diff options
author | Benno Schulenberg <bensberg@telfort.nl> | 2018-10-07 18:20:44 +0200 |
---|---|---|
committer | Bruno Haible <bruno@clisp.org> | 2018-10-07 19:25:50 +0200 |
commit | 0ddd440d18af7bb10437642f12721d83092f0bea (patch) | |
tree | 17da250788dacb5a41bc8f59b5a3c056dde66dee /build-aux/bootstrap | |
parent | ec9f551eb5598c38c14be1082a2a464eeea66444 (diff) | |
download | gnulib-0ddd440d18af7bb10437642f12721d83092f0bea.tar.gz |
bootstrap, gnulib-tool: use https instead of insecure rsync
The rsync command does not do any authentication and thus allows
man-in-the-middle attacks. Better use wget over https, although
this is slower.
* build-aux/bootstrap (download_po_files, po_download_command_format):
Don't try using rsync; always use wget over https to fetch PO files.
* gnulib-tool (func_import): Likewise.
* pygnulib/GLImport.py (GLImport.execute): Likewise.
Diffstat (limited to 'build-aux/bootstrap')
-rwxr-xr-x | build-aux/bootstrap | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/build-aux/bootstrap b/build-aux/bootstrap index 4a37ed0d08..cde39f4e75 100755 --- a/build-aux/bootstrap +++ b/build-aux/bootstrap @@ -164,15 +164,8 @@ bootstrap_epilogue() { :; } # The command to download all .po files for a specified domain into # a specified directory. Fill in the first %s is the domain name, and -# the second with the destination directory. Use rsync's -L and -r -# options because the latest/%s directory and the .po files within are -# all symlinks. +# the second with the destination directory. po_download_command_format=\ -"rsync --include '*.po' --exclude '*' -Lrtvz \ - 'translationproject.org::tp/latest/%s/' '%s'" - -# Fallback for downloading .po files (if rsync fails). -po_download_command_format2=\ "wget --mirror --level=1 -nd -q -A.po -P '%s' \ https://translationproject.org/latest/%s/" @@ -742,9 +735,6 @@ download_po_files() { domain=$2 echo "$me: getting translations into $subdir for $domain..." cmd=$(printf "$po_download_command_format" "$domain" "$subdir") - eval "$cmd" && return - # Fallback to HTTPS. - cmd=$(printf "$po_download_command_format2" "$subdir" "$domain") eval "$cmd" } |