From 94369d4f02caeb3fbf6d0f184ebc7b83e446e3b0 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 25 Jan 2024 12:17:54 -0800 Subject: Switch links to https: where possible All these point to valid https: resources, but there is a small chance that some unusual interaction will cause it not to work. Some of these changes also won't take effect until the server is restarted, so we'll need to keep this in mind if failures occur long from now. --- manifests/nodes/sucuk.pp | 2 +- modules/bcd/templates/vhost_bcd.conf | 2 +- modules/blog/templates/check_new-blog-post.sh | 2 +- modules/bugzilla/templates/params | 4 ++-- modules/bugzilla/templates/params.json | 2 +- modules/buildsystem/templates/bs-webstatus.conf | 2 +- modules/buildsystem/templates/iurt.conf | 2 +- modules/buildsystem/templates/upload.conf | 2 +- modules/mga-mirrors/files/check_mirrors_status | 2 +- modules/mirrorbrain/templates/webapp.conf | 6 +++--- modules/planet/templates/deploy_new-planet.sh | 5 +++-- modules/xymon/templates/hobbitserver.cfg | 2 +- modules/youri-check/templates/4.conf | 2 +- modules/youri-check/templates/5.conf | 2 +- modules/youri-check/templates/6.conf | 2 +- modules/youri-check/templates/7.conf | 2 +- modules/youri-check/templates/8.conf | 2 +- modules/youri-check/templates/9.conf | 2 +- modules/youri-check/templates/cauldron.conf | 4 ++-- modules/youri-check/templates/vhost_check.conf | 3 ++- 20 files changed, 27 insertions(+), 25 deletions(-) diff --git a/manifests/nodes/sucuk.pp b/manifests/nodes/sucuk.pp index 68bc4001..8a783cab 100644 --- a/manifests/nodes/sucuk.pp +++ b/manifests/nodes/sucuk.pp @@ -54,7 +54,7 @@ node sucuk { bindpw => extlookup('mgapeople_ldap','x'), vhost => "people.${::domain}", vhostdir => "/var/www/vhosts/people.${::domain}", - maintdburl => "http://pkgsubmit.${::domain}/data/maintdb.txt", + maintdburl => "https://pkgsubmit.${::domain}/data/maintdb.txt", } class { 'mga-treasurer': diff --git a/modules/bcd/templates/vhost_bcd.conf b/modules/bcd/templates/vhost_bcd.conf index 536b09d5..78528e48 100644 --- a/modules/bcd/templates/vhost_bcd.conf +++ b/modules/bcd/templates/vhost_bcd.conf @@ -2,7 +2,7 @@ AuthUserFile <%= scope.lookupvar('bcd::home') %>/htpasswd AuthGroupFile /dev/null AuthName "QA test isos, restricted access" - ErrorDocument 403 "For the password, please contact the QA team ( http://wiki.<%= domain %>/en/QA_Team )" + ErrorDocument 403 "For the password, please contact the QA team ( https://wiki.<%= domain %>/en/QA_Team )" AuthType Basic require valid-user diff --git a/modules/blog/templates/check_new-blog-post.sh b/modules/blog/templates/check_new-blog-post.sh index f9f442cd..50bc082d 100755 --- a/modules/blog/templates/check_new-blog-post.sh +++ b/modules/blog/templates/check_new-blog-post.sh @@ -2,7 +2,7 @@ # Initialization PATH_TO_FILE=${PATH_TO_FILE:-/var/lib/blog} -/usr/bin/wget -qO $PATH_TO_FILE"/last_tmp" http://blog.mageia.org/en/?feed=rss2 +/usr/bin/wget -qO $PATH_TO_FILE"/last_tmp" https://blog.mageia.org/en/?feed=rss2 if [ $? -ne 0 ] then exit 2 diff --git a/modules/bugzilla/templates/params b/modules/bugzilla/templates/params index 21269924..64e6d6d2 100644 --- a/modules/bugzilla/templates/params +++ b/modules/bugzilla/templates/params @@ -40,7 +40,7 @@ 'defaultpriority' => 'Normal', 'defaultquery' => 'bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailqa_contact2=1&order=Importance&long_desc_type=substring', 'defaultseverity' => 'normal', - 'docs_urlbase' => ' http://www.bugzilla.org/docs/4.4/en/html/', + 'docs_urlbase' => ' https://www.bugzilla.org/docs/4.4/en/html/', 'duplicate_or_move_bug_status' => 'RESOLVED', 'emailregexp' => '^[\\w\\.