[Freeipa-devel] [PATCH] Use curl instead of wget

Tue Mar 10 11:20:16 UTC 2015

On 01/22/2015 04:01 PM, Alexander Bokovoy wrote:
> On Thu, 22 Jan 2015, Colin Walters wrote:
>>
>>
>> On Thu, Jan 22, 2015, at 08:45 AM, Alexander Bokovoy wrote:
>>
>>> We have abstraction layer to take care of different platforms on a 
>>> wider
>>> scale than just this particular binary. We are gradually moving all 
>>> code
>>> to use platform abstraction to allow other platforms to be supported
>>> (like FreeBSD or Illumos) and we in general cannot guarantee things 
>>> will
>>> be there at the same locations.
>>
>> That doesn't answer the "why not just use $PATH" part. Regardless,
>> here's a new patch which adds a BIN_CURL.
> We had cases in past when a non-working from FreeIPA perspective utility
> was selected from $PATH due to a local misconfiguration. For something
> that is packaged as a complex combination of multiple packages,
> packaging requirements at least allow to establish the environment we
> expect and which was tested. Relying on $PATH doesn't improve this
> assumption.
>
> And some of cases are pretty subtle, like libxmlrpc-c uses cURL library
> and if cURL was built without GSSAPI support it will silently fail,
> leaving no traces at why this has happened. curl utility also doesn't
> check if SPNEGO support (GSSAPI in our case) was compiled in if you
> specify 'curl --negotiate' without any option value.
>
>
>> From 47701a454ba442f08cd05a77ff6a2dbba76b787a Mon Sep 17 00:00:00 2001
>> From: Colin Walters <walters at verbum.org>
>> Date: Wed, 21 Jan 2015 16:59:52 -0500
>> Subject: [PATCH] Use curl instead of wget
>>
>> Curl has a shared library, and so ends up being used by more components
>> of the OS.  It should be preferred over wget.
>>
>> The motivation for this patch is for Project Atomic hosts; we want to
>> include ipa-client, but trim down its dependencies.
>>
>> If wget isn't installed on the host, it doesn't need to be updated for
>> security errata.
> Code-wise looks OK. We need to test it, I'll look at it next week.
>
I see two issues with the patch:

1.) BIN_CURL does not respect the ordering of the paths (they are sorted 
by the values).

2.) I'm not sure the patch should touch advise/legacy_clients.py at all. 
That part of the code just generates a bash script, which is meant to be 
run on legacy clients (which have nothing to do with the Atomic effort). 
If we want to change this, tests in test_integration/test_advise.py need 
to be amended too.