how to apps mirror support https?

[hzican]

sudo echo http://mirrors.163.com/tinycorelinux/ > /opt/tcemirror
is ok

sudo echo https://mirrors.tuna.tsinghua.edu.cn/tinycorelinux/ > /opt/tcemirror
not work

[mjmouse]

First load the ca-certificates extension. Note that the following base scripts don't support https mirrors at the moment:
- provides.sh (it will download the provides list the first time but never again)
- tce-status (only the -o switch)
- tce-update (it does still work, but will make a lot of errors while you use it)

I have some modified versions of those scripts at https://github.com/mbartlett21/Core-scripts/blob/mjb/https that do fix the support.

[linic]

I made a custom tcz called mirror-enable-https.tcz. It can switch /opt/tcemirror to https when the checks pass. It has a .tcz.dep.
It adds the following commands:

Code: [Select]

which-mirror: show the current mirror, supports verbose
is-mirror-https: checks if the mirror supports https downloads
mirror-enable-https: run at install time to automatically switch
  the mirror URL in /opt/tcemirror to https when is-mirror-https
  returns 0. 0 means https, any other code means that it is not.

The source code is available at https://gitlab.com/linichotmailca/mirror-enable-https.git.

You can build it from the gitlab code with a simple make command (as long as you have make installed (there's an install-prerequisites.sh script in the repo about that)) and it's hosted on a special partial mirror (which only works in http for now fixed https) at http://tcz.facedebouc.sbs/ and https://tcz.facedebouc.sbs/
and you need to

Code: [Select]

tce-load -w tce-load-github-lfs
first to be able to download it. For more details about tce-laod-github-lfs see https://forum.tinycorelinux.net/index.php/topic,27964.msg180945.html

I thought it would be fun/useful to have something like this after reading

Could we have a https set of mirrors added to mirrors.tcz to go along with my added support for them please?
I just went through the ones below on 17.x and all the http mirrors support https apart from repo.tinycorelinux.net .

https://distro.ibiblio.org/tinycorelinux/
https://ftp.nluug.nl/os/Linux/distr/pub/linux/distributions/tinycorelinux/
https://sunsite.icm.edu.pl/pub/Linux/sunsite.unc.edu/distributions/tinycorelinux/
https://sunsite2.icm.edu.pl/pub/Linux/sunsite.unc.edu/distributions/tinycorelinux/
https://mirror.cedia.org.ec/tinycorelinux/
https://mirrors.dotsrc.org/tinycorelinux/
https://mirrors.163.com/tinycorelinux/

and

Could we have a https set of mirrors added to mirrors.tcz to go along with my added support for them please?
I just went through the ones below on 17.x and all the http mirrors support https apart from repo.tinycorelinux.net .

https://distro.ibiblio.org/tinycorelinux/
https://ftp.nluug.nl/os/Linux/distr/pub/linux/distributions/tinycorelinux/
https://sunsite.icm.edu.pl/pub/Linux/sunsite.unc.edu/distributions/tinycorelinux/
https://sunsite2.icm.edu.pl/pub/Linux/sunsite.unc.edu/distributions/tinycorelinux/
https://mirror.cedia.org.ec/tinycorelinux/
https://mirrors.dotsrc.org/tinycorelinux/
https://mirrors.163.com/tinycorelinux/

https require ca-certificates.tcz and probably openssl.tcz. It also require buying certificates for repo.tinycorelinux.net. I would like to propose option to set mirror address in control panel, just like in TC 1.x

Also, I think certificates for repo.tinycorelinux.net could be free (in terms of money, but maybe not in terms of time). I used to run https://facedebouc.sbs on a RPI (until I moved it to github pages) and I would use certbot from Let's Encrypt. This was my reference https://pimylifeup.com/raspberry-pi-ssl-lets-encrypt/ at the time. In any case, I'm fine with http or https. http helps to keep tiny core tiny since https adds the need for ca-certificates and maybe more.