[bitbake-devel] [bitbake][PATCH] fetcher/svn : Warning on SSL verifaction failure
Zoltan Kuscsik
zoltan.kuscsik at linaro.org
Fri Nov 20 05:37:34 UTC 2015
OE core appends --trust-server-cert argument to
the svn command by default. This change adds a
warning on invalid SSL server certificate.
We use wget to verify the certification as it
is more reliable than Python methods for SSL certificate
check.
---
lib/bb/fetch2/svn.py | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/lib/bb/fetch2/svn.py b/lib/bb/fetch2/svn.py
index 1733c2b..d3a7cac 100644
--- a/lib/bb/fetch2/svn.py
+++ b/lib/bb/fetch2/svn.py
@@ -28,6 +28,7 @@ import sys
import logging
import bb
import re
+import subprocess
from bb import data
from bb.fetch2 import FetchMethod
from bb.fetch2 import FetchError
@@ -173,6 +174,20 @@ class Svn(FetchMethod):
"""
bb.fetch2.check_network_access(d, self._buildsvncommand(ud, d, "log1"))
+ if(ud.parm.get('protocol', 'svn') == 'https'):
+ svn_url = "https://%s%s" % (ud.host, ud.path)
+ try:
+ # Use wget to check the SSL certificate.
+ # The --spider argument ensures that we don't actually
+ # download anything.
+ wget_ssl_check_command = " wget --spider --timeout=30 %s" % svn_url
+ (output, errors) = bb.process.run(wget_ssl_check_command , shell=True, stderr=subprocess.PIPE)
+ except bb.process.ExecutionError as e:
+ # wget returns 5 exit code on SSL verification failure
+ if(e.exitcode == 5):
+ logger.warning("SVN repository %s has invalid SSL certificate." % svn_url)
+
+
output = runfetchcmd("LANG=C LC_ALL=C " + self._buildsvncommand(ud, d, "log1"), d, True)
# skip the first line, as per output of svn log
--
1.9.1
More information about the bitbake-devel
mailing list