From 6684b9349363b6b973cf973e83717ded27f586d6 Mon Sep 17 00:00:00 2001 From: Nicolas R Date: Sun, 28 Apr 2024 15:23:54 +0100 Subject: [PATCH] Add --insecure to switch to http --- App-cpanminus/script/cpanm.PL | 9 ++++++++- Menlo-Legacy/lib/Menlo/CLI/Compat.pm | 30 +++++++++++++++++++--------- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/App-cpanminus/script/cpanm.PL b/App-cpanminus/script/cpanm.PL index ad06b9a9..2baee489 100755 --- a/App-cpanminus/script/cpanm.PL +++ b/App-cpanminus/script/cpanm.PL @@ -555,9 +555,16 @@ Defaults to true (man pages generated) unless C<-L|--local-lib-contained> option is supplied in which case it's set to false. You can disable it with C<--no-man-pages>. +=item --insecure + +By default, cpanm only uses HTTPS. If your environment lacks TLS +support, you can consider at your own risk to use HTTP instead by +using the C<--insecure> flag. +Be aware that when using that argument all requests will use HTTP. + =item --lwp -Uses L module to download stuff over HTTP. Defaults to true, and +Uses L module to download stuff over HTTPS. Defaults to true, and you can say C<--no-lwp> to disable using LWP, when you want to upgrade LWP from CPAN on some broken perl systems. diff --git a/Menlo-Legacy/lib/Menlo/CLI/Compat.pm b/Menlo-Legacy/lib/Menlo/CLI/Compat.pm index c9883417..f85aef63 100644 --- a/Menlo-Legacy/lib/Menlo/CLI/Compat.pm +++ b/Menlo-Legacy/lib/Menlo/CLI/Compat.pm @@ -79,6 +79,7 @@ sub new { try_lwp => 1, try_wget => 1, try_curl => 1, + use_http => 0, uninstall_shadows => ($] < 5.012), skip_installed => 1, skip_satisfied => 0, @@ -199,6 +200,7 @@ sub parse_options { 'lwp!' => \$self->{try_lwp}, 'wget!' => \$self->{try_wget}, 'curl!' => \$self->{try_curl}, + 'insecure!' => \$self->{use_http}, 'auto-cleanup=s' => \$self->{auto_cleanup}, 'man-pages!' => \$self->{pod2man}, 'scandeps' => \$self->{scandeps}, @@ -453,7 +455,7 @@ sub search_common { $self->chat("Found $found->{module} $found->{module_version} which doesn't satisfy $want_version.\n"); } } - + return; } @@ -977,7 +979,7 @@ sub append_args { my($self, $cmd, $phase) = @_; return $cmd if ref $cmd ne 'ARRAY'; - + if (my $args = $self->{build_args}{$phase}) { $cmd = join ' ', Menlo::Util::shell_quote(@$cmd), $args; } @@ -2657,6 +2659,10 @@ sub mirror { return $self->file_mirror($uri, $local); } + # HTTPTinyish does not provide an option to disable + # certificates check, let's switch to http on demand. + $uri =~ s/^https:/http:/ if $self->{use_http}; + my $reply = $self->{http}->mirror($uri, $local); if ( $uri =~ /^https:/ && ref $reply @@ -2673,7 +2679,8 @@ sub mirror { die <<"DIE"; TLS issue found while fetching $uri:\n $reply->{content}\n -Please verify your certificates or force an HTTP-only request/mirror at your own risk. +Please verify your certificates or force an HTTP-only request/mirror +using --insecure option at your own risk. DIE } } @@ -2722,14 +2729,16 @@ sub configure_http { require HTTP::Tinyish; + my $use_http = $self->{use_http}; + my @try = qw(HTTPTiny); unshift @try, 'Wget' if $self->{try_wget}; unshift @try, 'Curl' if $self->{try_curl}; unshift @try, 'LWP' if $self->{try_lwp}; - my @protocol = ('https'); + my @protocol = ( $use_http ? 'http' : 'https' ); push @protocol, 'http' - if grep /^http:/, @{$self->{mirrors}}; + if !$use_http && grep /^http:/, @{$self->{mirrors}}; my $backend; for my $try (map "HTTP::Tinyish::$_", @try) { @@ -2745,11 +2754,14 @@ sub configure_http { } } - if ( !$backend ) { - $self->diag_fail( join( ', ', @protocol )." not supported by available HTTP Clients." ); - } + # In case we use https protocol by default + # and then later we try to perform non https requests + # we still want these requests to succeed + # Note: this is disabling the client cache optimization above + # and will fail later for SSL requests as no clients support TLS + $backend ||= 'HTTP::Tinyish'; - $backend->new(agent => "Menlo/$Menlo::VERSION", verify_SSL => 1); + $backend->new(agent => "Menlo/$Menlo::VERSION", $use_http ? () : ( verify_SSL => 1 ) ); } sub init_tools {