Migrate wget references and usage to curl

https://fedorahosted.org/freeipa/ticket/5458

Reviewed-By: Martin Basti <mbasti@redhat.com>

freeipa.spec.in

@@ -310,7 +310,7 @@ Requires: ntp
 Requires: krb5-workstation
 Requires: authconfig
 Requires: pam_krb5
-Requires: wget
+Requires: curl
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.13.1
@@ -454,7 +454,7 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: wget
+Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six

ipa-client/ipa-install/ipa-client-install

@@ -1922,7 +1922,7 @@ def get_ca_certs_from_http(url, warn=True):
     root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
     try:
 
-        stdout, stderr, rc = run([paths.BIN_WGET, "-O", "-", url])
+        stdout, stderr, rc = run([paths.BIN_CURL, "-o", "-", url])
     except CalledProcessError as e:
         raise errors.NoCertificateError(entry=url)
 

ipaplatform/base/paths.py

@@ -179,7 +179,7 @@ class BasePathNamespace(object):
     SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
     BIN_TIMEOUT = "/usr/bin/timeout"
     UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
-    BIN_WGET = "/usr/bin/wget"
+    BIN_CURL = "/usr/bin/curl"
     ZIP = "/usr/bin/zip"
     BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
     BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"

ipaplatform/redhat/services.py

@@ -213,10 +213,10 @@ class RedHatCAService(RedHatService):
                 }
 
                 args = [
-                    paths.BIN_WGET,
-                    '-S', '-O', '-',
-                    '--timeout=30',
-                    '--no-check-certificate',
+                    paths.BIN_CURL,
+                    '-o', '-',
+                    '--connect-timeout', '30',
+                    '-k',
                     url
                 ]
 

ipaserver/advise/plugins/legacy_clients.py

@@ -51,13 +51,13 @@ class config_base_legacy_client(Advice):
                             'cacertdir_rehash?format=txt')
         self.log.comment('Download the CA certificate of the IPA server')
         self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
-        self.log.command('wget http://%s/ipa/config/ca.crt -O '
+        self.log.command('curl http://%s/ipa/config/ca.crt -o '
                          '/etc/openldap/cacerts/ipa.crt\n' % api.env.host)
 
         self.log.comment('Generate hashes for the openldap library')
         self.log.command('command -v cacertdir_rehash')
         self.log.command('if [ $? -ne 0 ] ; then')
-        self.log.command(' wget "%s" -O cacertdir_rehash ;' % cacertdir_rehash)
+        self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash)
         self.log.command(' chmod 755 ./cacertdir_rehash ;')
         self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
         self.log.command('else')
@@ -98,7 +98,7 @@ class config_redhat_sssd_before_1_9(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y sssd authconfig wget openssl\n')
+        self.log.command('yum install -y sssd authconfig curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -140,7 +140,7 @@ class config_generic_linux_sssd_before_1_9(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install sssd wget openssl\n')
+        self.log.command('apt-get -y install sssd curl openssl\n')
 
         self.configure_ca_cert()
 
@@ -188,7 +188,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss-pam-ldapd pam_ldap '
+        self.log.command('yum install -y curl openssl nss-pam-ldapd pam_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()
@@ -232,7 +232,7 @@ class config_generic_linux_nss_pam_ldapd(config_base_legacy_client):
 
         self.log.comment('Install required packages using your system\'s '
                          'package manager. E.g:')
-        self.log.command('apt-get -y install wget openssl libnss-ldapd '
+        self.log.command('apt-get -y install curl openssl libnss-ldapd '
                          'libpam-ldapd nslcd\n')
 
         self.configure_ca_cert()
@@ -356,7 +356,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
         self.check_compat_plugin()
 
         self.log.comment('Install required packages via yum')
-        self.log.command('yum install -y wget openssl nss_ldap '
+        self.log.command('yum install -y curl openssl nss_ldap '
                          'authconfig\n')
 
         self.configure_ca_cert()

ipatests/test_integration/test_advise.py

@@ -80,7 +80,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_GenericNSSPAM(self):
         advice_id = 'config-generic-linux-nss-pam-ldapd'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "apt\-get[\s]+\-y[\s]+install[\s]+wget[\s]+openssl[\s]+" \
+                       "apt\-get[\s]+\-y[\s]+install[\s]+curl[\s]+openssl[\s]+" \
                        "libnss\-ldapd[\s]+libpam\-ldapd[\s]+nslcd.*" \
                        "service[\s]+nscd[\s]+stop[\s]+\&\&[\s]+service[\s]+" \
                        "nslcd[\s]+restart"
@@ -92,7 +92,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_GenericSSSDBefore19(self):
         advice_id = 'config-generic-linux-sssd-before-1-9'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "apt\-get[\s]+\-y[\s]+install sssd wget openssl.*" \
+                       "apt\-get[\s]+\-y[\s]+install sssd curl openssl.*" \
                        "service[\s]+sssd[\s]+start"
         raiseerr = True
 
@@ -102,7 +102,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_RedHatNSS(self):
         advice_id = 'config-redhat-nss-ldap'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "yum[\s]+install[\s]+\-y[\s]+wget[\s]+openssl[\s]+nss_ldap" \
+                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \
                        "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \
                        "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
@@ -114,7 +114,7 @@ class TestAdvice(IntegrationTest):
     def test_advice_RedHatNSSPAM(self):
         advice_id = 'config-redhat-nss-pam-ldapd'
         advice_regex = "\#\!\/bin\/sh.*" \
-                       "yum[\s]+install[\s]+\-y[\s]+wget[\s]+openssl[\s]+" \
+                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \
                        "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \
                        "authconfig[\s]+\-\-updateall[\s]+" \
                        "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
@@ -128,7 +128,7 @@ class TestAdvice(IntegrationTest):
         advice_id = 'config-redhat-sssd-before-1-9'
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+sssd[\s]+authconfig[\s]+" \
-                       "wget[\s]+openssl.*service[\s]+sssd[\s]+start"
+                       "curl[\s]+openssl.*service[\s]+sssd[\s]+start"
         raiseerr = True
 
         run_advice(self.master, advice_id, advice_regex, raiseerr)