIFY'] = 'true' if not os.path.exists(gitdir): self.progress('.. initialising git dir') @@ -494,17 +502,21 @@ class Lorry(cliapp.Application): branches['trunk'] = spec['url'] logging.debug('all branches: %s' % repr(branches)) + cert_options = [] + if not self.should_check_certificates(spec): + cert_options.append('-Ossl.cert_reqs=none') + for branch, address in branches.items(): branchdir = os.path.join(bzrdir, branch) if not os.path.exists(branchdir): self.progress('.. doing initial bzr branch') self.run_program( - [bzr, 'branch', '--quiet', '-Ossl.cert_reqs=none', + [bzr, 'branch', '--quiet', *cert_options, address, branchdir]) else: self.progress('.. updating bzr branch') self.run_program( - [bzr, 'pull', '--quiet', '-Ossl.cert_reqs=none', + [bzr, 'pull', '--quiet', *cert_options, address], cwd=branchdir) @@ -611,6 +623,10 @@ class Lorry(cliapp.Application): env=env) def gitify_hg(self, project_name, dirname, gitdir, spec): + cert_options = [] + if not self.should_check_certificates(spec): + cert_options.append('--insecure') + hgdir = os.path.join(dirname, 'hg') if os.path.exists(hgdir): self.progress('.. updating hg branch') @@ -618,11 +634,12 @@ class Lorry(cliapp.Application): # Note that we always specify the URL from the spec, so # that if the spec changes, we pick up the new URL. self.run_program( - ['hg', 'pull', '--quiet', '--insecure', spec['url']], + ['hg', 'pull', '--quiet', *cert_options, spec['url']], cwd=hgdir) else: self.progress('.. doing initial hg branch') - self.run_program(['hg', 'clone', '--quiet', '--insecure', spec['url'], hgdir]) + self.run_program(['hg', 'clone', '--quiet', *cert_options, + spec['url'], hgdir]) if not os.path.exists(gitdir): self.needs_aggressive = True |