[bitbake-devel] [PATCH] fetch2/wget: add Basic Auth from netrc to checkstatus()

Mark Hatle mark.hatle at windriver.com
Fri Dec 16 16:59:53 UTC 2016 

There was a recent change to wget that allows it to do an 'ASKPASS' when it
needs credentials.

This is how we handle that at Wind River.  We define a WGET_ASKPASS program that
knows how to answer the credential questions [or prompt the user outside of the
build system, i.e. via gnome].

(Passing anything on the command line, or even via .netrc is really dangerous.
The command line due to 'ps' leakage on a multi-user system, and .netrc as the
credentials are stored in plain text.)

Anyway, something to consider.

--Mark

On 12/16/16 3:32 AM, Matthew McClintock wrote:
> fetch2/wget uses urllib to check the status of the mirrors, wget will
> use netrc to pass login and password information however checkstatus
> will skip that.
> 
> This adds netrc login and password to checkstatus so both will work the
> same.
> 
> Signed-off-by: Matthew McClintock <msm-oss at mcclintock.net>
> ---
>  lib/bb/fetch2/wget.py | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/bb/fetch2/wget.py b/lib/bb/fetch2/wget.py
> index 6dfb27b..88349c9 100644
> --- a/lib/bb/fetch2/wget.py
> +++ b/lib/bb/fetch2/wget.py
> @@ -305,12 +305,24 @@ class Wget(FetchMethod):
>              r = urllib.request.Request(uri)
>              r.get_method = lambda: "HEAD"
>  
> -            if ud.user:
> +            def add_basic_auth(login_str, request):
> +                '''Adds Basic auth to http request, pass in login:password as string'''
>                  import base64
> -                encodeuser = base64.b64encode(ud.user.encode('utf-8')).decode("utf-8")
> +                encodeuser = base64.b64encode(login_str.encode('utf-8')).decode("utf-8")
>                  authheader =  "Basic %s" % encodeuser
>                  r.add_header("Authorization", authheader)
>  
> +            if ud.user:
> +                add_basic_auth(ud.user, r)
> +
> +            try:
> +                import netrc, urllib.parse
> +                n = netrc.netrc()
> +                login, unused, password = n.authenticators(urllib.parse.urlparse(uri).hostname)
> +                add_basic_auth("%s:%s" % (login, password), r)
> +            except (ImportError, IOError, netrc.NetrcParseError):
> +                 pass
> +
>              opener.open(r)
>          except urllib.error.URLError as e:
>              if try_again:
>

More information about the bitbake-devel mailing list