Do more with HTTP -> HTTPS redirects, and other HTTPS issues. 🔼
There's already a minor warning, but I think I can do more.
This mirror has some issues due to it automatically redirecting
HTTP to
- I spent most of the day trying to sort this out, not
sure
exactly where the problem was. Likely it shouldn't be doing
that, since
not everyone has apt-transport-https installed. If you don't
have that
installed and you use this mirror, things will probably break.
It
should work fine if you actually use HTTPS with
apt-transport-https.
I'd give this one a WARNING instead of an ERROR, but it's
debatable
that maybe this should be flagged as an ERROR.
apt-transport-https comes by default on buster/beowulf, so I'd
expect this to be more common over time (also given the history of
apt issues that have proven that there is some value in HTTPS for
these things as well).
This is the one that was causing the loop during testing. The mirror
would redirect HTTP to HTTPS, LuaSocket would silently convert HTTPS
requests to HTTP, then the mirror would redirect the HTTP to HTTPS, and
around we go again. Now I'm using LuaSec for HTTPS, that loop doesn't
happen.
Redirection to HTTPS is only a problem if the used hostname is
deb.devuan.org, otherwise the user is free to pick a different
mirror that does plain HTTP.
OK, so this would be ERROR if we are checking deb.devuan.org, but a
WARNING otherwise. I already have other WARNINGS, they are things that
would be nice if they didn't happen, but not show stoppers. So if the
HTTP only using user is having problems, they check the mirror status
web page, see the "WARNING: redirects HTTP to HTTPS", and knows to
switch mirrors.
reported=2019-09-10 05:50:11
reporter=onefang
priority=low
category=Feature
severity=minor
resolution=fixed
2019-12-26 03:21:57 onefang: "OK, so this would be ERROR if we are checking deb.devuan.org," I think is fixed, no one is making that mistake that I can detect at the moment.