/hg/icedtea6: Added --no-check-certificate flag to wget command

Pavel Tisnovsky ptisnovs at redhat.com
Tue Oct 8 06:08:23 PDT 2013 

----- Andrew Hughes <gnu.andrew at redhat.com> wrote:
> 
> 
> ----- Original Message -----
> > changeset 598a353f5405 in /hg/icedtea6
> > details:
> > http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=598a353f5405
> > author: Pavel Tisnovsky <ptisnovs at redhat.com>
> > date: Tue Oct 08 09:53:44 2013 +0200
> > 
> > 	Added --no-check-certificate flag to wget command
> > 	to allow downloading OpenJDK tarball using https.
> > 
> 
> Why are you making this change?  I tested and wget downloads the tarball fine.
> Are you sure this is not a local configuration issue?

On stock RHEL 5 (default installation) I got the error message that the tarball
can't be downloaded because of missing/invalid certificate. I think this change
is harmless, but the question is why do we need to use https which is more time
consuming on both sides (http server, wget on clients)?

Cheers,
Pavel

> 
> > 
> > diffstat:
> > 
> >  ChangeLog   |  6 ++++++
> >  Makefile.am |  2 +-
> >  2 files changed, 7 insertions(+), 1 deletions(-)
> > 
> > diffs (25 lines):
> > 
> > diff -r 7ce84f82f817 -r 598a353f5405 ChangeLog
> > --- a/ChangeLog	Mon Oct 07 23:11:18 2013 +0100
> > +++ b/ChangeLog	Tue Oct 08 09:53:44 2013 +0200
> > @@ -1,3 +1,9 @@
> > +2013-10-08  Pavel Tisnovsky  <ptisnovs at redhat.com>
> > +
> > +	* Makefile.am:
> > +	Added --no-check-certificate flag to wget command
> > +	to allow downloading OpenJDK tarball using https.
> > +
> >  2013-10-07  Andrew John Hughes  <gnu.andrew at redhat.com>
> >  
> >  	* NEWS:
> > diff -r 7ce84f82f817 -r 598a353f5405 Makefile.am
> > --- a/Makefile.am	Mon Oct 07 23:11:18 2013 +0100
> > +++ b/Makefile.am	Tue Oct 08 09:53:44 2013 +0200
> > @@ -1070,7 +1070,7 @@
> >  	    if [ -e $(OPENJDK_SRC_ZIP) ] ; then \
> >  	      mv $(OPENJDK_SRC_ZIP) $(OPENJDK_SRC_ZIP).old ; \
> >  	    fi ; \
> > -	    $(WGET) $(OPENJDK_URL)$(OPENJDK_SRC_ZIP) -O $(OPENJDK_SRC_ZIP); \
> > +	    $(WGET) $(OPENJDK_URL)$(OPENJDK_SRC_ZIP) --no-check-certificate -O
> > $(OPENJDK_SRC_ZIP); \
> >  	    if ! echo "$(OPENJDK_SHA256SUM)  $(OPENJDK_SRC_ZIP)" \
> >  	      | $(SHA256SUM) --check ; then \
> >  	      echo "ERROR: Bad download of OpenJDK zip"; false; \
> > 
> 
> -- 
> Andrew :)
> 
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
> 
> PGP Key: 248BDC07 (https://keys.indymedia.org/)
> Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
>

More information about the distro-pkg-dev mailing list