Re: [Freeipa-devel] [PATCH] Use curl instead of wget

Thu, 22 Jan 2015 06:55:30 -0800 


On Thu, Jan 22, 2015, at 08:45 AM, Alexander Bokovoy wrote:

> We have abstraction layer to take care of different platforms on a wider
> scale than just this particular binary. We are gradually moving all code
> to use platform abstraction to allow other platforms to be supported
> (like FreeBSD or Illumos) and we in general cannot guarantee things will
> be there at the same locations.

That doesn't answer the "why not just use $PATH" part.  Regardless,
here's a new patch which adds a BIN_CURL.


From 47701a454ba442f08cd05a77ff6a2dbba76b787a Mon Sep 17 00:00:00 2001
From: Colin Walters <walt...@verbum.org>
Date: Wed, 21 Jan 2015 16:59:52 -0500
Subject: [PATCH] Use curl instead of wget

Curl has a shared library, and so ends up being used by more components
of the OS.  It should be preferred over wget.

The motivation for this patch is for Project Atomic hosts; we want to
include ipa-client, but trim down its dependencies.

If wget isn't installed on the host, it doesn't need to be updated for
security errata.
---
 freeipa.spec.in                            |  4 ++--
 ipa-client/ipa-install/ipa-client-install  |  2 +-
 ipaplatform/base/paths.py                  |  2 +-
 ipaplatform/redhat/services.py             |  8 ++++----
 ipaserver/advise/plugins/legacy_clients.py | 16 ++++++++--------
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 4da0732..f8fe2ad 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -224,7 +224,7 @@ Requires: ntp
 Requires: krb5-workstation
 Requires: authconfig
 Requires: pam_krb5
-Requires: wget
+Requires: curl
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.12.3
@@ -286,7 +286,7 @@ Requires: python-qrcode-core >= 5.0.0
 Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico
-Requires: wget
+Requires: curl
 
 Conflicts: %{alt_name}-python
 Obsoletes: %{alt_name}-python < %{version}
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b..26cf21a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1753,7 +1753,7 @@ def get_ca_certs_from_http(url, warn=True):
     root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
     try:
 
-        stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
+        stdout, stderr, rc = run([paths.BIN_CURL, url])
     except CalledProcessError, e:
         raise errors.NoCertificateError(entry=url)
 
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5c52714..2a54b73 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -187,7 +187,7 @@ class BasePathNamespace(object):
     SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
     SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
     UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
-    BIN_WGET = "/usr/bin/wget"
+    BIN_CURL = "/usr/bin/curl"
     ZIP = "/usr/bin/zip"
     BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
     BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 8759cab..a3b86fb 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -201,10 +201,10 @@ class RedHatCAService(RedHatService):
                 }
 
                 args = [
-                    paths.BIN_WGET,
-                    '-S', '-O', '-',
-                    '--timeout=30',
-                    '--no-check-certificate',
+                    paths.BIN_CURL,
+                    '-v', 
+                    '--max-time', '30',
+                    '--insecure',
                     url
                 ]
 
diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index 6d17f7e..93f186e 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -48,13 +48,13 @@ class config_base_legacy_client(Advice):
                             'cacertdir_rehash?format=txt')
         self.log.comment('Download the CA certificate of the IPA server')
         self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
-        self.log.command('wget http://%s/ipa/config/ca.crt -O '
-                         '/etc/openldap/cacerts/ipa.crt\n' % api.env.host)
+        self.log.command('curl -o /etc/openldap/cacerts/ipa.crt http://%s/ipa/config/ca.crt\n'
+                         % api.env.host)
 
         self.log.comment('Generate hashes for the openldap library')
         self.log.command('command -v cacertdir_rehash')
         self.log.command('if [ $? -ne 0 ] ; then')
-        self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash)
+        self.log.command(' curl -o cacertdir_rehash "%s";' % cacertdir_rehash)
         self.log.command(' chmod 755 ./cacertdir_rehash ;')
         self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
         self.log.command('else')
@@ -94,7 +94,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y sssd authconfig wget openssl\n')
+        self.log.command('yum install -y sssd authconfig curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -138,7 +138,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install sssd wget openssl\n')
+        self.log.command('apt-get -y install sssd curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -188,7 +188,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss-pam-ldapd pam_ldap '
+        self.log.command('yum install -y curl openssl nss-pam-ldapd pam_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()
@@ -234,7 +234,7 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install wget openssl libnss-ldapd '
+        self.log.command('apt-get -y install curl openssl libnss-ldapd '
                          'libpam-ldapd nslcd\n')
 
         self.configure_ca_cert()
@@ -361,7 +361,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss_ldap '
+        self.log.command('yum install -y curl openssl nss_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()
-- 
1.8.3.1


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to