summaryrefslogtreecommitdiff
path: root/usr.sbin/pkg_add
diff options
context:
space:
mode:
authorMarc Espie <espie@cvs.openbsd.org>2018-02-10 10:35:10 +0000
committerMarc Espie <espie@cvs.openbsd.org>2018-02-10 10:35:10 +0000
commitf1aab9232dfbd76db0c075e9a5785dcdc228c0ab (patch)
treeebb5c917c50429f8ca4ad065197a4512a62578a4 /usr.sbin/pkg_add
parent89bb1d97d89650c6e3781f1a1f43966cddf715de (diff)
implement the use of new ftp -S session=... for https
- add a setup_session hook that creates an anonymous tempfile in the ::HTTPS class - parse tls connection resumed messages and tell on servers that do not support this - remove the CLOEXE flag on the fd just before running ftp, so that other processes do not see it at all. This makes https somewhat more bearable, though still slower than http... :( thanks to jsing@ et al for the design of session
Diffstat (limited to 'usr.sbin/pkg_add')
-rw-r--r--usr.sbin/pkg_add/OpenBSD/PackageRepository.pm53
1 files changed, 47 insertions, 6 deletions
diff --git a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
index c752be05b54..9fd75284bb2 100644
--- a/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm
@@ -1,5 +1,5 @@
# ex:ts=8 sw=4:
-# $OpenBSD: PackageRepository.pm,v 1.155 2018/02/07 11:38:38 espie Exp $
+# $OpenBSD: PackageRepository.pm,v 1.156 2018/02/10 10:35:09 espie Exp $
#
# Copyright (c) 2003-2010 Marc Espie <espie@openbsd.org>
#
@@ -292,6 +292,7 @@ sub parse_problems
my $broken = 0;
my $signify_error = 0;
$self->{last_error} = 0;
+ $self->{count}++;
while(<$fh>) {
if (m/^Redirected to (https?)\:\/\/([^\/]*)/) {
my ($scheme, $newhost) = ($1, $2);
@@ -300,6 +301,7 @@ sub parse_problems
$self->{state}->syslog("Redirected from #1 to #2",
$self->{host}, $newhost);
$self->{host} = $newhost;
+ $self->setup_session;
$baseurl = $self->url;
next;
}
@@ -319,6 +321,18 @@ sub parse_problems
$broken = 1;
next;
}
+ if (m/^tls session resumed\: (\w+)/) {
+ my $s = $1;
+ if ($s eq 'yes') {
+ # everything okay for now
+ $self->{said_slow} = 0;
+ next;
+ }
+ next if $self->{count} < 2 || $self->{said_slow};
+ $self->{said_slow} = 1;
+ $self->{state}->say("#1: no session resumption on connection ##2, https will be slow", $self->{host}, $self->{count});
+ next;
+ }
# http error
if (m/^ftp: Error retrieving file: 404/o) {
if (!defined $object) {
@@ -587,6 +601,11 @@ sub baseurl
return "//$self->{host}$self->{path}";
}
+sub setup_session
+{
+ # nothing to do except for https
+}
+
sub parse_url
{
my ($class, $r, $state) = @_;
@@ -601,6 +620,7 @@ sub parse_url
$o->can_be_empty;
$$r = $class->urlscheme."://$o->{host}$o->{release}:$$r";
}
+ $o->setup_session;
return $o;
} else {
return undef;
@@ -983,19 +1003,40 @@ sub urlscheme
return 'https';
}
-OpenBSD::Auto::cache(session_file,
- sub {
+sub setup_session
+{
my $self = shift;
- require OpenBSD::Temp;
+ require OpenBSD::Temp;
+ $self->{count} = 0;
local ($>, $));
my ($uid, $gid, $user) = $self->fetch_id;
if (defined $uid) {
$> = $uid;
$) = "$gid $gid";
}
- return OpenBSD::Temp->file;
- });
+ my ($fh, undef) = OpenBSD::Temp::fh_file("session",
+ sub { unlink(shift); });
+ if (!defined $fh) {
+ $self->{state}->fatal("Can't write session into tmp directory");
+ }
+ $self->{fh} = $fh; # XXX store the full fh and not the fileno
+}
+
+sub ftp_cmd
+{
+ my $self = shift;
+ return $self->SUPER::ftp_cmd." -S session=/dev/fd/".fileno($self->{fh});
+}
+
+sub drop_privileges_and_setup_env
+{
+ my $self = shift;
+ $self->SUPER::drop_privileges_and_setup_env;
+ # reset the CLOEXEC flag on that one
+ use Fcntl;
+ fcntl($self->{fh}, F_SETFD, 0);
+}
package OpenBSD::PackageRepository::FTP;
our @ISA=qw(OpenBSD::PackageRepository::HTTPorFTP);