Greetings,
On 5/14/25 13:52, Ludovic Courtès wrote:
Hi,
Ricardo Wurmus <rek...@elephly.net> writes:
Noé Lopez <noelo...@free.fr> writes:
I guess its for style points, which I’m all for. I do think it would
be
better to set the URL to git.guix.gnu.org/guix/guix.git and just a
DNS
redirect to codeberg to avoid the extra connection.
I second this.
I guess this would make switching, in case of disasters, seamless for
the user, which is probably something we want. The URL doesn't change.
On Guix project's side, it's a relatively quick change. The extra load
is probably negligible also. No need to proxy the connections.
I think a DNS level redirect would be sufficient. I'd prefer not to
loop in bayfront for every git connection.
As I suggested in <https://issues.guix.gnu.org/76296>, I don’t think
that’s possible: the X.509 certificate that codeberg.org serves is for
codeberg.org, not for git.guix.gnu.org, so TLS libraries would report a
host name mismatch.
I did some testing on a test domain. I configured both DNS redirect
(git-dns.guix.redscript.org) and HTTP 302 redirect
(git.guix.redscript.org) to codeberg.org. As Ludo mentioned before, DNS
redirect doesn't work. HTTP 302 redirect seems to work well with both
"guix pull" and "git clone".
The configuration is still in place. Feel free to test.
Commands, config and output below.
HTTP 302 redirect tests:
---
user@pc ~> guix pull
--url=https://git.guix.redscript.org/guix/guix-mirror.git
Updating channel 'nonguix' from Git repository at
'https://gitlab.com/nonguix/nonguix'...
Updating channel 'guix' from Git repository at
'https://git.guix.redscript.org/guix/guix-mirror.git'...
guix pull: warning: pulled channel 'guix' from a mirror of
https://git.savannah.gnu.org/git/guix.git, which might be stale
Building from these channels:
nonguix https://gitlab.com/nonguix/nonguix 3f530e5
guix https://git.guix.redscript.org/guix/guix-mirror.git 17c34fe
[...]
---
---
user@pc ~> guix describe
[...]
guix 17c34fe
repository URL: https://git.guix.redscript.org/guix/guix-mirror.git
branch: master
commit: 17c34fe73ddef7411ac91ff2e568aa0b8d7761cb
---
---
user@pc ~/git> git clone https://git.guix.redscript.org/guix/guix-mirror.git
Cloning into 'guix-mirror'...
warning: redirecting to https://codeberg.org/guix/guix-mirror.git/
remote: Enumerating objects: 898744, done.
[...]
Updating files: 100% (3145/3145), done.
---
DNS redirect tests:
---
user@pc ~> guix pull
--url=https://git-dns.guix.redscript.org/guix/guix-mirror.git
Updating channel 'nonguix' from Git repository at
'https://gitlab.com/nonguix/nonguix'...
Updating channel 'guix' from Git repository at
'https://git-dns.guix.redscript.org/guix/guix-mirror.git'...
guix pull: error: Git error: SSL error: error:0A000438:SSL
routines::tlsv1 alert internal error
---
---
user@pc ~/git> git clone
https://git-dns.guix.redscript.org/guix/guix-mirror.git
Cloning into 'guix-mirror'...
fatal: unable to access
'https://git-dns.guix.redscript.org/guix/guix-mirror.git/':
gnutls_handshake() failed: Internal error
---
The DNS entries I used:
---
git.guix.redscript.org 60 IN A 181.214.58.244
git-dns.guix.redscript.org 60 IN CNAME codeberg.org
---
NGINX config I used (some minor personal stuff removed):
---
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.guix.redscript.org;
ssl_certificate
/etc/private/live/git.guix.redscript.org/fullchain.pem;
ssl_certificate_key
/etc/private/live/git.guix.redscript.org/privkey.pem;
ssl_trusted_certificate
/etc/private/live/git.guix.redscript.org/chain.pem;
location / {
return 302 https://codeberg.org$request_uri;
}
}
---
Ludo’.
Thanks,
Ahmad
