rustup-init.sh: Add tests for old OSes #1804
Conversation
| if check_cmd sw_vers; then | ||
| if [ "$(sw_vers -productVersion | cut -d. -f2)" -lt 13 ]; then | ||
| # Older than 10.13 | ||
| echo "Warning: Detected OS X platform older than 10.13" |
There was a problem hiding this comment.
You appear to have removed this test and not put in the equivalent anywhere else. This test is necessary because 10.12's curl claims support for the arguments, but fails in a way which is indistinguishable from a MITM attack if they are used.
There was a problem hiding this comment.
I don't understand. I'd add new commits to test those macOS images listed
in https://docs.travis-ci.com/user/reference/osx/#macos-version.
There was a problem hiding this comment.
This is also meant to cope for users, so do not do anything travis-specific.
| _ok="n" | ||
| check_curl_options() { | ||
| local flags tls_protocol | ||
| for tls in '--tlsv1.2' '--tlsv1.1' '--tlsv1.0' '--tlsv1'; do |
There was a problem hiding this comment.
We do not want to do this. We only want tlsv1.2 if we're specifying a protocol at all. At least that's my understanding.
There was a problem hiding this comment.
I think fallback is better than nothing at all.
There was a problem hiding this comment.
I'd rather let the server-side negotiation protect us at that point.
| if [ -z "$tls_protocol" ]; then | ||
| warn 'cannot use secure protocol to download' | ||
| elif [ "$tls_protocol" != "--tlsv1.2" ]; then | ||
| warn "fallback to TLS${tls_protocol#--tls}" |
There was a problem hiding this comment.
I'm not sure there's a need for this fallback, similar reasoning to above.
| check_wget_options() { | ||
| local flags tls_protocol | ||
| if ! (wget --secure-protocol 2>&1 > /dev/null | grep -q unrecognized); then | ||
| for tls in TLSv1_2 TLSv1_1 TLSv1; do |
|
☔ The latest upstream changes (presumably #1809) made this pull request unmergeable. Please resolve the merge conflicts. |
|
I will close this PR then. |
cc @kinnison