\\+\\-=]+@[\\w\\.\\-]+\\.[\\w\\-]+$', 'emailregexpdesc' => 'A legal address must contain exactly one \'@\', and at least one \'.\' after the @.', @@ -92,7 +92,7 @@ 'strict_isolation' => 0, 'timetrackinggroup' => '', 'upgrade_notification' => 'latest_stable_release', - 'urlbase' => 'http://bugs.<%= domain %>/', + 'urlbase' => 'https://bugs.<%= domain %>/', 'use_mailer_queue' => 0, 'use_see_also' => 1, 'usebugaliases' => 0, diff --git a/modules/bugzilla/templates/params.json b/modules/bugzilla/templates/params.json index fb4d81cd..79ec8c66 100644 --- a/modules/bugzilla/templates/params.json +++ b/modules/bugzilla/templates/params.json @@ -86,7 +86,7 @@ "strict_transport_security" : "off", "timetrackinggroup" : "", "upgrade_notification" : "latest_stable_release", - "urlbase" : "http://bugs.<%= domain %>/", + "urlbase" : "https://bugs.<%= domain %>/", "use_mailer_queue" : "0", "use_see_also" : "1", "useclassification" : "0", diff --git a/modules/buildsystem/templates/bs-webstatus.conf b/modules/buildsystem/templates/bs-webstatus.conf index bfb6c904..9f37a990 100644 --- a/modules/buildsystem/templates/bs-webstatus.conf +++ b/modules/buildsystem/templates/bs-webstatus.conf @@ -19,7 +19,7 @@ $title = 'Build system status'; $robots = 'index,nofollow,nosnippet,noarchive'; /** */ -$g_root_url = 'http://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/'; +$g_root_url = 'https://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/'; /** URL to view a package svn revision. %d is replaced by the revision */ $package_commit_url = '<%= scope.lookupvar('buildsystem::var::webstatus::package_commit_url') %>'; diff --git a/modules/buildsystem/templates/iurt.conf b/modules/buildsystem/templates/iurt.conf index 77839b84..c08088ae 100644 --- a/modules/buildsystem/templates/iurt.conf +++ b/modules/buildsystem/templates/iurt.conf @@ -15,7 +15,7 @@ upload_queue => '<%= build_login %>@pkgsubmit:~/uploads/queue/', unwanted_packages => '^monotone-', repository => 'http://<%= scope.lookupvar('buildsystem::var::repository::hostname') %>/<%= scope.lookupvar('buildsystem::var::repository::distribdir') %>/', - log_url => 'http://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/queue/build/', + log_url => 'https://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/queue/build/', admin => 'mageia-sysadm@mageia.org', packager => 'Iurt the rebuild bot ', sendmail => 0, diff --git a/modules/buildsystem/templates/upload.conf b/modules/buildsystem/templates/upload.conf index 7846cab7..af610c92 100644 --- a/modules/buildsystem/templates/upload.conf +++ b/modules/buildsystem/templates/upload.conf @@ -98,7 +98,7 @@ my $homedir = "<%= scope.lookupvar('buildsystem::var::iurt::homedir') %>"; -%> }, admin => '<%= scope.lookupvar('buildsystem::var::scheduler::admin_mail') %>', - http_queue => 'http://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/uploads', + http_queue => 'https://<%= scope.lookupvar('buildsystem::var::webstatus::hostname') %>/uploads', upload_user => '<%= scope.lookupvar('buildsystem::var::scheduler::login') %>', email_domain => '<%= domain %>', arch => { diff --git a/modules/mga-mirrors/files/check_mirrors_status b/modules/mga-mirrors/files/check_mirrors_status index 6d5923ca..4ea3b59a 100755 --- a/modules/mga-mirrors/files/check_mirrors_status +++ b/modules/mga-mirrors/files/check_mirrors_status @@ -34,7 +34,7 @@ def get_mirrors mirrors = [] url = nil tier1 = false - fetch_url("http://mirrors.mageia.org/").each_line{|l| + fetch_url("https://mirrors.mageia.org/").each_line{|l| if l =~ /rsync.mageia.org/ then tier1 = true next diff --git a/modules/mirrorbrain/templates/webapp.conf b/modules/mirrorbrain/templates/webapp.conf index 1c8d5656..9606be64 100644 --- a/modules/mirrorbrain/templates/webapp.conf +++ b/modules/mirrorbrain/templates/webapp.conf @@ -3,9 +3,9 @@ MirrorBrainDebug Off FormGET On MirrorBrainHandleHEADRequestLocally Off - MirrorBrainFallback na us http://mirrors.kernel.org/mageia/ + MirrorBrainFallback na us https://mirrors.kernel.org/mageia/ MirrorBrainFallback eu fr http://ftp.free.fr/mirrors/mageia.org/ - MirrorBrainFallback eu se http://ftp.acc.umu.se/mirror/mageia/ + MirrorBrainFallback eu se https://ftp.acc.umu.se/mirror/mageia/ MirrorBrainMinSize 0 #MirrorBrainExcludeUserAgent rpm/4.4.2* #MirrorBrainExcludeUserAgent *APT-HTTP* @@ -13,4 +13,4 @@ DirectoryIndex disable Options +FollowSymLinks +Indexes Require all granted - \ No newline at end of file + diff --git a/modules/planet/templates/deploy_new-planet.sh b/modules/planet/templates/deploy_new-planet.sh index 605fa273..b3889d31 100755 --- a/modules/planet/templates/deploy_new-planet.sh +++ b/modules/planet/templates/deploy_new-planet.sh @@ -22,7 +22,8 @@ then # Deploy new planet with locale given /bin/mkdir $FILE /bin/chown planet:apache $FILE - /usr/bin/wget -O $PATH_TO_FILE"/moonmoon.tar.gz" http://damsweb.net/files/moonmoon_mageia.tar.gz + # TODO: this URL returns 403 (2024-01) + /usr/bin/wget -O $PATH_TO_FILE"/moonmoon.tar.gz" https://damsweb.net/files/moonmoon_mageia.tar.gz if [ $? -ne 0 ] then echo "Aborted, can't download GZIP file" @@ -32,7 +33,7 @@ then /bin/mkdir $FILE"cache" /bin/chown -R planet:apache $FILE /bin/chmod g+w $FILE"custom" $FILE"custom/people.opml" $FILE"admin/inc/pwd.inc.php" $FILE"cache" - echo -e "Info: a new Planet had been deployed.\nThe locale is: \"$locale\" - http://planet.<%= domain %>/$locale \n-- \nMail sent by the script '$0' on `hostname`" | /bin/mail -s "New planet Mageia deployed" mageia-webteam@<%= domain %> mageia-marketing@<%= domain %> + echo -e "Info: a new Planet had been deployed.\nThe locale is: \"$locale\" - https://planet.