Use SSL for nginx APT repository #939
Conversation
|
@saz: at a minimum, the spec tests will probably need to be updated for us to merge this (to reflect the changed URLs). |
|
Technically, it just needs the tests to be updated, but I'm adding the 'needs tests' flag until the tests are passing. |
|
I believe this will require the apt-transport-tls package to function correctly, which is not installed by default. |
|
@xaque208 Ah, didn't realize that, but that may be another reason not to do this. |
|
Assuming what @xaque208 said is correct, I think it makes sense to either a) not implement this, or b) make it a configurable option, defaulting to off. If you want to make a pass at implementing b), I think this can be discussed, but there will need to be test cases for both. Maybe a boolean option in |
|
@xaque208: looking again, we're already using https for passenger repo, and there's already a: |
|
I'll change the pr asap. Sorry for missing this! |
|
Does |
|
@wyardley Never mind, read the code and answered my own question. |
|
@xaque208 Yeah, just noticed this offhand when I was testing some unrelated acceptance test stuff related to Ubuntu 16; the Passenger repo is already using https (and works in the acceptance tests), so I think this will work as-is. Still need to work out whether it's worth embedding the GPG key in the package and whether it's feasible / practical to deal with GPG key expiration directly in the module. @saz: thanks! I mentioned it above, but make sure to squash the commits. There are a couple PRs that are pending that have a bit of overlap, but I think (hope) they won't conflict. |
|
@saz: have you had a chance to update the tests? |
|
@wyardley should be working now. |
|
👍 |
Use SSL for nginx APT repository
The nginx APT repository is currently not using https.
This PR will fix this.