[BUG] Salt Package Repos are https-only

[NoRePercussions]

Description The Salt package repositories (repo.saltproject.io) forces an https connection.

This is a problem for installation environments where SSL certificates cannot be verified, such as at some points of a Debian preseed. During this time, repositories are accessed over http and verified using their GPG key.

Steps to Reproduce the behavior Try to access the package repository over plan http, either in an automated environment or manually.

in-target: Failed to fetch http://repo.saltproject.io/salt/py3/debian/12/amd64/latest/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: xx.xx.xx.xx 443]

Despite using http, it is redirected to https (as seen by port 443 and cert errors).

$ curl -v http://repo.saltproject.io
* Host repo.saltproject.io:80 was resolved.
* IPv6: ---
* IPv4: ---
*   Trying ---:80...
* Connected to repo.saltproject.io (---) port 80
> GET / HTTP/1.1
> Host: repo.saltproject.io
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: CloudFront
< Date: Thu, 18 Apr 2024 18:20:11 GMT
< Content-Type: text/html
< Content-Length: 167
< Connection: keep-alive
< Location: https://repo.saltproject.io/
< X-Cache: Redirect from cloudfront
< Via: 1.1 ---.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: ---
< X-Amz-Cf-Id: ---
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>
* Connection #0 to host repo.saltproject.io left intact

Expected behavior The repository should allow connections over http for use in environments where SSL is not usable and repositories should be verified via GPG.

Screenshots See above for logs.

[welcome[bot]]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!