Hi all,
I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time.
Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL?
Best, Christoph
Carpe Squeak!
|
I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions? Seems like bug to me. Best, Marcel
|
Hi Marcel, hi all,
phew, this turned out to be a bit more complicated than I had assumed.
The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version. Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS:
I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here?
Best,
Christoph
Von: Squeak-dev <[hidden email]> im Auftrag von Taeumel, Marcel
Gesendet: Freitag, 12. Juni 2020 16:17 Uhr An: squeak-dev Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS?
I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions?
Seems like bug to me.
Best,
Marcel
patch-source.squeak.org-repositories.st (1K) Download Attachment
Carpe Squeak!
|
The source server does not rewrite config maps. It returns exactly what was uploaded when that map was published. Including the trunk url. - Vanessa - On Tue, Sep 8, 2020 at 3:22 AM Thiede, Christoph <[hidden email]> wrote:
|
Hi
> On 09.09.2020, at 01:15, Vanessa Freudenberg <[hidden email]> wrote: > > The source server does not rewrite config maps. It returns exactly what was uploaded when that map was published. Including the trunk url. To add, there has never been "official" HTTPS support in Monticello. We just happen to have: - Replaced HTTPSocket with WebClient - SqueakSSL - A server that incidentally serves https:// for the monticello paths I switched over to https for our HPI squeaksource by (reasonable) demand of the students. We then tested for some time and found no problems. That said, - We have no extensive test - https is (in our variant) still slower than plain http and subject to all SqueakSSL problems that we might have. - certificate checking is still a big mess. - http2 is still missing from SqueakSSL/WebClient. Fortunately, the SqueakSource server does not need to speak SSL itself, the reverse proxy (nginx) takes care of that. So, should we consider an "official" switch, then I think, that can work, if we're fine with the caveats. That would mean, changing the update maps. Best regards -Tobias PS: HTML support something like "protocol-relative urls", that is, you omit the protocl in a link. so instead of hardcoding http://source.squeak.org/trunk or https://source.squeak.org/trunk, you'd say //source.squeak.org/trunk. This was popular for some time, but at the time of writing, the general recommendation for the web is: go https:// > > - Vanessa - > > On Tue, Sep 8, 2020 at 3:22 AM Thiede, Christoph <[hidden email]> wrote: > Hi Marcel, hi all, > > > phew, this turned out to be a bit more complicated than I had assumed. > > > The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version. > > Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS: > > > > ( > name 'update-eem.477' > repository ('http://source.squeak.org/trunk') > dependency ('Squeak-Version' 'Squeak-Version-mt.5252' 'b9a3cd5b-b708-8646-a99f-5f3ae294ceb1') > ... > > > I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here? > > Best, > Christoph > > Von: Squeak-dev <[hidden email]> im Auftrag von Taeumel, Marcel > Gesendet: Freitag, 12. Juni 2020 16:17 Uhr > An: squeak-dev > Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > > I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions? > > Seems like bug to me. > > Best, > Marcel >> Am 12.06.2020 15:51:51 schrieb Thiede, Christoph <[hidden email]>: >> >> Hi all, >> >> >> I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time. >> >> >> Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL? >> >> >> Best, >> >> Christoph >> > > |
In reply to this post by Christoph Thiede
Hi Christoph,
On Tue, 8 Sep 2020, Thiede, Christoph wrote: > > Hi Marcel, hi all, > > > phew, this turned out to be a bit more complicated than I had assumed. > > > The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version. I just checked your script. It's behavior seems to match what I wrote a while ago. My variant changes all source.squeak.org urls to https: MCMcmUpdater allInstances select: [ :each | each repository beginsWith: 'http://source.squeak.org' ] thenDo: [ :httpUpdater | | httpsUrl newUpdater | httpsUrl := 'https', (httpUpdater repository allButFirst: 4). newUpdater := MCMcmUpdater repository: httpsUrl updateMap: httpUpdater updateMapName lastUpdateMap: (Dictionary new at: httpsUrl put: (httpUpdater lastUpdateMap at: httpUpdater repository); yourself). newUpdater