595136 – Please make bootstrap-prefix.sh available over TLS/SSL and generate checksums

Bug 595136 - Please make bootstrap-prefix.sh available over TLS/SSL and generate checksums

Summary: Please make bootstrap-prefix.sh available over TLS/SSL and generate checksums

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo/Alt
Classification:	Unclassified
Component:	Prefix Support (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Gentoo Prefix

URL:	https://wiki.gentoo.org/wiki/Project:...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-25 22:27 UTC by Boian Berberov
Modified:	2017-06-26 06:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Boian Berberov 2016-09-25 22:27:16 UTC

I think it would be a good idea to make bootstrap-prefix.sh available over TLS/SSL.  I see the majority of Gentoo's website already is.  Also, if you could generate checksums to verify the download's integrity, that would be great.  Thanks.

Reproducible: Always

Comment 1 Fabian Groffen gentoo-dev

2016-09-26 07:20:53 UTC

couple of things here:
- rsync.prefix.bitzolder.nl is a DNS rotation for which no SSL cert was setup (can do)
- rsync1.p.b.n do have SSL cert setup
- the cert setup is one signed by BitZolder CA, which is not in any default chain, hence verfication will not be possible (unless you trust the CA)
- the only way to get a valid SSL setup is move the location to dev.gentoo.org
- generating checksums can be done separately in the rsync generation step

Comment 2 Boian Berberov 2017-06-24 21:10:24 UTC

Fetching from https://gitweb.gentoo.org/ works.  Thank you.

Comment 3 Fabian Groffen gentoo-dev

2017-06-26 06:00:53 UTC

gitweb works, ssl is now also available from rsync.* https signed with Let's Encrypt.