Bug 11661

Summary: Pin HTTPS support of Pakfire mirrors
Product: Pakfire Reporter: Peter Müller <peter.mueller>
Component: BaseAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Security    
Priority: - Unknown -    
Version: unspecified   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11539
Attachments: attachment-32191-0.html

Description Peter Müller 2018-03-03 21:36:38 UTC
Currently, the Pakfire server list (https://mirror1.ipfire.org/pakfire2/2.19/lists/server-list.db) does not give any information about HTTPS supported on a mirror.

Is it possible to "pin" a mirror on using HTTPS in this file by replacing the HTTP prefix against HTTPS?
Comment 1 Michael Tremer 2018-03-11 14:10:11 UTC
Have you tried to change this line, so that https:// is added instead of


You can get the protocol from the $proto variable.

It probably wasn't wise to never check this in the current version, but clients
will automatically try HTTP, even if we change the field to HTTPS.
Comment 2 Peter Müller 2018-03-24 16:23:07 UTC
Comment 3 Peter Müller 2018-03-28 16:06:42 UTC
Sent in second patch: https://patchwork.ipfire.org/patch/1716/
Comment 4 Michael Tremer 2018-03-28 20:06:27 UTC
Created attachment 567 [details]

Patch accepted. I added the upstream proxy for HTTPS, too. We need to make sure that the initial server list is also being downloaded over HTTPS. Should be a separate ticket.
Comment 5 Michael Tremer 2018-03-29 21:07:48 UTC
Lists have now been updated, too: https://mirror1.ipfire.org/pakfire2/2.19-x86_64/lists/server-list.db
Comment 6 Peter Müller 2018-04-09 19:21:05 UTC
Great, thank you. I will test at the weekend...
Comment 7 Peter Müller 2018-04-30 18:59:56 UTC
Core Update 120 has been released.