<%= domain %>/$locale \n-- \nMail sent by the script '$0' on `hostname`" | /bin/mail -s "New planet Mageia deployed" mageia-webteam@<%= domain %> mageia-marketing@<%= domain %> fi else echo "Aborted, please try again." diff --git a/modules/xymon/templates/hobbitserver.cfg b/modules/xymon/templates/hobbitserver.cfg index deb15608..a5a7aacf 100644 --- a/modules/xymon/templates/hobbitserver.cfg +++ b/modules/xymon/templates/hobbitserver.cfg @@ -58,7 +58,7 @@ MACHINEDOTS="$BBSERVERHOSTNAME" # This systems hostname MACHINEADDR="$BBSERVERIP" # This systems IP-address # URL's generated/used by bbgen -BBWEBHOST="http://$BBSERVERWWWNAME" # Just the host part of the URL - http://www.foo.com +BBWEBHOST="https://$BBSERVERWWWNAME" # Just the host part of the URL - http://www.foo.com BBWEBHOSTURL="$BBWEBHOST$BBSERVERWWWURL" # Prefix for all static Xymon pages - http://www.foo.com/bb BBWEBHTMLLOGS="$BBWEBHOSTURL/html" # Prefix for the Xymon HTML logs (only if BBLOGSTATUS=STATIC) BBWEB="$BBSERVERWWWURL" # Xymon URL prefix without the host part diff --git a/modules/youri-check/templates/4.conf b/modules/youri-check/templates/4.conf index 3e7df09e..aa7e5d4e 100644 --- a/modules/youri-check/templates/4.conf +++ b/modules/youri-check/templates/4.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/5.conf b/modules/youri-check/templates/5.conf index ca54f36e..4e9a9217 100644 --- a/modules/youri-check/templates/5.conf +++ b/modules/youri-check/templates/5.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/6.conf b/modules/youri-check/templates/6.conf index 05177b28..9b2fdae2 100644 --- a/modules/youri-check/templates/6.conf +++ b/modules/youri-check/templates/6.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/7.conf b/modules/youri-check/templates/7.conf index c91cdae1..5054f2de 100644 --- a/modules/youri-check/templates/7.conf +++ b/modules/youri-check/templates/7.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/8.conf b/modules/youri-check/templates/8.conf index 6d14bcaf..c6ba6881 100644 --- a/modules/youri-check/templates/8.conf +++ b/modules/youri-check/templates/8.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/9.conf b/modules/youri-check/templates/9.conf index 690bf923..28028080 100644 --- a/modules/youri-check/templates/9.conf +++ b/modules/youri-check/templates/9.conf @@ -18,7 +18,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody diff --git a/modules/youri-check/templates/cauldron.conf b/modules/youri-check/templates/cauldron.conf index b1cd0e9f..e7e19608 100644 --- a/modules/youri-check/templates/cauldron.conf +++ b/modules/youri-check/templates/cauldron.conf @@ -20,7 +20,7 @@ resultset: resolver: class: Youri::Check::Maintainer::Resolver::CGI options: - url: http://pkgsubmit.<%= domain %>/data/maintdb.txt + url: https://pkgsubmit.<%= domain %>/data/maintdb.txt exceptions: - nobody @@ -270,7 +270,7 @@ tests: iurt: class: Youri::Check::Test::Build::Source::Iurt options: - url: http://pkgsubmit.mageia.org/autobuild/cauldron + url: https://pkgsubmit.mageia.org/autobuild/cauldron arches: - x86_64 medias: diff --git a/modules/youri-check/templates/vhost_check.conf b/modules/youri-check/templates/vhost_check.conf index d33530df..fd4d87b1 100644 --- a/modules/youri-check/templates/vhost_check.conf +++ b/modules/youri-check/templates/vhost_check.conf @@ -1 +1,2 @@ -Header set Access-Control-Allow-Origin "http://pkgsubmit.<%= domain %>" +Header set Access-Control-Allow-Origin "http://pkgsubmit.<%= domain %>" # default +Header set Access-Control-Allow-Origin "https://pkgsubmit.<%= domain %>" env=HTTPS # override -- cgit v1.2.1