On Thu, Jan 22, 2015, at 08:45 AM, Alexander Bokovoy wrote:
> We have abstraction layer to take care of different platforms on a wider > scale than just this particular binary. We are gradually moving all code > to use platform abstraction to allow other platforms to be supported > (like FreeBSD or Illumos) and we in general cannot guarantee things will > be there at the same locations. That doesn't answer the "why not just use $PATH" part. Regardless, here's a new patch which adds a BIN_CURL.
From 47701a454ba442f08cd05a77ff6a2dbba76b787a Mon Sep 17 00:00:00 2001 From: Colin Walters <walt...@verbum.org> Date: Wed, 21 Jan 2015 16:59:52 -0500 Subject: [PATCH] Use curl instead of wget Curl has a shared library, and so ends up being used by more components of the OS. It should be preferred over wget. The motivation for this patch is for Project Atomic hosts; we want to include ipa-client, but trim down its dependencies. If wget isn't installed on the host, it doesn't need to be updated for security errata. --- freeipa.spec.in | 4 ++-- ipa-client/ipa-install/ipa-client-install | 2 +- ipaplatform/base/paths.py | 2 +- ipaplatform/redhat/services.py | 8 ++++---- ipaserver/advise/plugins/legacy_clients.py | 16 ++++++++-------- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 4da0732..f8fe2ad 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -224,7 +224,7 @@ Requires: ntp Requires: krb5-workstation Requires: authconfig Requires: pam_krb5 -Requires: wget +Requires: curl Requires: libcurl >= 7.21.7-2 Requires: xmlrpc-c >= 1.27.4 Requires: sssd >= 1.12.3 @@ -286,7 +286,7 @@ Requires: python-qrcode-core >= 5.0.0 Requires: python-pyasn1 Requires: python-dateutil Requires: python-yubico -Requires: wget +Requires: curl Conflicts: %{alt_name}-python Obsoletes: %{alt_name}-python < %{version} diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index dfe0e3b..26cf21a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1753,7 +1753,7 @@ def get_ca_certs_from_http(url, warn=True): root_logger.debug("trying to retrieve CA cert via HTTP from %s", url) try: - stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url]) + stdout, stderr, rc = run([paths.BIN_CURL, url]) except CalledProcessError, e: raise errors.NoCertificateError(entry=url) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 5c52714..2a54b73 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -187,7 +187,7 @@ class BasePathNamespace(object): SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys" SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy" UPDATE_CA_TRUST = "/usr/bin/update-ca-trust" - BIN_WGET = "/usr/bin/wget" + BIN_CURL = "/usr/bin/curl" ZIP = "/usr/bin/zip" BIND_LDAP_SO = "/usr/lib/bind/ldap.so" BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/" diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 8759cab..a3b86fb 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -201,10 +201,10 @@ class RedHatCAService(RedHatService): } args = [ - paths.BIN_WGET, - '-S', '-O', '-', - '--timeout=30', - '--no-check-certificate', + paths.BIN_CURL, + '-v', + '--max-time', '30', + '--insecure', url ] diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py index 6d17f7e..93f186e 100644 --- a/ipaserver/advise/plugins/legacy_clients.py +++ b/ipaserver/advise/plugins/legacy_clients.py @@ -48,13 +48,13 @@ class config_base_legacy_client(Advice): 'cacertdir_rehash?format=txt') self.log.comment('Download the CA certificate of the IPA server') self.log.command('mkdir -p -m 755 /etc/openldap/cacerts') - self.log.command('wget http://%s/ipa/config/ca.crt -O ' - '/etc/openldap/cacerts/ipa.crt\n' % api.env.host) + self.log.command('curl -o /etc/openldap/cacerts/ipa.crt http://%s/ipa/config/ca.crt\n' + % api.env.host) self.log.comment('Generate hashes for the openldap library') self.log.command('command -v cacertdir_rehash') self.log.command('if [ $? -ne 0 ] ; then') - self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash) + self.log.command(' curl -o cacertdir_rehash "%s";' % cacertdir_rehash) self.log.command(' chmod 755 ./cacertdir_rehash ;') self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;') self.log.command('else') @@ -94,7 +94,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client): self.check_compat_plugin() self.log.comment('Install required packages via yum') - self.log.command('yum install -y sssd authconfig wget openssl\n') + self.log.command('yum install -y sssd authconfig curl openssl\n') self.configure_ca_cert() @@ -138,7 +138,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client): self.log.comment('Install required packages using your system\'s ' 'package manager. E.g:') - self.log.command('apt-get -y install sssd wget openssl\n') + self.log.command('apt-get -y install sssd curl openssl\n') self.configure_ca_cert() @@ -188,7 +188,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client): self.check_compat_plugin() self.log.comment('Install required packages via yum') - self.log.command('yum install -y wget openssl nss-pam-ldapd pam_ldap ' + self.log.command('yum install -y curl openssl nss-pam-ldapd pam_ldap ' 'authconfig\n') self.configure_ca_cert() @@ -234,7 +234,7 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client): self.log.comment('Install required packages using your system\'s ' 'package manager. E.g:') - self.log.command('apt-get -y install wget openssl libnss-ldapd ' + self.log.command('apt-get -y install curl openssl libnss-ldapd ' 'libpam-ldapd nslcd\n') self.configure_ca_cert() @@ -361,7 +361,7 @@ class config_redhat_nss_ldap(config_base_legacy_client): self.check_compat_plugin() self.log.comment('Install required packages via yum') - self.log.command('yum install -y wget openssl nss_ldap ' + self.log.command('yum install -y curl openssl nss_ldap ' 'authconfig\n') self.configure_ca_cert() -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel