[MERGE][0.15] Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH

Alexander Belchenko bialix at ukr.net
Mon Feb 26 21:14:05 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Arbash Meinel пишет:
> Alexander Belchenko wrote:
>> John Arbash Meinel ?8H5B:
>>> Alexander Belchenko wrote:
>>>> John Arbash Meinel ?8H5B:
>>>>> John Arbash Meinel has voted +1 (conditional).
>>>>> Status is now: Conditionally approved
>>>>> Comment:
>>>>> I don't think it should search in cwd, since that is where people are
>>>>> writing code. It can be in the dir of 'bzr' or in the dir of 'bzrlib',
>>>>> but shouldn't ever look in '.'
>>>>> Otherwise, +1.
>>> Remember the issues we've had when bzr accidentally imports code from
>>> the current working directory because of bugs in python's default path.
>>> This is a similar issue. Your current working directory should not
>>> affect your ability to connect to https hosts.
>> New version. I make some check to exclude empty string from $PATH list.
>> Unfortunately, I cannot write test to ensure bzr cannot look in cwd,
>> because os.path.realpath('bzr') == os.path.join(os.getcwd(),'bzr')
>>
> 
> Well we do have TestCase.get_bzr_path() which does its best to find the
> real 'bzr' that is being used to run the test suite.
> 
> ....
> 
> +    # NOTES:
> +    #   bialix: Windows directories usually listed in PATH env variable
> +    #   j-a-meinel: bzr should not look in current working dir
> +
> +    path = os.environ.get('CURL_CA_BUNDLE')
> +    if not path and sys.platform == 'win32':
> +        dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))]     #
> app dir
> +        paths = os.environ.get('PATH')
> +        if paths:
> 
> A comment here about why you are doing this might be good. Or maybe even
> doing:
> 
> # don't include the cwd in the search
> [p for p in paths.split(os.pathsep)
>  if p not in ('', '.')]

OK. I will change this.

> 
> Otherwise, +1 from me.
> 
> Does this mean you will be bundling a ca cert file for the bzr 0.15
> installer?

Yes. I want to bundle cert file created from Mozilla source tree.
I talk about this file earlier.

Vincent has some notes about the trust between user and CA provided by bzr:

> My main concerns about embedding certificates is about trust:
> will the users trust bzr to provide correct certificates ?

- --
Alexander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF402dzYr338mxwCURAoVqAJ9JupQ+UiCp14kNKdVVef2/OlDD7QCfduuW
SYvdaHCNf30sL3XcRdwKZVk=
=yEyb
-----END PGP SIGNATURE-----

More information about the bazaar mailing list