Permalink
Browse files

make downloads from private repos more secure

  • Loading branch information...
1 parent acee26c commit 65b3f3bf7cf5ac48081addfe5d7a4d9d52936e13 @tuxofil tuxofil committed Oct 3, 2012
Showing with 22 additions and 4 deletions.
  1. +22 −4 yabs-worker.sh
View
26 yabs-worker.sh
@@ -84,10 +84,28 @@ PKGTAR=`echo "$SPECINFO" | \
## ---------------------------------------------
## download tarball...
-[ -f /etc/yabs/http-auth.conf ] && \
- . /etc/yabs/http-auth.conf
-curl --location --user "$HTTP_USERNAME":"$HTTP_PASSWORD" \
- "$PKGURL" --output "$SOURCESDIR"/"$PKGTAR"
+export HTTP_USERNAME=""
+export HTTP_PASSWORD=""
+export PKGURL SOURCESDIR PKGTAR
+(
+ set -e
+ # honor global 'set -x' settings, but there
+ # we probably will set our own
+ set -x
+ AUTH_OPTS=""
+ if echo "$PKGURL" | grep --quiet 'github.com/strikead' && \
+ echo "$PKGURL" | grep --quiet --extended-regexp '^https://'; then
+ # use username and password only for StrikeAd repos,
+ # and only via HTTPS.
+ # do not dump them to log
+ set +x
+ . /etc/yabs/http-auth.conf
+ AUTH_OPTS="--user $HTTP_USERNAME:$HTTP_PASSWORD"
+ echo "Downloading tarball from private repo at $PKGURL..."
+ fi
+ curl --location $AUTH_OPTS \
+ "$PKGURL" --output "$SOURCESDIR"/"$PKGTAR"
+)
tar tf "$SOURCESDIR"/"$PKGTAR"
## ---------------------------------------------

0 comments on commit 65b3f3b

Please sign in to comment.