• Registered: 2020-04-17
  • Posts: 12

Topic: HTTPS for cdn.remirepo.net

Hello and first of all thanks again for all your work and time that went into your packages!

I have a (hopefully) small request: Could you please add HTTPS to cdn.remirepo.net? I know the repo and packages are GPG signed, but plain HTTP just doesn't feel right these days and certificates are easy to get. This is the main reason I'm using your mirror directly instead of the mirrorlist. Ideally the `yum.repos.d` entries that are installed with the release package would advertise these HTTPS URLs as well instead of HTTP.

Thanks again!

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,848

Re: HTTPS for cdn.remirepo.net

Sorry but this is not possible for now
CDN was created to avoid the single point of failure, so use 2 servers in 2 datacenters
Only 1 is under my control

Use:

mirrorlist=https://rpms.remirepo.net/.../httpsmirror

This will also return only https mirrors


P.S.1 but this raises the SPOF issue
P.S.2 this line is present in the repo config file (commented out)

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2020-04-17
  • Posts: 12

Re: HTTPS for cdn.remirepo.net

Remi wrote:

P.S.2 this line is present in the repo config file (commented out)

Thanks for the quick reply! After installing the `remi-release.rpm` I have these lines in the config file:

#baseurl=http://rpms.remirepo.net/fedora/$releasever/remi/$basearch/
mirrorlist=http://cdn.remirepo.net/fedora/$releasever/remi/$basearch/mirror

It might make sense to introduce more HTTPS in the repo config file here
https://git.remirepo.net/cgit/rpms/remi … /remi.repo

I prefer a SPOF over unencrypted traffic anytime, but maybe you can communicate this issue to the person/team having control over cdn.remirepo.net?

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,848

Re: HTTPS for cdn.remirepo.net

Indeed the https URL is only in the enterprise configuration file
I will add it in the next update of the Fedora package


> but maybe you can communicate this issue to the person/team having control over cdn.remirepo.net?

Of course I communicate with him wink
But I don't want to send my private key to another server not under my full control

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website