goget-ubuntu-touch

Merge lp:~jani/goget-ubuntu-touch/tls-skip-verify into lp:goget-ubuntu-touch

  1. tls-skip-verify
  2. Merge into trunk
Proposed by Jani Monoses
Status: Merged
Approved by: Sergio Schvezov
Approved revision: 35
Merged at revision: 36
Proposed branch: lp:~jani/goget-ubuntu-touch/tls-skip-verify
Merge into: lp:goget-ubuntu-touch
Diff against target: 106 lines (+28/-13)
4 files modified
ubuntu-device-flash/args.go (+10/-9)
ubuntu-device-flash/main.go (+3/-0)
ubuntuimage/channels.go (+14/-2)
ubuntuimage/images.go (+1/-2)
To merge this branch: bzr merge lp:~jani/goget-ubuntu-touch/tls-skip-verify
Reviewer Review Type Date Requested Status
Sergio Schvezov Approve
PS Jenkins bot continuous-integration Approve
Review via email: mp+216141@code.launchpad.net

Commit message

ubuntuimage: allow disabling the verification of TLS certificates.

Description of the change

Allow disabling the verification of TLS certificates via a command line flag, useful for connecting to servers using self-signed certificates.

Without the flag set the error looks like this

2014/04/16 18:02:28 Get https://localhost:10443/channels.json: x509: certificate signed by unknown authority

To post a comment you must log in.
Revision history for this message
Jani Monoses (jani) wrote :

The naming could probably be better. Also unless this is the only arg we want to pass to the ubuntuimage code another function will be required, linke ubuntuimage.Initialize(args). I initially had HTTPOptions() until I realized I do not need to pass explicit args for HTTP basic authentication, as they can be part of the URL like http://user:pass@server/...

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:34
http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-ci/28/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-amd64-ci/28
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-armhf-ci/28
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-i386-ci/28

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/goget-ubuntu-touch-ci/28/rebuild

review: Approve (continuous-integration)
Revision history for this message
Sergio Schvezov (sergiusens) wrote :

On Wed, Apr 16, 2014 at 12:43 PM, Jani Monoses
<email address hidden> wrote:
> Jani Monoses has proposed merging lp:~jani/goget-ubuntu-touch/tls-skip-verify into lp:goget-ubuntu-touch.
>
> Commit message:
> Allow disabling the verification of TLS certificates.

Can you set it to
ubuntuimage: allow...

as this is used in debian/changelog as well and makes it faster to read.

...

> +var client = &http.Client{}
> +
> +func TLSSkipVerify() {
> + tr := &http.Transport{
> + TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
> + }
> + client = &http.Client{Transport: tr}
> +}

Can you add a godoc string to this? I plan to add that to the missing
ones as well;

thanks

lp:~jani/goget-ubuntu-touch/tls-skip-verify updated
35. By Jani Monoses

Add docstring

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:35
http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-ci/31/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-amd64-ci/31
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-armhf-ci/31
    SUCCESS: http://jenkins.qa.ubuntu.com/job/goget-ubuntu-touch-trusty-i386-ci/31

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/goget-ubuntu-touch-ci/31/rebuild

review: Approve (continuous-integration)
Revision history for this message
Sergio Schvezov (sergiusens) wrote :

The non skipping TLS path works fine still; can't say much for the non checking path

Thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu-device-flash/args.go'
2--- ubuntu-device-flash/args.go 2014-03-10 17:33:08 +0000
3+++ ubuntu-device-flash/args.go 2014-04-16 17:01:09 +0000
4@@ -25,15 +25,16 @@
5 )
6
7 type arguments struct {
8- Revision int `long:"revision" description:"revision to flash, absolute or relative allowed"`
9- Bootstrap bool `long:"bootstrap" description:"bootstrap the system, do this from the bootloader"`
10- ListChannels bool `long:"list-channels" description:"List available channels"`
11- Wipe bool `long:"wipe" description:"Clear all data after flashing"`
12- Channel string `long:"channel" description:"Specify an alternate channel"`
13- Device string `long:"device" description:"Specify the device to flash"`
14- Serial string `long:"serial" description:"Serial of the device to operate"`
15- Server string `long:"server" description:"Use a different image server"`
16- CleanCache bool `long:"clean-cache" description:"Cleans up cache with all downloaded bits"`
17+ Revision int `long:"revision" description:"revision to flash, absolute or relative allowed"`
18+ Bootstrap bool `long:"bootstrap" description:"bootstrap the system, do this from the bootloader"`
19+ ListChannels bool `long:"list-channels" description:"List available channels"`
20+ Wipe bool `long:"wipe" description:"Clear all data after flashing"`
21+ Channel string `long:"channel" description:"Specify an alternate channel"`
22+ Device string `long:"device" description:"Specify the device to flash"`
23+ Serial string `long:"serial" description:"Serial of the device to operate"`
24+ Server string `long:"server" description:"Use a different image server"`
25+ CleanCache bool `long:"clean-cache" description:"Cleans up cache with all downloaded bits"`
26+ TLSSkipVerify bool `long:"tls-skip-verify" description:"Skip TLS certificate validation"`
27 }
28
29 var args arguments
30
31=== modified file 'ubuntu-device-flash/main.go'
32--- ubuntu-device-flash/main.go 2014-04-16 11:43:38 +0000
33+++ ubuntu-device-flash/main.go 2014-04-16 17:01:09 +0000
34@@ -40,6 +40,9 @@
35 if _, err := parser.Parse(); err != nil {
36 os.Exit(1)
37 }
38+ if args.TLSSkipVerify {
39+ ubuntuimage.TLSSkipVerify()
40+ }
41 cacheDir := ubuntuimage.GetCacheDir()
42 if args.CleanCache {
43 log.Print("Cleaning prevously downloaded content")
44
45=== modified file 'ubuntuimage/channels.go'
46--- ubuntuimage/channels.go 2014-04-14 19:31:15 +0000
47+++ ubuntuimage/channels.go 2014-04-16 17:01:09 +0000
48@@ -21,6 +21,7 @@
49
50 import (
51 _ "crypto/sha512"
52+ "crypto/tls"
53 "encoding/json"
54 "errors"
55 "fmt"
56@@ -32,8 +33,19 @@
57 FULL_IMAGE = "full"
58 )
59
60+var client = &http.Client{}
61+
62+// TLSSkipVerify turns off validation of server TLS certificates. It allows connecting
63+// to HTTPS servers that use self-signed certificates.
64+func TLSSkipVerify() {
65+ tr := &http.Transport{
66+ TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
67+ }
68+ client = &http.Client{Transport: tr}
69+}
70+
71 func NewChannels(server string) (channels Channels, err error) {
72- resp, err := http.Get(server + channelsPath)
73+ resp, err := client.Get(server + channelsPath)
74 if err != nil {
75 return channels, err
76 }
77@@ -53,7 +65,7 @@
78 device, server, channel)
79 }
80 channelUri := server + channels[channel].Devices[device].Index
81- resp, err := http.Get(channelUri)
82+ resp, err := client.Get(channelUri)
83 if err != nil {
84 return deviceChannel, err
85 }
86
87=== modified file 'ubuntuimage/images.go'
88--- ubuntuimage/images.go 2014-04-16 11:43:38 +0000
89+++ ubuntuimage/images.go 2014-04-16 17:01:09 +0000
90@@ -27,7 +27,6 @@
91 "fmt"
92 "io"
93 "io/ioutil"
94- "net/http"
95 "net/url"
96 "os"
97 "path/filepath"
98@@ -163,7 +162,7 @@
99 }
100
101 func download(uri string, writer io.Writer) (err error) {
102- resp, err := http.Get(uri)
103+ resp, err := client.Get(uri)
104 if err != nil {
105 return err
106 }

Subscribers

People subscribed via source and target branches