Commit 98b41860 authored by Benjamin Blanc's avatar Benjamin Blanc Committed by Cédric de Saint Martin

gitclone: add git 'ignore-ssl-certificate' option

If 'ignore-ssl-certificate' option is true, gitclone will not check
if ssl certificate are valid when fetching.
parent 4a257eda
...@@ -204,6 +204,23 @@ option:: ...@@ -204,6 +204,23 @@ option::
repository = http://example.net/example.git/ repository = http://example.net/example.git/
git-executable = /usr/local/git/bin/git git-executable = /usr/local/git/bin/git
Ignore SSL certificate
----------------------
By default, when remote server use SSL protocol git checks if the SSL
certificate of the remote server is valid before executing commands.
You can force git to ignore this check using `ignore-ssl-certificate`
boolean option::
[buildout]
parts = git-clone
[git-clone]
recipe = slapos.recipe.build:gitclone
repository = https://example.net/example.git/
ignore-ssl-certificate = true
Full example Full example
------------ ------------
......
...@@ -92,6 +92,48 @@ class GitCloneNonInformativeTests(unittest.TestCase): ...@@ -92,6 +92,48 @@ class GitCloneNonInformativeTests(unittest.TestCase):
self.assertTrue(os.path.exists(git_repository_path)) self.assertTrue(os.path.exists(git_repository_path))
self.assertFalse(os.path.exists(bad_file_path), "pyc file not removed") self.assertFalse(os.path.exists(bad_file_path), "pyc file not removed")
def test_ignore_ssl_certificate(self, ignore_ssl_certificate=True):
from slapos.recipe.gitclone import GIT_CLONE_ERROR_MESSAGE, \
GIT_CLONE_CACHE_ERROR_MESSAGE
import slapos.recipe.gitclone
# Monkey patch check_call
original_check_call = slapos.recipe.gitclone.check_call
check_call_paramater_list = []
def patch_check_call(*args, **kw):
check_call_paramater_list.extend([args, kw])
original_check_call(args[0])
slapos.recipe.gitclone.check_call = patch_check_call
bo = {
'buildout': {
'parts-directory': self.parts_directory_path,
'directory': self.dir,
}
}
options = {
'repository': GIT_REPOSITORY,
"ignore-ssl-certificate": str(ignore_ssl_certificate).lower(),
"repository": GIT_REPOSITORY
}
recipe = slapos.recipe.gitclone.Recipe(bo, 'test', options)
recipe.install()
# Check git clone parameters
if ignore_ssl_certificate:
self.assertTrue("--config" in check_call_paramater_list[0][0])
self.assertTrue("http.sslVerify=false" in check_call_paramater_list[0][0])
else:
self.assertTrue(not "--config" in check_call_paramater_list[0][0])
self.assertTrue(not "http.sslVerify=false" in check_call_paramater_list[0][0])
# Restore original check_call method
slapos.recipe.gitclone.check_call = original_check_call
def test_ignore_ssl_certificate_false(self):
self.test_ignore_ssl_certificate(ignore_ssl_certificate=False)
def test_suite(): def test_suite():
suite = unittest.TestSuite(( suite = unittest.TestSuite((
doctest.DocFileSuite( doctest.DocFileSuite(
......
...@@ -132,7 +132,7 @@ class Recipe(object): ...@@ -132,7 +132,7 @@ class Recipe(object):
self.name = name self.name = name
self.location = options.get('location') self.location = options.get('location')
# Set boolean values # Set boolean values
for key in ('develop', 'use-cache'): for key in ('develop', 'use-cache', 'ignore-ssl-certificate'):
setattr(self, key.replace('-', '_'), options.get(key) in TRUE_VALUES) setattr(self, key.replace('-', '_'), options.get(key) in TRUE_VALUES)
self.networkcache = buildout.get('networkcache', {}) self.networkcache = buildout.get('networkcache', {})
...@@ -176,6 +176,9 @@ class Recipe(object): ...@@ -176,6 +176,9 @@ class Recipe(object):
if self.branch: if self.branch:
git_clone_command.extend(['--branch', self.branch]) git_clone_command.extend(['--branch', self.branch])
if self.ignore_ssl_certificate:
git_clone_command.extend(['--config', 'http.sslVerify=false'])
try: try:
check_call(git_clone_command) check_call(git_clone_command)
if not os.path.exists(self.location): if not os.path.exists(self.location):
...@@ -230,4 +233,4 @@ class Recipe(object): ...@@ -230,4 +233,4 @@ class Recipe(object):
if self.revision: if self.revision:
self.gitReset(self.revision) self.gitReset(self.revision)
else: else:
self.gitReset('@{upstream}') self.gitReset('@{upstream}')
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment