Mercurial > gnulib
changeset 39897:ac60f423d63b
bootstrap, gnulib-tool: use https instead of insecure rsync
The rsync command does not do any authentication and thus allows
man-in-the-middle attacks. Better use wget over https, although
this is slower.
* build-aux/bootstrap (download_po_files, po_download_command_format):
Don't try using rsync; always use wget over https to fetch PO files.
* gnulib-tool (func_import): Likewise.
* pygnulib/GLImport.py (GLImport.execute): Likewise.
author | Benno Schulenberg <bensberg@telfort.nl> |
---|---|
date | Sun, 07 Oct 2018 18:20:44 +0200 |
parents | b658dddc67fd |
children | 6b8c2cbdd8b0 |
files | ChangeLog build-aux/bootstrap gnulib-tool pygnulib/GLImport.py |
diffstat | 4 files changed, 13 insertions(+), 30 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sun Oct 07 19:19:30 2018 +0200 +++ b/ChangeLog Sun Oct 07 18:20:44 2018 +0200 @@ -1,3 +1,11 @@ +2018-10-07 Benno Schulenberg <bensberg@telfort.nl> + + bootstrap, gnulib-tool: use https instead of insecure rsync + * build-aux/bootstrap (download_po_files, po_download_command_format): + Don't try using rsync; always use wget over https to fetch PO files. + * gnulib-tool (func_import): Likewise. + * pygnulib/GLImport.py (GLImport.execute): Likewise. + 2018-10-07 Benno Schulenberg <bensberg@telfort.nl> bootstrap, gnulib-tool: correct the translations wget command
--- a/build-aux/bootstrap Sun Oct 07 19:19:30 2018 +0200 +++ b/build-aux/bootstrap Sun Oct 07 18:20:44 2018 +0200 @@ -164,15 +164,8 @@ # The command to download all .po files for a specified domain into # a specified directory. Fill in the first %s is the domain name, and -# the second with the destination directory. Use rsync's -L and -r -# options because the latest/%s directory and the .po files within are -# all symlinks. +# the second with the destination directory. po_download_command_format=\ -"rsync --include '*.po' --exclude '*' -Lrtvz \ - 'translationproject.org::tp/latest/%s/' '%s'" - -# Fallback for downloading .po files (if rsync fails). -po_download_command_format2=\ "wget --mirror --level=1 -nd -q -A.po -P '%s' \ https://translationproject.org/latest/%s/" @@ -742,9 +735,6 @@ domain=$2 echo "$me: getting translations into $subdir for $domain..." cmd=$(printf "$po_download_command_format" "$domain" "$subdir") - eval "$cmd" && return - # Fallback to HTTPS. - cmd=$(printf "$po_download_command_format2" "$subdir" "$domain") eval "$cmd" }
--- a/gnulib-tool Sun Oct 07 19:19:30 2018 +0200 +++ b/gnulib-tool Sun Oct 07 18:20:44 2018 +0200 @@ -5431,18 +5431,10 @@ fi # Fetch PO files. TP_URL="https://translationproject.org/latest/" - TP_RSYNC_URI="translationproject.org::tp/latest/" if $doit; then echo "Fetching gnulib PO files from $TP_URL" (cd "$destdir"/$pobase \ - && { # Prefer rsync over wget if it is available, since it consumes - # less network bandwidth, due to compression. - if type rsync 2>/dev/null | grep / > /dev/null; then - rsync --delete --include "*.po" --exclude "*" -Lrtz "${TP_RSYNC_URI}gnulib/" . && return - fi - - wget --no-verbose --mirror --level=1 -nd -A.po -P . "${TP_URL}gnulib/" - } + && wget --no-verbose --mirror --level=1 -nd -A.po -P . "${TP_URL}gnulib/" ) else echo "Fetch gnulib PO files from $TP_URL"
--- a/pygnulib/GLImport.py Sun Oct 07 19:19:30 2018 +0200 +++ b/pygnulib/GLImport.py Sun Oct 07 18:20:44 2018 +0200 @@ -1200,19 +1200,12 @@ # Fetch PO files. TP_URL = 'https://translationproject.org/latest/' - TP_RSYNC_URI = 'translationproject.org::tp/latest/' if not self.config['dryrun']: print('Fetching gnulib PO files from %s' % TP_URL) os.chdir(joinpath(destdir, pobase)) - cmd = 'type rsync 2>/dev/null | grep / > /dev/null' - result = sp.call(cmd, shell=True) - if result == 0: # use rsync - args = ['rsync', '--include', '*.po', '--exclude', '*', '-Lrtz', '%sgnulib/' % TP_RSYNC_URI, '.'] - result = sp.call(args, shell=True) - if result != 0: # use wget - args = ['wget', '--no-verbose', '--mirror', '--level=1', '-nd', '-A.po', '-P', '.', - '%sgnulib/' % TP_URL] - sp.call(args, shell=True) + args = ['wget', '--no-verbose', '--mirror', '--level=1', '-nd', '-A.po', '-P', '.', + '%sgnulib/' % TP_URL] + sp.call(args, shell=True) else: # if self.config['dryrun'] print('Fetch gnulib PO files from %s' % TP_URL)