register. httpUpdater unregister ]. MCRepositoryGroup default repositories select: [ :each | (each isKindOf: MCHttpRepository) and: [ each description beginsWith: 'http://source.squeak.org' ]] thenDo: [ :repository | repository location: 'https', (repository description allButFirst: 4) ]. MCMcmUpdater defaultUpdateURL in: [ :updateUrl | (updateUrl beginsWith: 'http://source.squeak.org') ifTrue: [ MCMcmUpdater defaultUpdateURL: 'https', (updateUrl allButFirst: 4) ] ] However, such scripts on their own are not enough. Besides the update maps, the image has several references to the http urls. Most of those need to be updated as well. Levente > > Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS: > > > ( > name 'update-eem.477' > repository ('http://source.squeak.org/trunk') > dependency ('Squeak-Version' 'Squeak-Version-mt.5252' 'b9a3cd5b-b708-8646-a99f-5f3ae294ceb1') > ... > > > I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here? > > Best, > Christoph > > _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Von: Squeak-dev <[hidden email]> im Auftrag von Taeumel, Marcel > Gesendet: Freitag, 12. Juni 2020 16:17 Uhr > An: squeak-dev > Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions? > Seems like bug to me. > > Best, > Marcel > > Am 12.06.2020 15:51:51 schrieb Thiede, Christoph <[hidden email]>: > > Hi all, > > > I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time. > > > Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from > their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL? > > > Best, > > Christoph > > > |
Hi all,
Levente, thanks for the improvements! I attempted to only patch as much as required for updating the image via the docking bar menu or the Monticello Browser. Why aren't you using 'MCHttpRepository allInstancesDo:' in your version? And I used the Compiler in my version in order not to change the DefaultUpdateURL class variable if it was not set before. Von: Squeak-dev <[hidden email]> im Auftrag von Levente Uzonyi <[hidden email]>
Gesendet: Mittwoch, 9. September 2020 10:57:08 An: The general-purpose Squeak developers list Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? Hi Christoph,
On Tue, 8 Sep 2020, Thiede, Christoph wrote: > > Hi Marcel, hi all, > > > phew, this turned out to be a bit more complicated than I had assumed. > > > The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version. I just checked your script. It's behavior seems to match what I wrote a while ago. My variant changes all source.squeak.org urls to https: MCMcmUpdater allInstances select: [ :each | each repository beginsWith: 'http://source.squeak.org' ] thenDo: [ :httpUpdater | | httpsUrl newUpdater | httpsUrl := 'https', (httpUpdater repository allButFirst: 4). newUpdater := MCMcmUpdater repository: httpsUrl updateMap: httpUpdater updateMapName lastUpdateMap: (Dictionary new at: httpsUrl put: (httpUpdater lastUpdateMap at: httpUpdater repository); yourself). newUpdater register. httpUpdater unregister ]. MCRepositoryGroup default repositories select: [ :each | (each isKindOf: MCHttpRepository) and: [ each description beginsWith: 'http://source.squeak.org' ]] thenDo: [ :repository | repository location: 'https', (repository description allButFirst: 4) ]. MCMcmUpdater defaultUpdateURL in: [ :updateUrl | (updateUrl beginsWith: 'http://source.squeak.org') ifTrue: [ MCMcmUpdater defaultUpdateURL: 'https', (updateUrl allButFirst: 4) ] ] However, such scripts on their own are not enough. Besides the update maps, the image has several references to the http urls. Most of those need to be updated as well. Levente > > Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS: > > > ( > name 'update-eem.477' > repository ('http://source.squeak.org/trunk') > dependency ('Squeak-Version' 'Squeak-Version-mt.5252' 'b9a3cd5b-b708-8646-a99f-5f3ae294ceb1') > ... > > > I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here? > > Best, > Christoph > > _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Von: Squeak-dev <[hidden email]> im Auftrag von Taeumel, Marcel > Gesendet: Freitag, 12. Juni 2020 16:17 Uhr > An: squeak-dev > Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions? > Seems like bug to me. > > Best, > Marcel > > Am 12.06.2020 15:51:51 schrieb Thiede, Christoph <[hidden email]>: > > Hi all, > > > I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time. > > > Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from > their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL? > > > Best, > > Christoph > > >
Carpe Squeak!
