All Projects apt-panopticon  apt-panopticon_cgp boxes meta-impy  ImpyReleaseBuilder NPC-tool SledjHamr  IGnoble  NGIW  opensim-SC toyboxInstaller website - cgit website - CGraphz website - Mantis

View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000121apt-panopticonFeaturepublic2019-09-10 05:502019-12-26 03:21
Reporteronefang Assigned Toonefang  
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Target Version0.1Fixed in Version0.1 
Summary0000121: Do more with HTTP -> HTTPS redirects, and other HTTPS issues.
DescriptionThere's already a minor warning, but I think I can do more.
Additional Information> > This mirror has some issues due to it automatically redirecting
> > HTTP to
> > HTTPS. I spent most of the day trying to sort this out, not
> > sure
> > exactly where the problem was. Likely it shouldn't be doing
> > that, since
> > not everyone has apt-transport-https installed. If you don't
> > have that
> > installed and you use this mirror, things will probably break.
> > It
> > should work fine if you actually use HTTPS with
> > apt-transport-https.
> > I'd give this one a WARNING instead of an ERROR, but it's
> > debatable
> > that maybe this should be flagged as an ERROR.
>
> apt-transport-https comes by default on buster/beowulf, so I'd
> expect this to be more common over time (also given the history of
> apt issues that have proven that there is some value in HTTPS for
> these things as well).

This is the one that was causing the loop during testing. The mirror
would redirect HTTP to HTTPS, LuaSocket would silently convert HTTPS
requests to HTTP, then the mirror would redirect the HTTP to HTTPS, and
around we go again. Now I'm using LuaSec for HTTPS, that loop doesn't
happen.

> Redirection to HTTPS is only a *problem* if the used hostname is
> deb.devuan.org, otherwise the user is free to pick a different
> mirror that does plain HTTP.

OK, so this would be ERROR if we are checking deb.devuan.org, but a
WARNING otherwise. I already have other WARNINGS, they are things that
would be nice if they didn't happen, but not show stoppers. So if the
HTTP only using user is having problems, they check the mirror status
web page, see the "WARNING: redirects HTTP to HTTPS", and knows to
switch mirrors.
TagsNo tags attached.

Activities

onefang

onefang

2019-12-26 03:21

administrator   ~0000251

"OK, so this would be ERROR if we are checking deb.devuan.org," I think is fixed, no one is making that mistake that I can detect at the moment.

Issue History

Date Modified Username Field Change
2019-09-10 05:50 onefang New Issue
2019-09-10 05:50 onefang Status new => assigned
2019-09-10 05:50 onefang Assigned To => onefang
2019-12-02 11:17 onefang Target Version => 0.1
2019-12-26 03:21 onefang Status assigned => resolved
2019-12-26 03:21 onefang Resolution open => fixed
2019-12-26 03:21 onefang Fixed in Version => 0.1
2019-12-26 03:21 onefang Note Added: 0000251