#76296 - [PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.

GNU bug report logs - #76296
[PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Fri, 14 Feb 2025 23:16:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Message #47 received at 76296 <at> debbugs.gnu.org (full text, mbox):

From: Ahmad Draidi <a.r.draidi <at> redscript.org> To: Ludovic Courtès <ludo <at> gnu.org>, Ricardo Wurmus <rekado <at> elephly.net> Cc: guix-devel <at> gnu.org, 76296 <at> debbugs.gnu.org, Noé Lopez <noelopez <at> free.fr>, guix-sysadmin <at> gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: Re: [bug#76296] [PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah. Date: Sun, 18 May 2025 20:45:30 +0400

Greetings, On 5/14/25 13:52, Ludovic Courtès wrote: > Hi, > > Ricardo Wurmus <rekado <at> elephly.net> writes: > >> Noé Lopez <noelopez <at> free.fr> writes: >> >>> I guess its for style points, which I’m all for. I do think it would >>> be >>> better to set the URL to git.guix.gnu.org/guix/guix.git and just a >>> DNS >>> redirect to codeberg to avoid the extra connection. >> I second this. I guess this would make switching, in case of disasters, seamless for the user, which is probably something we want. The URL doesn't change. On Guix project's side, it's a relatively quick change. The extra load is probably negligible also. No need to proxy the connections. >> >> I think a DNS level redirect would be sufficient. I'd prefer not to >> loop in bayfront for every git connection. > As I suggested in <https://issues.guix.gnu.org/76296>, I don’t think > that’s possible: the X.509 certificate that codeberg.org serves is for > codeberg.org, not for git.guix.gnu.org, so TLS libraries would report a > host name mismatch. I did some testing on a test domain. I configured both DNS redirect (git-dns.guix.redscript.org) and HTTP 302 redirect (git.guix.redscript.org) to codeberg.org. As Ludo mentioned before, DNS redirect doesn't work. HTTP 302 redirect seems to work well with both "guix pull" and "git clone". The configuration is still in place. Feel free to test. Commands, config and output below. HTTP 302 redirect tests: --- user <at> pc ~> guix pull --url=https://git.guix.redscript.org/guix/guix-mirror.git Updating channel 'nonguix' from Git repository at 'https://gitlab.com/nonguix/nonguix'... Updating channel 'guix' from Git repository at 'https://git.guix.redscript.org/guix/guix-mirror.git'... guix pull: warning: pulled channel 'guix' from a mirror of https://git.savannah.gnu.org/git/guix.git, which might be stale Building from these channels: nonguix https://gitlab.com/nonguix/nonguix 3f530e5 guix https://git.guix.redscript.org/guix/guix-mirror.git 17c34fe [...] --- --- user <at> pc ~> guix describe [...] guix 17c34fe repository URL: https://git.guix.redscript.org/guix/guix-mirror.git branch: master commit: 17c34fe73ddef7411ac91ff2e568aa0b8d7761cb --- --- user <at> pc ~/git> git clone https://git.guix.redscript.org/guix/guix-mirror.git Cloning into 'guix-mirror'... warning: redirecting to https://codeberg.org/guix/guix-mirror.git/ remote: Enumerating objects: 898744, done. [...] Updating files: 100% (3145/3145), done. --- DNS redirect tests: --- user <at> pc ~> guix pull --url=https://git-dns.guix.redscript.org/guix/guix-mirror.git Updating channel 'nonguix' from Git repository at 'https://gitlab.com/nonguix/nonguix'... Updating channel 'guix' from Git repository at 'https://git-dns.guix.redscript.org/guix/guix-mirror.git'... guix pull: error: Git error: SSL error: error:0A000438:SSL routines::tlsv1 alert internal error --- --- user <at> pc ~/git> git clone https://git-dns.guix.redscript.org/guix/guix-mirror.git Cloning into 'guix-mirror'... fatal: unable to access 'https://git-dns.guix.redscript.org/guix/guix-mirror.git/': gnutls_handshake() failed: Internal error --- The DNS entries I used: --- git.guix.redscript.org 60 IN A 181.214.58.244 git-dns.guix.redscript.org 60 IN CNAME codeberg.org --- NGINX config I used (some minor personal stuff removed): --- server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name git.guix.redscript.org; ssl_certificate /etc/private/live/git.guix.redscript.org/fullchain.pem; ssl_certificate_key /etc/private/live/git.guix.redscript.org/privkey.pem; ssl_trusted_certificate /etc/private/live/git.guix.redscript.org/chain.pem; location / { return 302 https://codeberg.org$request_uri; } } --- > Ludo’. > > > Thanks, Ahmad

This bug report was last modified today.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #76296 [PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.

GNU bug report logs - #76296
[PATCH maintenance] hydra: bayfront: Set up ‘git.guix.gnu.org’ as a redirect to Savannah.