From 1c6a56334ed9724fca11c7e1bfb29bf641dbf989 Mon Sep 17 00:00:00 2001 From: Yubao Liu Date: Sun, 2 Apr 2023 18:36:33 +0800 Subject: [PATCH] update-check: no partial response and not trust insecure certificate 1. My network is slow, `./xbps-src update-check xorg-server` takes 50s and `./xbps-src update-check xorg-server-xwayland` takes 11s, `curl --max-time 10` returns partial response but no error. So I remove `--max-time 10` and add `-f` to forbid partial response. It's better to call `set -eo pipefail` for the whole script but I'm not sure whether it will break the script. The CI job or interactive execution can have their own timeout. 2. `-k` means `--insecure`, it's bad, we should always validate HTTPS server certificate. --- common/xbps-src/shutils/update_check.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/xbps-src/shutils/update_check.sh b/common/xbps-src/shutils/update_check.sh index cd3bb369bdb3..cd5c6ad7ff96 100644 --- a/common/xbps-src/shutils/update_check.sh +++ b/common/xbps-src/shutils/update_check.sh @@ -94,7 +94,7 @@ update_check() { echo "(folder) fetching $urlpfx and scanning with $rx" 1>&2 fi skipdirs= - curl -A "xbps-src-update-check/$XBPS_SRC_VERSION" --max-time 10 -Lsk "$urlpfx" | + curl -A "xbps-src-update-check/$XBPS_SRC_VERSION" -Lsf "$urlpfx" | grep -Po -i "$rx" | # sort -V places 1.1/ before 1/, but 1A/ before 1.1A/ sed -e 's:$:A:' -e 's:/A$:A/:' | sort -Vru | sed -e 's:A/$:/A:' -e 's:A$::' | @@ -200,7 +200,7 @@ update_check() { if [ -n "$XBPS_UPDATE_CHECK_VERBOSE" ]; then echo "fetching $url and scanning with $rx" 1>&2 fi - curl -H 'Accept: text/html,application/xhtml+xml,application/xml,text/plain,application/rss+xml' -A "xbps-src-update-check/$XBPS_SRC_VERSION" --max-time 10 -Lsk "$url" | + curl -H 'Accept: text/html,application/xhtml+xml,application/xml,text/plain,application/rss+xml' -A "xbps-src-update-check/$XBPS_SRC_VERSION" -Lsf "$url" | grep -Po -i "$rx" fetchedurls[$url]=yes done |