Bug 11661

Summary: Pin HTTPS support of Pakfire mirrors
Product: Pakfire Reporter: Peter Müller <peter.mueller>
Component: BaseAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Security    
Priority: - Unknown -    
Version: unspecified   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11539
Attachments: attachment-32191-0.html

Description Peter Müller 2018-03-03 21:36:38 UTC 
Currently, the Pakfire server list (https://mirror1.ipfire.org/pakfire2/2.19/lists/server-list.db) does not give any information about HTTPS supported on a mirror.

Is it possible to "pin" a mirror on using HTTPS in this file by replacing the HTTP prefix against HTTPS?
Comment 1 Michael Tremer 2018-03-11 14:10:11 UTC 
Have you tried to change this line, so that https:// is added instead of
http://?

https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=src/pakfire/lib/functions.pl;h=0bf702e5b0f5618c15348f95910313dba9949d3c;hb=HEAD#l178

You can get the protocol from the $proto variable.

It probably wasn't wise to never check this in the current version, but clients
will automatically try HTTP, even if we change the field to HTTPS.
Comment 2 Peter Müller 2018-03-24 16:23:07 UTC 
https://patchwork.ipfire.org/patch/1712/
Comment 3 Peter Müller 2018-03-28 16:06:42 UTC 
Sent in second patch: https://patchwork.ipfire.org/patch/1716/
Comment 4 Michael Tremer 2018-03-28 20:06:27 UTC 
Created attachment 567 [details]
attachment-32191-0.html

Patch accepted. I added the upstream proxy for HTTPS, too. We need to make sure that the initial server list is also being downloaded over HTTPS. Should be a separate ticket.
Comment 5 Michael Tremer 2018-03-29 21:07:48 UTC 
Lists have now been updated, too: https://mirror1.ipfire.org/pakfire2/2.19-x86_64/lists/server-list.db
Comment 6 Peter Müller 2018-04-09 19:21:05 UTC 
Great, thank you. I will test at the weekend...
Comment 7 Peter Müller 2018-04-30 18:59:56 UTC 
Core Update 120 has been released.