From 872c529b08adce018869a704624e09933e5af4c3 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 13 Feb 2015 08:56:26 +0100
Subject: [PATCH] pveceph: use LWP instead of wget

Avoid bug in wget certificate verification on Debian wheezy.
---
 bin/pveceph | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/bin/pveceph b/bin/pveceph
index 2444f7e6..b8e93c21 100755
--- a/bin/pveceph
+++ b/bin/pveceph
@@ -8,6 +8,7 @@ use File::Path;
 use IO::File;
 use JSON;
 use Data::Dumper;
+use LWP::UserAgent;
 
 use PVE::SafeSyslog;
 use PVE::Cluster;
@@ -102,9 +103,27 @@ __PACKAGE__->register_method ({
 	my $keyurl = "https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/release.asc";
 
 	print "download and import ceph reqpository keys\n";
-	system("wget -q -O- '$keyurl'| apt-key add - 2>&1 >/dev/null") == 0 ||
+
+	# Note: wget on Debian wheezy cannot handle new ceph.com certificates, so
+	# we use LWP::UserAgent
+	#system("wget -q -O- '$keyurl'| apt-key add - 2>&1 >/dev/null") == 0 ||
+	#die "unable to download ceph release key\n";
+
+	my $tmp_key_file = "/tmp/ceph-release-keys.asc";
+	my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30);
+	$ua->env_proxy;
+	my $response = $ua->get($keyurl);
+	if ($response->is_success) {
+	    my $data = $response->decoded_content;  
+	    PVE::Tools::file_set_contents($tmp_key_file, $data);
+        } else {
+	    die "unable to download ceph release key: " . $response->status_line . "\n";
+	}
+
+	system("apt-key add $tmp_key_file 2>&1 >/dev/null") == 0 ||
 	    die "unable to download ceph release key\n";
 
+	unlink $tmp_key_file;
 
 	my $source = "deb http://ceph.com/debian-$cephver wheezy main\n";