[pacman-dev] [PATCH 1/2] libalpm: Add dlclientcert and dlclientkey options.

Maarten de Vries maarten at de-vri.es
Wed Jan 30 12:12:59 UTC 2019 

On Thu, 29 Nov 2018 at 19:42, Maarten de Vries <maarten at de-vri.es> wrote:
>
> On 28-11-18 05:08, Allan McRae wrote:
> > On 15/11/18 2:37 am, Maarten de Vries wrote:
> >> These patches add support for client certificates to alpm and pacman.
> >>
> >> This can already be achieved currently by setting an XferCommand,
> >> but doing so significantly reduces the quality of the feedback pacman
> >> gives during the downloads. Especially annoying are the 404 errors on
> >> most database signature files, but that's not the only issue.
> >>
> >> I admit this is a bit of an edge case, but I find myself in the
> >> situation where I have to download packages from a private repository
> >> that requires a valid client certificate. I really want the nice regular
> >> pacman feedback back though, so I figured I'd hack it in myself.
> >>
> >> I tried to follow naming schemes and other conventions the best I could,
> >> but please let me know if I should change anything, or forgot something.
> > I am very, very reluctant to include this.  We have been quite strict on
> > which download options we have included in pacman in the past - it took
> > quite some time for DisableDownloadTimeout to be added and we still
> > don't have real speed limiting - although this was (still is?) due to
> > curl implementation limitation.  This is way too much of an edge case,
> > and we do have XferCommand for such things.
> >
> > Note, database signature file errors can be removed by adding "SigLevel
> > = DatabaseNone" to the relevant databases.
> >
> > Allan
>
> Well, all I can say is that for this at least curl support is excellent.
> And this does make pacman useful as package manager for internal company
> repositories that need authentication.
>
> I would love to see it in mainline pacman, but if you feel it's too much
> of an edge case, I understand. At any rate, thank you for looking at the
> patches.
>
>
> -- Maarten
>

For the archives, in case anyone else needs similar functionality: I
didn't wan't to maintain a forked pacman for this, and I really don't
like the implications of the XferCommand option, so I wrote a tool to
inject options in a CURL session of another program using LD_PRELOAD.
It can be found at https://github.com/de-vri-es/curl-inject-opt .

-- Maarten

More information about the pacman-dev mailing list