https link on download page breaks RPM spectool

[mattwillsher]

Hi,

I'm not sure if this is right place for this report. If not let we know where it should go and I'll happily post it there.

I'm currently creating a spec file to install Ghost on RHEL/CentOS. I've hit a problem with the way SSL is handled on the Ghost web site. Given the URL

https://ghost.org/zip/ghost-0.3.3.zip

spectool uses wget to try and download the zip file

wget, however, won't access the *.ghost.org SSL certificate as valid for the domain ghost.org. It's not possible to override this.

Given that the ultimately the download gets redirected to a http URL at cloudfront, could HTTP access be honored to the zip file download URL, rather than redirecting to HTTPS? (i.e. http://ghost.org/zip/ghost-0.3.3.zip woud redirect straight to cloudfront rather than to the HTTPS url)

[ErisDS]

Thanks for reporting this, here seems like the right place to me :)

We're looking into getting this fixed. Just an FYI if you don't want to have to update the link per version you can use:

http://ghost.org/zip/ghost-latest.zip

[mattwillsher]

Thanks for that.

The package needs to use a specific version number, so latest it's of use in this particular case. Having a self contained zip of ghost-x.y.z.zip is great though :)

[mattwillsher]

The cert issue can be worked around by the following in $HOME/.wgetrc

check-certificate=off

[mattwillsher]

The RPM build tools in the rpm folder works around this by using curl. This issue could still do with being fixed but it doesn't stop any other work.

[ErisDS]

It's not straightforward to change this quickly on our side - we're looking into a long term solution.

Short term you can use wget http://ghost.org/zip/ghost-latest.zip --no-check-certificate