Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable compressed feeds, and ability to debug them for 1.2 #1576

Merged
merged 5 commits into from Aug 24, 2020
Merged

Enable compressed feeds, and ability to debug them for 1.2 #1576

merged 5 commits into from Aug 24, 2020

Conversation

matejak
Copy link
Contributor

@matejak matejak commented Aug 20, 2020

This is port of #1557, #1561 and #1564 to the maint-1.2 branch.

@isimluk @matejak
Make a use of HTTP header content-encoding: gzip if available
152434a 
When fetching remote resources, some servers/CDNs may be able to serve us
compressed http response even in cases when the original file is not compressed
XML. libcurl is able to process encoded html for us with no added maintenance
costs.

Attached please find a CURL log of fetching plain XML file from Red Hat CDN:

Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
...
*   Trying 104.90.105.254:443...
* Connected to www.redhat.com (104.90.105.254) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=2945436; C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=www.redhat.com
*  start date: Feb 24 00:00:00 2020 GMT
*  expire date: May 24 12:00:00 2022 GMT
*  subjectAltName: host "www.redhat.com" matched cert's "www.redhat.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x776c3b0)
> GET /security/data/oval/com.redhat.rhsa-RHEL7.xml HTTP/2
Host: www.redhat.com
accept: */*
accept-encoding: gzip

* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< server: Apache
< last-modified: Wed, 08 Jul 2020 12:41:28 GMT
< etag: "7f694279-fca5e0-5a9ed6d376a08"
< accept-ranges: bytes
< content-type: text/xml
< content-encoding: gzip
< content-length: 1766376
< date: Wed, 08 Jul 2020 13:15:29 GMT
< vary: Accept-Encoding
< strict-transport-security: max-age=31536000
<
* Connection #0 to host www.redhat.com left intact
@matejak matejak changed the title Enable compressed feeds, and ability to debug them Enable compressed feeds, and ability to debug them for 1.2 Aug 20, 2020
@evgenyz @matejak
Add CURLOPT_TRANSFER_ENCODING, enable CURLOPT_VERBOSE with CURLOPT_DE…
42d38a9 
…BUGFUNCTION

Adds a request for compressed Transfer Encoding in the outgoing
HTTP request. If the server supports this and so desires, it can
respond with the HTTP response sent using a compressed
Transfer-Encoding that will be automatically uncompressed by
libcurl on reception.

The CURLOPT_DEBUGFUNCTION callback is used for printing headers and
connection information on VERBOSE level (dD).
@evgenyz @matejak
Add test for cURL "Accept-Encoding" header
5c823e6
@matejak
Fixed oscap invocation
bc00296 
oscap 1.2 is picky about the --verbose option position.
@matejak matejak marked this pull request as ready for review August 20, 2020 15:09
@matejak
Copy link
Contributor Author

matejak commented Aug 20, 2020

Some issues with CI are expected:

  • The curl compression code uses features of curl that are newer than what RHEL6 supplies, in which case the test fails. I guess that I could disable the test for RHEL6, but I don't think that it is worth the effort.
  • The librpm has been updated, and oscap 1.2 doesn't keep up with it. So if it hits e.g. Fedora>=32 in CI, it will fail.

jan-cerny
jan-cerny reviewed Aug 21, 2020
View reviewed changes
tests/curl/test_curl_encoding.sh

set -e -o pipefail

. $builddir/tests/test_common.sh
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try to use relative path instead of $builddir/tests

Suggested change
. $builddir/tests/test_common.sh
. ../test_common.sh

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not the case - the test passes on RHEL8, but didn't pass on RHEL7, because the version requirement was too strict.
I have written another check, so let's see how it works out.

@matejak
Added conditional support for curl compression
a95e6d1 
via the CURLOPT_ACCEPT_ENCODING option.
jan-cerny
jan-cerny approved these changes Aug 24, 2020
View reviewed changes
Copy link
Member

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I like your patch very much.

FTR The maint-1.2 branch currently doesn't compile on F32, but that isn't caused by this PR, it's caused by incompatibility of the rpm probes code with the latest librpm.

@jan-cerny jan-cerny merged commit 566d871 into OpenSCAP:maint-1.2 Aug 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@matejak @jan-cerny @isimluk @evgenyz