Project

General

Profile

Bug #969

amahi-download fails if an HTTPS link is provided

Added by steven almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Medium
Assignee:
Category:
-
Target version:
-
Start date:
08/29/2012
Due date:
% Done:

100%


Description

The amahi-download script (installed in /usr/bin/amahi-download) doesn't check for a https link when it is checking for a link in the filename field. If one is passed, the script errors out with a message similar to the following:

/usr/bin/amahi-download:107:in `download_and_check_sha1': http://dl.amahi.org/https://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2, 'eb2cb90ee6aac50df1c3983ee47763a7785e2988' vs. '0374C65D52705130A1D93B114FD06CF7C7B9640F'  (SHA1VerificationFailed)
        from /usr/bin/amahi-download:122:in `main'
        from /usr/bin/amahi-download:129

While the script is throwing a SHA1VerificationFailed error, the actual problem is quite obvious: the script is attempting to download the URL with "http://dl.amahi.org/" tacked onto the front, which, naturally, returns a page that doesn't match the SHA1 hash it's looking for.

The following is the affected line:

url = File.join(DEFAULT_URL, filename) unless filename =~ /^(http:|ftp:)/

My proposed solution:

url = File.join(DEFAULT_URL, filename) unless filename =~ /^(http:|https:|ftp:)/

History

#1 Updated by Anonymous almost 9 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Applied in changeset commit:b6360740a2ec3c75ed59205bc5c942cbe6312d33.

#2 Updated by cpg almost 9 years ago

  • Assignee set to cpg

Assigned to cpg, after closing, but credit goes to steven for doing the work to research the issue!

#3 Updated by steven almost 9 years ago

  • Subject changed from amahi-download doesn't check for https links and fails if one is provided to amahi-download fails if an HTTPS link is provided
  • Status changed from Closed to Assigned

OK, now the script is no longer adding "http://dl.amahi.org/" to the URL, but it's still failing the SHA1 comparison:

root@hda:/tmp# amahi-download https://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2 0374c65d52705130a1d93b114fd06cf7c7b9640f
/usr/bin/amahi-download:107:in `download_and_check_sha1': https://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2, '177b8c0127de9f4a91623fce81a3686f687163c2' vs. '0374c65d52705130a1d93b114fd06cf7c7b9640f'  (SHA1VerificationFailed)
        from /usr/bin/amahi-download:122:in `main'
        from /usr/bin/amahi-download:129

The same file downloaded over a regular HTTP connection works as expected:

root@hda:/tmp# amahi-download http://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2 0374c65d52705130a1d93b114fd06cf7c7b9640f
NOTE: file /tmp/amahi-download-cache/0374c65d52705130a1d93b114fd06cf7c7b9640f written in cache

#4 Updated by steven almost 9 years ago

  • % Done changed from 100 to 20

#5 Updated by cpg almost 9 years ago

when using https, we get status 400 from the standard ruby library. the

irb>
require 'uri'
require 'net/http'
url="https://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2" 

> u = URI.parse(url)
 => #<URI::HTTPS:0x103bb0ef0 URL:https://dl.dropbox.com/u/1226885/amahi/amahi-netboot-ubuntu.tar.bz2> 
> req = Net::HTTP::Get.new(u.path)
 => #<Net::HTTP::Get GET> 

> response = Net::HTTP.start(u.host, u.port) { |http| http.request(req) }
 => #<Net::HTTPBadRequest 400 Bad Request readbody=true> 
> u.port
 => 443 

the port is 443, but maybe it somehow needs to be told that it's ssl?

i get the sneaking suspicion ssl cert checking is not supported. this checker method is set to false in the library at http://www.ruby-doc.org/stdlib-1.8.7/ under net/http

def use_ssl?
  false   # redefined in net/https
end

though i see a reference in the docs about net/https and requiring it works, however, i do not see Net::HTTPS.

#6 Updated by bigfoot65 almost 9 years ago

This is also an issue with the app download field. See http://bugs.amahi.org/issues/457.

#7 Updated by steven almost 9 years ago

This is actually the same issue (the app installer runs this script to download the file in that field; therefore, fixing the script will fix that issue). I've marked the other bug as closed with a link to this bug.

I'm sorry I can't be much help here - Ruby is a foreign language to me. I'm more of a PHP guy. ;)

#8 Updated by Anonymous almost 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 20 to 100

Applied in changeset commit:2f38a5ef3b6e38b723f454d1efa1f45fe7c10d0d.

Also available in: Atom