mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
use pycurl instead of urllib2 when talking to launchpad to actually get SSL cert verification, see https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210 or CVE-2011-4407 for a previous similar issue in software-properties
This commit is contained in:
parent
c4852f6954
commit
5e56d42ed1
1 changed files with 18 additions and 3 deletions
|
@ -67,7 +67,7 @@ import json
|
|||
import os
|
||||
import re
|
||||
import tempfile
|
||||
import urllib2
|
||||
import pycurl
|
||||
|
||||
try:
|
||||
import apt_pkg
|
||||
|
@ -80,6 +80,12 @@ except ImportError:
|
|||
|
||||
VALID_SOURCE_TYPES = ('deb', 'deb-src')
|
||||
|
||||
class CurlCallback:
|
||||
def __init__(self):
|
||||
self.contents = ''
|
||||
|
||||
def body_callback(self, buf):
|
||||
self.contents = self.contents + buf
|
||||
|
||||
class InvalidSource(Exception):
|
||||
pass
|
||||
|
@ -250,8 +256,17 @@ class UbuntuSourcesList(SourcesList):
|
|||
|
||||
def _get_ppa_info(self, owner_name, ppa_name):
|
||||
lp_api = 'https://launchpad.net/api/1.0/~%s/+archive/%s' % (owner_name, ppa_name)
|
||||
connection = urllib2.urlopen(lp_api, timeout=30)
|
||||
return json.loads(connection.read())
|
||||
callback = CurlCallback()
|
||||
curl = pycurl.Curl()
|
||||
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
|
||||
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
|
||||
curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
|
||||
curl.setopt(pycurl.URL, str(lp_api))
|
||||
curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
|
||||
curl.perform()
|
||||
curl.close()
|
||||
lp_page = callback.contents
|
||||
return json.loads(lp_page)
|
||||
|
||||
def _expand_ppa(self, path):
|
||||
ppa = path.split(':')[1]
|
||||
|
|
Loading…
Reference in a new issue