|
Hi Christoph,
On Wed, 9 Sep 2020, Thiede, Christoph wrote: > > Hi all, > > > Levente, thanks for the improvements! I attempted to only patch as much as required for updating the image via the docking bar menu or the Monticello Browser. They are not necessarily improvements, just what I came up with when I tried to tackle the problem. > > Why aren't you using 'MCHttpRepository allInstancesDo:' in your version? That's probably better if you have repositories outside of the default group. > > And I used the Compiler in my version in order not to change the DefaultUpdateURL class variable if it was not set before. There's no need for that. #defaultUpdateURL will not change DefaultUpdateURL's value. > > > > That would mean, changing the update maps. > +1 for doing so. Could there be any possible problems? Environments that do not support SSL today? Possible performance problems? If you apply your patch before the new update map is in place, the http repositires will come back during the next update. If the update map with the https repositories is in place before the patch is applied, the repositories will duplicate: the update map will create new https repositores on update, then the patch will try to convert the http repositories to https. (AFAIU) Levente > > Best, > Christoph > > _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > Von: Squeak-dev <[hidden email]> im Auftrag von Levente Uzonyi <[hidden email]> > Gesendet: Mittwoch, 9. September 2020 10:57:08 > An: The general-purpose Squeak developers list > Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > Hi Christoph, > > On Tue, 8 Sep 2020, Thiede, Christoph wrote: > > > > > Hi Marcel, hi all, > > > > > > phew, this turned out to be a bit more complicated than I had assumed. > > > > > > The attached script should patch every in the image required to upgrade the update URLs to HTTPS. Eventually, I would like to ship it via a postscript in a regular trunk version. > > I just checked your script. It's behavior seems to match what I wrote a > while ago. My variant changes all source.squeak.org urls to https: > > MCMcmUpdater allInstances > select: [ :each | each repository beginsWith: 'http://source.squeak.org' ] > thenDo: [ :httpUpdater | > | httpsUrl newUpdater | > httpsUrl := 'https', (httpUpdater repository allButFirst: 4). > newUpdater := MCMcmUpdater > repository: httpsUrl > updateMap: httpUpdater updateMapName > lastUpdateMap: (Dictionary new > at: httpsUrl > put: (httpUpdater lastUpdateMap at: httpUpdater repository); > yourself). > newUpdater register. > httpUpdater unregister ]. > MCRepositoryGroup default repositories > select: [ :each | > (each isKindOf: MCHttpRepository) > and: [ each description beginsWith: 'http://source.squeak.org' ]] > thenDo: [ :repository | > repository location: 'https', (repository description allButFirst: 4) ]. > MCMcmUpdater defaultUpdateURL in: [ :updateUrl | > (updateUrl beginsWith: 'http://source.squeak.org') ifTrue: [ > MCMcmUpdater defaultUpdateURL: 'https', (updateUrl allButFirst: 4) ] ] > > > However, such scripts on their own are not enough. Besides the update > maps, the image has several references to the http urls. Most of those > need to be updated as well. > > > Levente > > > > > Still, the server code must be updated, because unfortunately, it returns URLs with hard-coded HTTP, even if the request is made via HTTPS: > > > > > > ( > > name 'update-eem.477' > > repository ('http://source.squeak.org/trunk') > > dependency ('Squeak-Version' 'Squeak-Version-mt.5252' 'b9a3cd5b-b708-8646-a99f-5f3ae294ceb1') > > ... > > > > > > I don't have access to the server code, but apparently the protocol should be checked there. And isn't it a general convention to favor relative over absolute URLs? Why doesn't the server simply return '/trunk' here? > > > > Best, > > Christoph > > > >________________________________________________________________________________________________________________________________________________________________________________________________________________________________ > _ > > Von: Squeak-dev <[hidden email]> im Auftrag von Taeumel, Marcel > > Gesendet: Freitag, 12. Juni 2020 16:17 Uhr > > An: squeak-dev > > Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > > I suppose it is because the update map has "http" in it for each package version. And maybe also because your repositories in Monticello are configured as "http". So, the mechanism does not find any previous versions? > > Seems like bug to me. > > > > Best, > > Marcel > > > > Am 12.06.2020 15:51:51 schrieb Thiede, Christoph <[hidden email]>: > > > > Hi all, > > > > > > I spent a number of attempts during the latest months on changing my image's update URL to use HTTPS, but unfortunately, it gets reset each time. > > > > > > Shouldn't I be able to simply change the update URL in the preferences by adding a small "s" behind the "http"? But if I do so, when I press the update button the next time, Squeak starts loading all packages from > > their initial version (Tools-xyz.1, Morphic-xyz.1, ...). Is there a way to easily change the URL? > > > > > > Best, > > > > Christoph > > > > > > > > |
In reply to this post by Christoph Thiede
> On 09.09.2020, at 22:56, Thiede, Christoph <[hidden email]> wrote: > > Hi all, > > Levente, thanks for the improvements! I attempted to only patch as much as required for updating the image via the docking bar menu or the Monticello Browser. > Why aren't you using 'MCHttpRepository allInstancesDo:' in your version? > And I used the Compiler in my version in order not to change the DefaultUpdateURL class variable if it was not set before. > > > That would mean, changing the update maps. > > +1 for doing so. Could there be any possible problems? Environments that do not support SSL today? Possible performance problems? Our SSL support is lacking. No actual Cert checking on Unix. Nobody outside HPI seriously tested the environment. Thats about it. -t |
Hi all,
sounds as if the Squeak world would not yet be ready to migrate completely to HTTPS? Maybe a hybrid solution (i.e. relative URLs in the update map) could indeed be a better solution?
> There's no need for that. #defaultUpdateURL will not change DefaultUpdateURL's value.
Yes, it won't, but #defaultUpdateURL: will do so.
> Nobody outside HPI seriously tested the environment. How could such a test look like?
Best,
Christoph
Von: Squeak-dev <[hidden email]> im Auftrag von Tobias Pape <[hidden email]>
Gesendet: Freitag, 11. September 2020 08:18:17 An: The general-purpose Squeak developers list Betreff: Re: [squeak-dev] How to change the update URL for Trunk HTTPS? > On 09.09.2020, at 22:56, Thiede, Christoph <[hidden email]> wrote: > > Hi all, > > Levente, thanks for the improvements! I attempted to only patch as much as required for updating the image via the docking bar menu or the Monticello Browser. > Why aren't you using 'MCHttpRepository allInstancesDo:' in your version? > And I used the Compiler in my version in order not to change the DefaultUpdateURL class variable if it was not set before. > > > That would mean, changing the update maps. > > +1 for doing so. Could there be any possible problems? Environments that do not support SSL today? Possible performance problems? Our SSL support is lacking. No actual Cert checking on Unix. Nobody outside HPI seriously tested the environment. Thats about it. -t
Carpe Squeak!
|
Hi Levente, Hi Tobias, Hi Vanessa,
would it be possible to layer in a hack to avoid having to edit the URLs? At some point in Monticello update a http connection is made. If at that point there is a url translation dictionary (a map) then a http url could be mapped selectively to an https one. If there is no entry in the map no translation occurs. Or does that break things upstream? _,,,^..^,,,_ (phone) On Sep 11, 2020, at 3:24 AM, Thiede, Christoph <[hidden email]> wrote:
|
On Sep 11, 2020, at 6:42 AM, Eliot Miranda <[hidden email]> wrote:
|
Free forum by Nabble | Edit this page |