From 7a60870f9af1f8a0ad58466341167735d5b79add Mon Sep 17 00:00:00 2001
From: Jon Seymour <jon@wildducktheories.com>
Date: Sat, 19 Mar 2016 18:59:35 +1100
Subject: [PATCH] workaround failure of get_url on python 2.7.6 hosts

golang.org download URLs do not serve the correct TLS certificate
unless TLS SNI is used. The TLS client in Python 2.7.6 doesn't
support TLS SNI and so reports an certificate validation error.

Fortunately, the golang.org URL is actually a redirect to a
different URL which does export the correct certificate even
without SNI.

This change adjusts the specified download URL to take account of
which version of python is installed on the host by fallowing
the redirect with curl, defaulting to the original URL if
this process does not work for some reason.

Signed-off-by: Jon Seymour <jon@wildducktheories.com>
---
 files/resolve-redirect.sh | 14 ++++++++++++++
 tasks/main.yml            |  6 +++++-
 vars/main.yml             |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100755 files/resolve-redirect.sh

diff --git a/files/resolve-redirect.sh b/files/resolve-redirect.sh
new file mode 100755
index 0000000..787514c
--- /dev/null
+++ b/files/resolve-redirect.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+PYTHON_VERSION=$1
+URL=$2
+
+# golang URLs are behind a redirect that requires clients
+# that support TLS SNI which Python 2.7.6 found on
+# most Ubuntu 14.04 installations does not support.
+# get_url will fail if executed against the original URL
+# but will succeed with the final URL
+
+test "$PYTHON_VERSION" "<" "2.7.9" &&
+url=$(curl -s -I "$URL" | sed -n "s/Location: //p") &&
+test -n "$url" &&
+URL="$url"; echo "$URL"
diff --git a/tasks/main.yml b/tasks/main.yml
index 7001274..e51c7c8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,10 @@
 ---
+- name: Resolve redirect early for Python < 2.7.9
+  script: files/resolve-redirect.sh {{ ansible_python_version }} {{ go_download_location }}
+  register: go_download_location_adjusted
+
 - name: Download the Go tarball
-  get_url: url={{ go_download_location }}
+  get_url: url={{ go_download_location_adjusted.stdout }}
            dest=/usr/local/src/{{ go_tarball }}
            sha256sum={{ go_tarball_checksum }}
 
diff --git a/vars/main.yml b/vars/main.yml
index 7618a61..408dbfc 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-go_download_location: "https://storage.googleapis.com/golang/{{ go_tarball }}"
+go_download_location: "https://golang.org/dl/{{ go_tarball }}"