diff options
Diffstat (limited to 'bitbake/lib/bb/fetch2/wget.py')
-rw-r--r-- | bitbake/lib/bb/fetch2/wget.py | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py index 988ea74d26..29fcfbb3d1 100644 --- a/bitbake/lib/bb/fetch2/wget.py +++ b/bitbake/lib/bb/fetch2/wget.py | |||
@@ -52,13 +52,19 @@ class WgetProgressHandler(bb.progress.LineFilterProgressHandler): | |||
52 | 52 | ||
53 | 53 | ||
54 | class Wget(FetchMethod): | 54 | class Wget(FetchMethod): |
55 | """Class to fetch urls via 'wget'""" | ||
55 | 56 | ||
56 | # CDNs like CloudFlare may do a 'browser integrity test' which can fail | 57 | # CDNs like CloudFlare may do a 'browser integrity test' which can fail |
57 | # with the standard wget/urllib User-Agent, so pretend to be a modern | 58 | # with the standard wget/urllib User-Agent, so pretend to be a modern |
58 | # browser. | 59 | # browser. |
59 | user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0" | 60 | user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0" |
60 | 61 | ||
61 | """Class to fetch urls via 'wget'""" | 62 | def check_certs(self, d): |
63 | """ | ||
64 | Should certificates be checked? | ||
65 | """ | ||
66 | return (d.getVar("BB_CHECK_SSL_CERTS") or "1") != "0" | ||
67 | |||
62 | def supports(self, ud, d): | 68 | def supports(self, ud, d): |
63 | """ | 69 | """ |
64 | Check to see if a given url can be fetched with wget. | 70 | Check to see if a given url can be fetched with wget. |
@@ -82,7 +88,10 @@ class Wget(FetchMethod): | |||
82 | if not ud.localfile: | 88 | if not ud.localfile: |
83 | ud.localfile = d.expand(urllib.parse.unquote(ud.host + ud.path).replace("/", ".")) | 89 | ud.localfile = d.expand(urllib.parse.unquote(ud.host + ud.path).replace("/", ".")) |
84 | 90 | ||
85 | self.basecmd = d.getVar("FETCHCMD_wget") or "/usr/bin/env wget -t 2 -T 30 --passive-ftp --no-check-certificate" | 91 | self.basecmd = d.getVar("FETCHCMD_wget") or "/usr/bin/env wget -t 2 -T 30 --passive-ftp" |
92 | |||
93 | if not self.check_certs(d): | ||
94 | self.basecmd += " --no-check-certificate" | ||
86 | 95 | ||
87 | def _runwget(self, ud, d, command, quiet, workdir=None): | 96 | def _runwget(self, ud, d, command, quiet, workdir=None): |
88 | 97 | ||
@@ -309,7 +318,11 @@ class Wget(FetchMethod): | |||
309 | with bb.utils.environment(**newenv): | 318 | with bb.utils.environment(**newenv): |
310 | import ssl | 319 | import ssl |
311 | 320 | ||
312 | context = ssl._create_unverified_context() | 321 | if self.check_certs(d): |
322 | context = ssl.create_default_context() | ||
323 | else: | ||
324 | context = ssl._create_unverified_context() | ||
325 | |||
313 | handlers = [FixedHTTPRedirectHandler, | 326 | handlers = [FixedHTTPRedirectHandler, |
314 | HTTPMethodFallback, | 327 | HTTPMethodFallback, |
315 | urllib.request.ProxyHandler(), | 328 | urllib.request.ProxyHandler(), |