From d1337ccad4282be11faff9ccc9a44e3d67182b7b Mon Sep 17 00:00:00 2001
From: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Date: Mon, 13 Mar 2017 12:44:48 +0100
Subject: [PATCH] Add patch to resolve issues with https DoD repositories
---
...RROR_WANT_-READ-WRITE-from-ssl-reads.patch | 47 +++++++++++++++++++
...ort-https-urls-for-package-downloads.patch | 25 ++++++++++
debian/patches/series | 2 +
3 files changed, 74 insertions(+)
create mode 100644 debian/patches/backend-Handle-ERROR_WANT_-READ-WRITE-from-ssl-reads.patch
create mode 100644 debian/patches/backend-Support-https-urls-for-package-downloads.patch
diff --git a/debian/patches/backend-Handle-ERROR_WANT_-READ-WRITE-from-ssl-reads.patch b/debian/patches/backend-Handle-ERROR_WANT_-READ-WRITE-from-ssl-reads.patch
new file mode 100644
index 0000000000..b61dfdbbd9
--- /dev/null
+++ b/debian/patches/backend-Handle-ERROR_WANT_-READ-WRITE-from-ssl-reads.patch
@@ -0,0 +1,47 @@
+From: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+Date: Mon, 13 Mar 2017 12:37:01 +0100
+Subject: [backend] Handle ERROR_WANT_{READ,WRITE} from ssl reads
+
+Upon a read SSLeay can return with either ERROR_WANT_READ or
+ERROR_WANT_WRITE to indicate the same function needs to be called again
+(e.g. due to underlying protocol handling having been done, but no data
+ yet for the API user). Handle this by modelling it as an EINTR errno,
+ such that the higher layers will retry the read.
+
+This fixes some issue we hit when using an https repository for DoD.
+
+Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+---
+ src/backend/BSSSL.pm | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/backend/BSSSL.pm b/src/backend/BSSSL.pm
+index 5045fe0..eb1e4e3 100644
+--- a/src/backend/BSSSL.pm
++++ b/src/backend/BSSSL.pm
+@@ -24,6 +24,7 @@
+
+ package BSSSL;
+
++use POSIX;
+ use Socket;
+ use Net::SSLeay;
+
+@@ -94,7 +95,16 @@ sub READLINE {
+ sub READ {
+ my ($sslr, undef, $len, $offset) = @_;
+ my $buf = \$_[1];
+- my $r = Net::SSLeay::read($sslr->[0], $len);
++ print "length $len\n";
++ my ($r, $rv, $code);
++ ($r, $rv) = Net::SSLeay::read($sslr->[0]);
++ if ($rv < 0) {
++ $code = Net::SSLeay::get_error($sslr->[0], $rv);
++ if ($code == &Net::SSLeay::ERROR_WANT_READ || $code == &Net::SSLeay::ERROR_WANT_WRITE) {
++ $! = POSIX::EINTR;
++ }
++ }
++
+ return undef unless defined $r;
+ return length($$buf = $r) unless defined $offset;
+ my $bl = length($$buf);
diff --git a/debian/patches/backend-Support-https-urls-for-package-downloads.patch b/debian/patches/backend-Support-https-urls-for-package-downloads.patch
new file mode 100644
index 0000000000..b8f4545ed6
--- /dev/null
+++ b/debian/patches/backend-Support-https-urls-for-package-downloads.patch
@@ -0,0 +1,25 @@
+From: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+Date: Mon, 13 Mar 2017 12:37:51 +0100
+Subject: [backend] Support https urls for package downloads
+
+Enable support for https downloads via the BSWatcher module, such that
+the repserver can pull package down from https repositories.
+
+Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+---
+ src/backend/bs_repserver | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/backend/bs_repserver b/src/backend/bs_repserver
+index 6c52647..b61950b 100755
+--- a/src/backend/bs_repserver
++++ b/src/backend/bs_repserver
+@@ -55,7 +55,7 @@ use BSXML;
+ use BSVerify;
+ use BSHandoff;
+ use Build;
+-use BSWatcher;
++use BSWatcher ":https";
+ use BSStdServer;
+ use BSXPath;
+ use BSXPathKeys;
diff --git a/debian/patches/series b/debian/patches/series
index 13dd14a699..0c2b3327af 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,5 @@ publisher_reprepro_set_surprising_binary.patch
Add-support-for-md5-and-sha256-cypted-passwords.patch
Put-binary-uploads-in-architecture-dependent-subdirectori.patch
Correct-reprepro-argument-to-match-current-version.patch
+backend-Handle-ERROR_WANT_-READ-WRITE-from-ssl-reads.patch
+backend-Support-https-urls-for-package-downloads.patch
--
GitLab