Make `insecure` option work with curl AND git. (#1786)

3 files changed, 39 insertions, 7 deletions

diff --git a/lib/spack/spack/__init__.py b/lib/spack/spack/__init__.py
index 3d508d0fde..e284a58194 100644
--- a/lib/spack/spack/__init__.py
+++ b/lib/spack/spack/__init__.py
@@ -129,8 +129,9 @@ from spack.util.executable import Executable, which
 # User's editor from the environment
 editor = Executable(os.environ.get("EDITOR", "vi"))
 
-# Curl tool for fetching files.
-curl = which("curl", required=True)
+# If this is enabled, tools that use SSL should not verify
+# certifiates. e.g., curl should use the -k option.
+insecure = False
 
 # Whether to build in tmp space or directly in the stage_path.
 # If this is true, then spack will make stage directories in
diff --git a/lib/spack/spack/fetch_strategy.py b/lib/spack/spack/fetch_strategy.py
index 4b8829c32f..2becf9ed04 100644
--- a/lib/spack/spack/fetch_strategy.py
+++ b/lib/spack/spack/fetch_strategy.py
@@ -158,12 +158,20 @@ class URLFetchStrategy(FetchStrategy):
             self.digest = digest
 
         self.expand_archive = kwargs.get('expand', True)
+        self.extra_curl_options = kwargs.get('curl_options', [])
+        self._curl = None
 
         self.extension = kwargs.get('extension', None)
 
         if not self.url:
             raise ValueError("URLFetchStrategy requires a url for fetching.")
 
+    @property
+    def curl(self):
+        if not self._curl:
+            self._curl = which('curl', required=True)
+        return self._curl
+
     @_needs_stage
     def fetch(self):
         self.stage.chdir()
@@ -196,15 +204,21 @@ class URLFetchStrategy(FetchStrategy):
             self.url,
         ]
 
+        if spack.insecure:
+            curl_args.append('-k')
+
         if sys.stdout.isatty():
             curl_args.append('-#')  # status bar when using a tty
         else:
             curl_args.append('-sS')  # just errors when not.
 
+        curl_args += self.extra_curl_options
+
         # Run curl but grab the mime type from the http headers
-        headers = spack.curl(*curl_args, output=str, fail_on_error=False)
+        curl = self.curl
+        headers = curl(*curl_args, output=str, fail_on_error=False)
 
-        if spack.curl.returncode != 0:
+        if curl.returncode != 0:
             # clean up archive on failure.
             if self.archive_file:
                 os.remove(self.archive_file)
@@ -212,12 +226,12 @@ class URLFetchStrategy(FetchStrategy):
             if partial_file and os.path.exists(partial_file):
                 os.remove(partial_file)
 
-            if spack.curl.returncode == 22:
+            if curl.returncode == 22:
                 # This is a 404.  Curl will print the error.
                 raise FailedDownloadError(
                     self.url, "URL %s was not found!" % self.url)
 
-            elif spack.curl.returncode == 60:
+            elif curl.returncode == 60:
                 # This is a certificate error.  Suggest spack -k
                 raise FailedDownloadError(
                     self.url,
@@ -233,7 +247,7 @@ class URLFetchStrategy(FetchStrategy):
                 # error, but print a spack message too
                 raise FailedDownloadError(
                     self.url,
-                    "Curl failed with error %d" % spack.curl.returncode)
+                    "Curl failed with error %d" % curl.returncode)
 
         # Check if we somehow got an HTML file rather than the archive we
         # asked for.  We only look at the last content type, to handle
@@ -530,6 +544,12 @@ class GitFetchStrategy(VCSFetchStrategy):
     def git(self):
         if not self._git:
             self._git = which('git', required=True)
+
+            # If the user asked for insecure fetching, make that work
+            # with git as well.
+            if spack.insecure:
+                self._git.add_default_env('GIT_SSL_NO_VERIFY', 'true')
+
         return self._git
 
     @_needs_stage
diff --git a/lib/spack/spack/util/executable.py b/lib/spack/spack/util/executable.py
index 4fe4bd26ba..2790508ee8 100644
--- a/lib/spack/spack/util/executable.py
+++ b/lib/spack/spack/util/executable.py
@@ -40,6 +40,7 @@ class Executable(object):
 
     def __init__(self, name):
         self.exe = name.split(' ')
+        self.default_env = {}
         self.returncode = None
 
         if not self.exe:
@@ -48,6 +49,9 @@ class Executable(object):
     def add_default_arg(self, arg):
         self.exe.append(arg)
 
+    def add_default_env(self, key, value):
+        self.default_env[key] = value
+
     @property
     def command(self):
         return ' '.join(self.exe)
@@ -103,7 +107,13 @@ class Executable(object):
         fail_on_error = kwargs.pop("fail_on_error", True)
         ignore_errors = kwargs.pop("ignore_errors", ())
 
+        # environment
         env = kwargs.get('env', None)
+        if env is None:
+            env = os.environ.copy()
+            env.update(self.default_env)
+        else:
+            env = self.default_env.copy().update(env)
 
         # TODO: This is deprecated.  Remove in a future version.
         return_output = kwargs.pop("return_output", False)
@@ -149,6 +159,7 @@ class Executable(object):
 
         cmd_line = "'%s'" % "' '".join(
             map(lambda arg: arg.replace("'", "'\"'\"'"), cmd))
+
         tty.debug(cmd_line)
 
         try: