From e705e733a6524fb59cfec49fa9424d0d7c79adfb Mon Sep 17 00:00:00 2001 From: Andrew Branson Date: Thu, 9 Aug 2018 12:19:57 +0200 Subject: [PATCH] [mic] Reintroduce missed patch adding .netrc support for auth while building images. Fixes JB#42615 --- ...etrcoptional-on-libcurl-to-allow-for.patch | 153 ++++++++++++++++++ rpm/libzypp.spec | 2 + 2 files changed, 155 insertions(+) create mode 100644 rpm/0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch diff --git a/rpm/0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch b/rpm/0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch new file mode 100644 index 0000000..b765535 --- /dev/null +++ b/rpm/0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch @@ -0,0 +1,153 @@ +From 6630721a6fdedb2613e234372a079ca942007072 Thu, 9 Aug 2018 11:36:55 +0200 +From: Juha Kallioinen +Date: Wed, 6 Nov 2013 14:05:27 +0000 +Subject: [PATCH] [libzypp] Enable netrc-optional on libcurl to allow for easier image building in SDK + + +Original patch from: Islam Amer + +Signed-off-by: Juha Kallioinen + +diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc +index 599e145..115e06f 100644 +--- a/zypp/media/MediaCurl.cc ++++ b/zypp/media/MediaCurl.cc +@@ -984,8 +984,8 @@ + + Url fileurl(getFileUrl(filename)); + +- bool retry = false; +- ++ bool retry = false, netrc = false; ++ int numTry = 0; + do + { + try +@@ -996,7 +996,7 @@ + // retry with proper authentication data + catch (MediaUnauthorizedException & ex_r) + { +- if(authenticate(ex_r.hint(), !retry)) ++ if (authenticate(ex_r.hint(), numTry++, netrc)) + retry = true; + else + { +@@ -1026,8 +1026,8 @@ + + bool MediaCurl::getDoesFileExist( const Pathname & filename ) const + { +- bool retry = false; +- ++ bool retry = false, netrc = false; ++ int numTry = 0; + do + { + try +@@ -1037,7 +1037,7 @@ + // authentication problem, retry with proper authentication data + catch (MediaUnauthorizedException & ex_r) + { +- if(authenticate(ex_r.hint(), !retry)) ++ if (authenticate(ex_r.hint(), numTry++, netrc)) + retry = true; + else + ZYPP_RETHROW(ex_r); +@@ -1693,9 +1693,32 @@ + } + + /////////////////////////////////////////////////////////////////// +- +-bool MediaCurl::authenticate(const string & availAuthTypes, bool firstTry) const ++/* ++ * The authentication is a challenge-response type transaction. We ++ * come here after the challenge has been received and need to send a ++ * response. There are plenty of ways to send the right and the wrong ++ * response. All of these preconditions need to be considered: ++ * ++ * 1) there are no existing credentials ++ * 2) credential manager has right/wrong credentials ++ * 3) user enters right/wrong credentials interactively ++ * 4) .netrc contains right/wrong credentials ++ * 5) client (e.g. zypper) can be in interactive or non-interactive mode ++ * ++ * First we always want to try to send a response with any stored ++ * credentials. If there are none, then we'll try using a .netrc. Only ++ * after these methods have failed to authenticate the user, we'll ++ * prompt the user for the credentials or give up if in ++ * non-interactive mode. ++ * ++ * The challenge-response loop needs to be able to end in the ++ * non-interactive mode in case none of the available methods provide ++ * the correct response. ++ * ++ */ ++bool MediaCurl::authenticate(const string & availAuthTypes, int numTry, bool &netrcUsed) const + { ++ DBG << "numtry: " << numTry << endl; + //! \todo need a way to pass different CredManagerOptions here + CredentialManager cm(CredManagerOptions(ZConfig::instance().repoManagerRoot())); + CurlAuthData_Ptr credentials; +@@ -1703,21 +1726,29 @@ + // get stored credentials + AuthData_Ptr cmcred = cm.getCred(_url); + +- if (cmcred && firstTry) ++ // first try with any stored credentials ++ if (cmcred && (numTry == 0)) + { + credentials.reset(new CurlAuthData(*cmcred)); + DBG << "got stored credentials:" << endl << *credentials << endl; + } +- // if not found, ask user +- else +- { ++ // no stored creds or they failed, try .netrc instead if not already tried ++ else if ((numTry == 0 || numTry == 1) && (!netrcUsed)) { ++ DBG << "try with .netrc" << endl; ++ CURLcode ret = curl_easy_setopt(_curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); ++ if ( ret != 0 ) ZYPP_THROW(MediaCurlSetOptException(_url, _curlError)); ++ netrcUsed = true; ++ return true; ++ } ++ // stored creds and .netrc failed, ask user ++ else { + + CurlAuthData_Ptr curlcred; + curlcred.reset(new CurlAuthData()); + callback::SendReport auth_report; + + // preset the username if present in current url +- if (!_url.getUsername().empty() && firstTry) ++ if (!_url.getUsername().empty() && (numTry == 0)) + curlcred->setUsername(_url.getUsername()); + // if CM has found some credentials, preset the username from there + else if (cmcred) +@@ -1754,6 +1785,7 @@ + } + else + { ++ // can be the result of the non-interactive client mode + DBG << "callback answer: cancel" << endl; + } + } +@@ -1792,6 +1824,7 @@ + return true; + } + ++ // ends the authentication challenge-response loop + return false; + } + +diff --git a/zypp/media/MediaCurl.h b/zypp/media/MediaCurl.h +index 48a8dcf..816a4f1 100644 +--- a/zypp/media/MediaCurl.h ++++ b/zypp/media/MediaCurl.h +@@ -158,7 +158,7 @@ + */ + std::string getAuthHint() const; + +- bool authenticate(const std::string & availAuthTypes, bool firstTry) const; ++ bool authenticate(const std::string & availAuthTypes, int numTry, bool& netrcUsed) const; + + bool detectDirIndex() const; + diff --git a/rpm/libzypp.spec b/rpm/libzypp.spec index cc3e6a3..3272421 100644 --- a/rpm/libzypp.spec +++ b/rpm/libzypp.spec @@ -11,6 +11,7 @@ Patch2: 0002-Set-rpminstallexcludedocs--yes-Save-space-on.patch Patch3: 0003-Ensure-that-the-destination-path-for-applyi.patch Patch4: 0004-Set-unrestricted-auth-curl-option.patch Patch5: 0005-disable-doc.patch +Patch6: 0006-libzypp-Enable-netrcoptional-on-libcurl-to-allow-for.patch BuildRequires: cmake BuildRequires: openssl-devel BuildRequires: libudev-devel @@ -85,6 +86,7 @@ Authors: %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build mkdir -p build