New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable compressed feeds, and ability to debug them for 1.2 #1576
Conversation
When fetching remote resources, some servers/CDNs may be able to serve us compressed http response even in cases when the original file is not compressed XML. libcurl is able to process encoded html for us with no added maintenance costs. Attached please find a CURL log of fetching plain XML file from Red Hat CDN: Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml ... * Trying 104.90.105.254:443... * Connected to www.redhat.com (104.90.105.254) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=2945436; C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=www.redhat.com * start date: Feb 24 00:00:00 2020 GMT * expire date: May 24 12:00:00 2022 GMT * subjectAltName: host "www.redhat.com" matched cert's "www.redhat.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x776c3b0) > GET /security/data/oval/com.redhat.rhsa-RHEL7.xml HTTP/2 Host: www.redhat.com accept: */* accept-encoding: gzip * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 < server: Apache < last-modified: Wed, 08 Jul 2020 12:41:28 GMT < etag: "7f694279-fca5e0-5a9ed6d376a08" < accept-ranges: bytes < content-type: text/xml < content-encoding: gzip < content-length: 1766376 < date: Wed, 08 Jul 2020 13:15:29 GMT < vary: Accept-Encoding < strict-transport-security: max-age=31536000 < * Connection #0 to host www.redhat.com left intact
813484a
to
bb0cf9d
Compare
…BUGFUNCTION Adds a request for compressed Transfer Encoding in the outgoing HTTP request. If the server supports this and so desires, it can respond with the HTTP response sent using a compressed Transfer-Encoding that will be automatically uncompressed by libcurl on reception. The CURLOPT_DEBUGFUNCTION callback is used for printing headers and connection information on VERBOSE level (dD).
bb0cf9d
to
5c823e6
Compare
oscap 1.2 is picky about the --verbose option position.
Some issues with CI are expected:
|
|
||
set -e -o pipefail | ||
|
||
. $builddir/tests/test_common.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try to use relative path instead of $builddir/tests
. $builddir/tests/test_common.sh | |
. ../test_common.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not the case - the test passes on RHEL8, but didn't pass on RHEL7, because the version requirement was too strict.
I have written another check, so let's see how it works out.
aa6f3a8
to
ed03d5a
Compare
via the CURLOPT_ACCEPT_ENCODING option.
ed03d5a
to
a95e6d1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, I like your patch very much.
FTR The maint-1.2 branch currently doesn't compile on F32, but that isn't caused by this PR, it's caused by incompatibility of the rpm probes code with the latest librpm.
This is port of #1557, #1561 and #1564 to the maint-1.2 branch.