Add option to disable SSL certificate verification

zyedidia · zyedidia · commit 760f5151eb17 · 2023-02-18T22:31:04.000-08:00
Fixes #70
diff --git a/README.md b/README.md
@@ -137,25 +137,25 @@ Usage:
   eget [OPTIONS] TARGET
 
 Application Options:
-  -t, --tag=            tagged release to use instead of latest
-      --pre-release     include pre-releases when fetching the latest version
-      --source          download the source code for the target repo instead of a release
-      --to=             move to given location after extracting
-  -s, --system=         target system to download for (use "all" for all choices)
-  -f, --file=           glob to select files for extraction
-      --all             extract all candidate files
-  -q, --quiet           only print essential output
-  -d, --download-only   stop after downloading the asset (no extraction)
-  -D  --download-all    download all projects defined in the configuration file
-      --upgrade-only    only download if release is more recent than current version
-  -a, --asset=          download a specific asset containing the given string; can be specified
-                        multiple times for additional filtering; use ^ for anti-match
-      --sha256          show the SHA-256 hash of the downloaded asset
-      --verify-sha256=  verify the downloaded asset checksum against the one provided
-      --rate            show GitHub API rate limiting information
-  -r, --remove          remove the given file from $EGET_BIN or the current directory
-  -v, --version         show version information
-  -h, --help            show this help message
+  -t, --tag=           tagged release to use instead of latest
+      --pre-release    include pre-releases when fetching the latest version
+      --source         download the source code for the target repo instead of a release
+      --to=            move to given location after extracting
+  -s, --system=        target system to download for (use "all" for all choices)
+  -f, --file=          glob to select files for extraction
+      --all            extract all candidate files
+  -q, --quiet          only print essential output
+  -d, --download-only  stop after downloading the asset (no extraction)
+      --upgrade-only   only download if release is more recent than current version
+  -a, --asset=         download a specific asset containing the given string; can be specified multiple times for additional filtering; use ^ for anti-match
+      --sha256         show the SHA-256 hash of the downloaded asset
+      --verify-sha256= verify the downloaded asset checksum against the one provided
+      --rate           show GitHub API rate limiting information
+  -r, --remove         remove the given file from $EGET_BIN or the current directory
+  -v, --version        show version information
+  -h, --help           show this help message
+  -D, --download-all   download all projects defined in the config file
+  -k, --disable-ssl    disable SSL verification for download
 ```
 
 # Configuration
diff --git a/config.go b/config.go
@@ -37,6 +37,7 @@ type ConfigRepository struct {
 	Target       string   `toml:"target"`
 	UpgradeOnly  bool     `toml:"upgrade_only"`
 	Verify       string   `toml:"verify_sha256"`
+	DisableSSL   bool     `toml:"disable_ssl"`
 }
 
 type Config struct {
@@ -237,6 +238,7 @@ func SetOptionsFromConfig(config *Config, parser *flags.Parser, opts *Flags, cli
 	opts.Hash = update(config.Global.ShowHash, cli.Hash)
 	opts.Verify = update("", cli.Verify)
 	opts.Remove = update(false, cli.Remove)
+	opts.DisableSSL = update(false, cli.DisableSSL)
 
 	for name, repo := range config.Repositories {
 		if name == projectName {
@@ -256,6 +258,7 @@ func SetOptionsFromConfig(config *Config, parser *flags.Parser, opts *Flags, cli
 			opts.Tag = update(repo.Tag, cli.Tag)
 			opts.UpgradeOnly = update(repo.UpgradeOnly, cli.UpgradeOnly)
 			opts.Verify = update(repo.Verify, cli.Verify)
+			opts.DisableSSL = update(repo.DisableSSL, cli.DisableSSL)
 			break
 		}
 	}
diff --git a/dl.go b/dl.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -27,6 +28,10 @@ func SetAuthHeader(req *http.Request) *http.Request {
 	}
 
 	if req.URL.Scheme == "https" && req.Host == "api.github.com" && hasTokenEnvVar {
+		if opts.DisableSSL {
+			fmt.Fprintln(os.Stderr, "error: cannot use GitHub token if SSL verification is disabled")
+			os.Exit(1)
+		}
 		req.Header.Set("Authorization", fmt.Sprintf("token %s", githubEnvToken))
 	}
 
@@ -42,7 +47,10 @@ func Get(url string) (*http.Response, error) {
 
 	req = SetAuthHeader(req)
 
-	proxyClient := &http.Client{Transport: &http.Transport{Proxy: http.ProxyFromEnvironment}}
+	proxyClient := &http.Client{Transport: &http.Transport{
+		Proxy:           http.ProxyFromEnvironment,
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: opts.DisableSSL},
+	}}
 
 	return proxyClient.Do(req)
 }
diff --git a/eget.go b/eget.go
@@ -323,6 +323,8 @@ func downloadConfigRepositories(config *Config) error {
 	return nil
 }
 
+var opts Flags
+
 func main() {
 	var cli CliFlags
 
@@ -359,7 +361,6 @@ func main() {
 		target = args[0]
 	}
 
-	var opts Flags
 	config := InitializeConfig()
 	err = SetOptionsFromConfig(config, flagparser, &opts, cli, target)
 	if err != nil {
@@ -382,6 +383,10 @@ func main() {
 		os.Exit(0)
 	}
 
+	if opts.DisableSSL {
+		fmt.Fprintln(os.Stderr, "warning: SSL verification is disabled")
+	}
+
 	if opts.Remove {
 		ebin := os.Getenv("EGET_BIN")
 		err := os.Remove(filepath.Join(ebin, target))
diff --git a/flags.go b/flags.go
@@ -15,6 +15,7 @@ type Flags struct {
 	Hash        bool
 	Verify      string
 	Remove      bool
+	DisableSSL  bool
 }
 
 type CliFlags struct {
@@ -36,4 +37,5 @@ type CliFlags struct {
 	Version     bool      `short:"v" long:"version" description:"show version information"`
 	Help        bool      `short:"h" long:"help" description:"show this help message"`
 	DownloadAll bool      `short:"D" long:"download-all" description:"download all projects defined in the config file"`
+	DisableSSL  *bool     `short:"k" long:"disable-ssl" description:"disable SSL verification for download requests"`
 }
diff --git a/man/eget.md b/man/eget.md
@@ -116,6 +116,10 @@ header: Eget Manual
 
 :    Remove the target file from `$EGET_BIN` (or the current directory if unset). Note that this flag is boolean, and means eget will treat `TARGET` as a file to be removed.
 
+  `-k, --disable-ssl`
+
+:    Disable SSL certificate verification for GET requests. Cannot be used in combination with a `GITHUB_TOKEN`.
+
   `-v, --version`
 
 :    Show version information.

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ type Flags struct {`
`15`	`15`	`Hash bool`
`16`	`16`	`Verify string`
`17`	`17`	`Remove bool`
	`18`	`+ DisableSSL bool`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`type CliFlags struct {`
`@@ -36,4 +37,5 @@ type CliFlags struct {`
`36`	`37`	Version bool `short:"v" long:"version" description:"show version information"`
`37`	`38`	Help bool `short:"h" long:"help" description:"show this help message"`
`38`	`39`	DownloadAll bool `short:"D" long:"download-all" description:"download all projects defined in the config file"`
	`40`	+ DisableSSL *bool `short:"k" long:"disable-ssl" description:"disable SSL verification for download requests"`
`39`	`41`	`}`