2 files changed, 16 insertions, 1 deletions
diff --git a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
index 51ab233adc..0fc2d5e699 100644
--- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
+++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
@@ -229,6 +229,11 @@ downloaded file is useful for avoiding collisions in
 :term:`DL_DIR` when dealing with multiple files that
 have the same name.
+If a username and password are specified in the ``SRC_URI``, a Basic
+Authorization header will be added to each request, including across redirects.
+To instead limit the Authorization header to the first request, add
+"redirectauth=0" to the list of parameters.
 Some example URLs are as follows::
   SRC_URI = "http://oe.handhelds.org/not_there.aac"
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py
index fd9b304961..d48998a98f 100644
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -112,7 +112,17 @@ class Wget(FetchMethod):
            fetchcmd += " -O %s" % shlex.quote(localpath)
        if ud.user and ud.pswd:
-            fetchcmd += " --user=%s --password=%s --auth-no-challenge" % (ud.user, ud.pswd)
+            fetchcmd += " --auth-no-challenge"
+            if ud.parm.get("redirectauth", "1") == "1":
+                # An undocumented feature of wget is that if the
+                # username/password are specified on the URI, wget will only
+                # send the Authorization header to the first host and not to
+                # any hosts that it is redirected to.  With the increasing
+                # usage of temporary AWS URLs, this difference now matters as
+                # AWS will reject any request that has authentication both in
+                # the query parameters (from the redirect) and in the
+                # Authorization header.
+                fetchcmd += " --user=%s --password=%s" % (ud.user, ud.pswd)
        uri = ud.url.split(";")[0]
        if os.path.exists(ud.localpath):

diff --git a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst index 51ab233adc..0fc2d5e699 100644 --- a/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst +++ b/bitbake/doc/bitbake-user-manual/bitbake-user-manual-fetching.rst
@@ -229,6 +229,11 @@ downloaded file is useful for avoiding collisions in
229	:term:`DL_DIR` when dealing with multiple files that	229	:term:`DL_DIR` when dealing with multiple files that
230	have the same name.	230	have the same name.
231		231
		232	If a username and password are specified in the ``SRC_URI``, a Basic
		233	Authorization header will be added to each request, including across redirects.
		234	To instead limit the Authorization header to the first request, add
		235	"redirectauth=0" to the list of parameters.
		236
232	Some example URLs are as follows::	237	Some example URLs are as follows::
233		238
234	SRC_URI = "http://oe.handhelds.org/not_there.aac"	239	SRC_URI = "http://oe.handhelds.org/not_there.aac"


diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py index fd9b304961..d48998a98f 100644 --- a/bitbake/lib/bb/fetch2/wget.py +++ b/bitbake/lib/bb/fetch2/wget.py
@@ -112,7 +112,17 @@ class Wget(FetchMethod):
112	fetchcmd += " -O %s" % shlex.quote(localpath)	112	fetchcmd += " -O %s" % shlex.quote(localpath)
113		113
114	if ud.user and ud.pswd:	114	if ud.user and ud.pswd:
115	fetchcmd += " --user=%s --password=%s --auth-no-challenge" % (ud.user, ud.pswd)	115	fetchcmd += " --auth-no-challenge"
		116	if ud.parm.get("redirectauth", "1") == "1":
		117	# An undocumented feature of wget is that if the
		118	# username/password are specified on the URI, wget will only
		119	# send the Authorization header to the first host and not to
		120	# any hosts that it is redirected to. With the increasing
		121	# usage of temporary AWS URLs, this difference now matters as
		122	# AWS will reject any request that has authentication both in
		123	# the query parameters (from the redirect) and in the
		124	# Authorization header.
		125	fetchcmd += " --user=%s --password=%s" % (ud.user, ud.pswd)
116		126
117	uri = ud.url.split(";")[0]	127	uri = ud.url.split(";")[0]
118	if os.path.exists(ud.localpath):	128	if os.path.exists(ud.localpath):