Skip to content
This repository has been archived by the owner on Mar 30, 2021. It is now read-only.

Commit

Permalink
Supports redirects in grsecurity patch fetching tasks
Browse files Browse the repository at this point in the history 
Unfortunately falling back to good ol' curl instead of using the
built-in `get_url` module, due the latter lacking reliable support for
redirects. That shortcoming really surprises me, so prove me wrong if
you can, but the 3xxs I tested with were throwing errors. Switching to
curl with the `-L` flag resolved the problems.

Using `curl` means we lose access to the file metadata parameters, such
as user, group, mode, etc., but since most of the build role runs
without superuser privileges, and we don't need or want the patches to
be executable, these are acceptable tradeoffs.
  • Loading branch information
Conor Schaefer committed Jul 27, 2017
1 parent 299710c commit eaff9e7
Showing 1 changed file with 15 additions and 10 deletions.
25 changes: 15 additions & 10 deletions tasks/fetch_grsecurity_files.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
---
# Not using get_url because it doesn't follow redirects.
- name: Fetch grsecurity patch.
get_url:
url: "{{ grsecurity_patch_url }}"
dest: "{{ grsecurity_build_download_directory }}/{{ grsecurity_patch_filename }}"
url_username: "{{ grsecurity_build_download_username }}"
url_password: "{{ grsecurity_build_download_password }}"
command: >-
curl
--user "{{ grsecurity_build_download_username }}:{{ grsecurity_build_download_password }}"
-L "{{ grsecurity_patch_url }}"
-o "{{ grsecurity_build_download_directory }}/{{ grsecurity_patch_filename }}"
args:
creates: "{{ grsecurity_build_download_directory }}/{{ grsecurity_patch_filename }}"

- name: Fetch grsecurity signature.
get_url:
url: "{{ grsecurity_signature_url }}"
dest: "{{ grsecurity_build_download_directory }}/{{ grsecurity_signature_filename }}"
url_username: "{{ grsecurity_build_download_username }}"
url_password: "{{ grsecurity_build_download_password }}"
command: >-
curl
--user "{{ grsecurity_build_download_username }}:{{ grsecurity_build_download_password }}"
-L "{{ grsecurity_signature_url }}"
-o "{{ grsecurity_build_download_directory }}/{{ grsecurity_signature_filename }}"
args:
creates: "{{ grsecurity_build_download_directory }}/{{ grsecurity_signature_filename }}"

0 comments on commit eaff9e7

Please sign in to comment.