[pacman-dev] [PATCH 1/2] libalpm: Add dlclientcert and dlclientkey options.

Maarten de Vries maarten at de-vri.es
Thu Nov 29 18:42:05 UTC 2018


On 28-11-18 05:08, Allan McRae wrote:
> On 15/11/18 2:37 am, Maarten de Vries wrote:
>> These patches add support for client certificates to alpm and pacman.
>>
>> This can already be achieved currently by setting an XferCommand,
>> but doing so significantly reduces the quality of the feedback pacman
>> gives during the downloads. Especially annoying are the 404 errors on
>> most database signature files, but that's not the only issue.
>>
>> I admit this is a bit of an edge case, but I find myself in the
>> situation where I have to download packages from a private repository
>> that requires a valid client certificate. I really want the nice regular
>> pacman feedback back though, so I figured I'd hack it in myself.
>>
>> I tried to follow naming schemes and other conventions the best I could,
>> but please let me know if I should change anything, or forgot something.
> I am very, very reluctant to include this.  We have been quite strict on
> which download options we have included in pacman in the past - it took
> quite some time for DisableDownloadTimeout to be added and we still
> don't have real speed limiting - although this was (still is?) due to
> curl implementation limitation.  This is way too much of an edge case,
> and we do have XferCommand for such things.
>
> Note, database signature file errors can be removed by adding "SigLevel
> = DatabaseNone" to the relevant databases.
>
> Allan

Well, all I can say is that for this at least curl support is excellent. 
And this does make pacman useful as package manager for internal company 
repositories that need authentication.

I would love to see it in mainline pacman, but if you feel it's too much 
of an edge case, I understand. At any rate, thank you for looking at the 
patches.


-- Maarten


More information about the pacman-dev mailing list