From bed59cec5e5a9a5668cf2c7df3a24545b1e76c09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gardo=C5=84?= Date: Tue, 8 Aug 2017 10:18:11 +0200 Subject: [PATCH] Add option '--no-cert-checks' for 'upload' sub command. This option allow to bypass verification ssl certification while establishing connection with Gerrit to upload review. Change-Id: If2e15f5a273c18a700eb5093ca8a4d5a4cbf80cd --- git_config.py | 9 +++++++-- project.py | 11 +++++++---- subcmds/upload.py | 7 ++++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/git_config.py b/git_config.py index e00f6be2..fb4377cf 100644 --- a/git_config.py +++ b/git_config.py @@ -20,6 +20,7 @@ import errno import json import os import re +import ssl import subprocess import sys try: @@ -604,7 +605,7 @@ class Remote(object): connectionUrl = self._InsteadOf() return _preconnect(connectionUrl) - def ReviewUrl(self, userEmail): + def ReviewUrl(self, userEmail, validate_certs): if self._review_url is None: if self.review is None: return None @@ -637,7 +638,11 @@ class Remote(object): else: try: info_url = u + 'ssh_info' - info = urllib.request.urlopen(info_url).read() + if not validate_certs: + context = ssl._create_unverified_context() + info = urllib.request.urlopen(info_url, context=context).read() + else: + info = urllib.request.urlopen(info_url).read() if info == 'NOT_AVAILABLE' or '<' in info: # If `info` contains '<', we assume the server gave us some sort # of HTML response back, like maybe a login page. diff --git a/project.py b/project.py index 0b7baeed..c2cccb4f 100644 --- a/project.py +++ b/project.py @@ -178,14 +178,16 @@ class ReviewableBranch(object): draft=False, private=False, wip=False, - dest_branch=None): + dest_branch=None, + validate_certs=True): self.project.UploadForReview(self.name, people, auto_topic=auto_topic, draft=draft, private=private, wip=wip, - dest_branch=dest_branch) + dest_branch=dest_branch, + validate_certs=validate_certs) def GetPublishedRefs(self): refs = {} @@ -1113,7 +1115,8 @@ class Project(object): draft=False, private=False, wip=False, - dest_branch=None): + dest_branch=None, + validate_certs=True): """Uploads the named branch for code review. """ if branch is None: @@ -1138,7 +1141,7 @@ class Project(object): branch.remote.projectname = self.name branch.remote.Save() - url = branch.remote.ReviewUrl(self.UserEmail) + url = branch.remote.ReviewUrl(self.UserEmail, validate_certs) if url is None: raise UploadError('review not configured') cmd = ['push'] diff --git a/subcmds/upload.py b/subcmds/upload.py index 61b18bc2..60feff7a 100644 --- a/subcmds/upload.py +++ b/subcmds/upload.py @@ -181,6 +181,9 @@ Gerrit Code Review: http://code.google.com/p/gerrit/ # Never run upload hooks, but upload anyway (AKA bypass hooks). # - no-verify=True, verify=True: # Invalid + p.add_option('--no-cert-checks', + dest='validate_certs', action='store_false', default=True, + help='Disable verifying ssl certs (unsafe).') p.add_option('--no-verify', dest='bypass_hooks', action='store_true', help='Do not run the upload hook.') @@ -389,7 +392,9 @@ Gerrit Code Review: http://code.google.com/p/gerrit/ draft=opt.draft, private=opt.private, wip=opt.wip, - dest_branch=destination) + dest_branch=destination, + validate_certs=opt.validate_certs) + branch.uploaded = True except UploadError as e: branch.error = e