software-o-o
software-o-o copied to clipboard
enable https for download.opensuse.org
Darix has deployed https on download.opensuse.org
We could now start handing out https urls to download.opensuse.org from software.o.o.
Can you enable that?
@darix
Should that fix https://bugzilla.opensuse.org/show_bug.cgi?id=1060231 ? Thanks!!
no. this actually broke it. as we learned apt doesnt like downgrading. and mirrorbrain doesnt track https status for mirrors yet. and i am not sure how many of our mirrors actually support https.
Yes, apt is correct, downgrading during redirect is a no-no. Ubuntu and Debian users can no longer install from OBS now. If a mirror does not support https then this should be fixed (or not used for Ubuntu/Debian URLs).
Given our mirror infrastructure where almost all hosts do not support https ... I guess I need to roll this back.
@jnweiger as @darix said, i just added more https -> http paths here. :(
@msmeissn reverting means start with http, and remain with http? The Ubuntu error message looks like this:
sudo apt-get install owncloud-client
Err:1 https://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.04 ocqt562-libqt5webkit5 5.6.2-1
Protocol "http" not supported or disabled in libcurl
I hope that means, 'http' is disabled after we started with *https. But if there are 'modern' systems that cannot work with 'http' any more, we are doomed.
your example is trying to use a https url which leads to a http downgrade. we are working on it.
for the time being you could advise people to change the url from http to https for now.
How can we change the instruction on software.opensuse.org ? I believe, we can not.
that is something we have to do
which page?
e.g. https://software.opensuse.org//download.html?project=isv%3AownCloud%3Adesktop&package=owncloud-client
I'd like to add comments there, or overwrite the standard instructions where they are inconsistent. Mabye a _download_instructions file in the package, or something.
curl https://download.opensuse.org/repositories/isv:ownCloud:desktop/Debian_9.0/InRelease
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://download.opensuse.org/repositories/isv:ownCloud:/desktop/Debian_9.0/InRelease">here</a>.</p>
<hr>
<address>Apache/2.2.34 (Linux/SUSE) Server at download.opensuse.org Port 443</address>
</body></html>
@hennevogel this should have been fixed byou your #193 hack, no?
what he changed was that the information shown on https://software.opensuse.org/ no longer list https for deb based distros. we can not fix any repositories added already.
@darix I believe the fix only covers half of it. https://software.opensuse.org//download.html?project=isv%3AownCloud%3Adesktop&package=owncloud-client advertises
wget -nv https://download.opensuse.org/repositories/isv:ownCloud:desktop/Ubuntu_16.04/Release.key -O Release.key
sudo apt-key add - < Release.key
sudo apt-get update
that still is a redirect from https to http.
I'll have to investigate, where we got the .../Debian_9.0/InRelease
thing from.
no this is all correct. the really important bit is:
echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Debian_9.0/ /' > /etc/apt/sources.list.d/owncloud-client.list
key retrieval via https is the biggest reason why we added https
https://software.opensuse.org//download.json?project=isv%3AownCloud%3Adesktop&package=owncloud-client produces a json equivalent -- there is more https where henne's gsub() dows not catch it:
...
"Debian_9.0":{"repo":"https://download.opensuse.org/repositories/isv:ownCloud:desktop/Debian_9.0/","package":{"owncloud-client_2.3.3-8338_amd64.deb":"https://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Debian_9.0/amd64/owncloud-client_2.3.3-8338_amd64.deb"
...
That is why our testsuite explodes!
This issue also affects openSUSE platforms.
Tested under docker run -ti opensuse:42.3 bash
:
zypper addrepo https://download.opensuse.org/repositories/isv:ownCloud:desktop/openSUSE_Leap_42.3/isv:ownCloud:desktop.repo
Download (curl) error for 'https://download.opensuse.org/repositories/isv:ownCloud:desktop/openSUSE_Leap_42.3/isv:ownCloud:desktop.repo':
Error code: Bad URL
Error message: Protocol http not supported or disabled in libcurl