On Thu, 29 Nov 2018 at 19:42, Maarten de Vries <[email protected]> wrote: > > On 28-11-18 05:08, Allan McRae wrote: > > On 15/11/18 2:37 am, Maarten de Vries wrote: > >> These patches add support for client certificates to alpm and pacman. > >> > >> This can already be achieved currently by setting an XferCommand, > >> but doing so significantly reduces the quality of the feedback pacman > >> gives during the downloads. Especially annoying are the 404 errors on > >> most database signature files, but that's not the only issue. > >> > >> I admit this is a bit of an edge case, but I find myself in the > >> situation where I have to download packages from a private repository > >> that requires a valid client certificate. I really want the nice regular > >> pacman feedback back though, so I figured I'd hack it in myself. > >> > >> I tried to follow naming schemes and other conventions the best I could, > >> but please let me know if I should change anything, or forgot something. > > I am very, very reluctant to include this. We have been quite strict on > > which download options we have included in pacman in the past - it took > > quite some time for DisableDownloadTimeout to be added and we still > > don't have real speed limiting - although this was (still is?) due to > > curl implementation limitation. This is way too much of an edge case, > > and we do have XferCommand for such things. > > > > Note, database signature file errors can be removed by adding "SigLevel > > = DatabaseNone" to the relevant databases. > > > > Allan > > Well, all I can say is that for this at least curl support is excellent. > And this does make pacman useful as package manager for internal company > repositories that need authentication. > > I would love to see it in mainline pacman, but if you feel it's too much > of an edge case, I understand. At any rate, thank you for looking at the > patches. > > > -- Maarten >
For the archives, in case anyone else needs similar functionality: I didn't wan't to maintain a forked pacman for this, and I really don't like the implications of the XferCommand option, so I wrote a tool to inject options in a CURL session of another program using LD_PRELOAD. It can be found at https://github.com/de-vri-es/curl-inject-opt . -- Maarten
