Hi

> On 09.09.2020, at 01:15, Vanessa Freudenberg <vanessa at codefrau.net> wrote:
> 
> The source server does not rewrite config maps. It returns exactly what was uploaded when that map was published. Including the trunk url.

To add, there has never been "official" HTTPS support in Monticello.
We just happen to have:
	- Replaced HTTPSocket with WebClient
	- SqueakSSL
	- A server that incidentally serves https:// for the monticello paths

I switched over to https for our HPI squeaksource by (reasonable) demand of the students.
We then tested for some time and found no problems.
That said,
	- We have no extensive test
	- https is (in our variant) still slower than plain http and subject to all SqueakSSL problems that we might have.
	- certificate checking is still a big mess.
	- http2 is still missing from SqueakSSL/WebClient.

Fortunately, the SqueakSource server does not need to speak SSL itself, the reverse proxy (nginx) takes care of that.

So, should we consider an "official" switch, then I think, that can work, if we're fine with the caveats.

That would mean, changing the update maps.

Best regards
	-Tobias

PS: HTML support something like "protocol-relative urls", that is, you omit the  protocl in a link.
	so instead of hardcoding http://source.squeak.org/trunk or https://source.squeak.org/trunk, you'd say //source.squeak.org/trunk.
	This was popular for some time, but at the time of writing, the general recommendation for the web is: go https://


> 
> - Vanessa -
> 
> On Tue, Sep 8, 2020 at 3:22 AM Thiede, Christoph <Christoph.Thiede at student.hpi.uni-potsdam.de> wrote:
> Hi Marcel, hi all,
> 
> 
> phew, this turned out to be a bit more complicated than I had assumed.
> 
> 
> The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version.
> 
> Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS:
> 
> 
> 
> (
> name 'update-eem.477'
> repository ('http://source.squeak.org/trunk')
> dependency ('Squeak-Version' 'Squeak-Version-mt.5252' 'b9a3cd5b-b708-8646-a99f-5f3ae294ceb1')
> ...
> 
> 
> I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here?
> 
> Best,
> Christoph
> 
> Von: Squeak-dev <squeak-dev-bounces at lists.squeakfoundation.org> im Auftrag von Taeumel, Marcel
> Gesendet: Freitag, 12. Juni 2020 16:17 Uhr
> An: squeak-dev
> Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS?
>  
> I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions?
> 
> Seems like bug to me.
> 
> Best,
> Marcel
>> Am 12.06.2020 15:51:51 schrieb Thiede, Christoph <christoph.thiede at student.hpi.uni-potsdam.de>:
>> 
>> Hi all,
>> 
>> 
>> I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time.
>> 
>> 
>> Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL?
>> 
>> 
>> Best,
>> 
>> Christoph
>> 
> 
>