[Bf-committers] SSL for developer.blender.org

Dan McGrath danmcgrath.ca at gmail.com
Thu Dec 26 19:36:23 CET 2013


Ok, the (non EV yet) SSL cert has been installed and configured on
https://git.blender.org which, although isn't forcing https (yet?) when
browsing using gitweb, can be used to securely clone from using:

  git clone https://git.blender.org/blender.git
  cd blender
  git submodule update --init --recursive
  git submodule foreach git checkout master
  git submodule foreach git pull --rebase origin master

There is a command to change the origin to be HTTPS instead of HTTP that
doesn't require a new clone, but since I don't know this off the top of my
head, here is what a fresh .git/config file looks like after doing all of
the submodule checkouts and everything:

repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
fetch = +refs/heads/*:refs/remotes/origin/*
url = https://git.blender.org/blender.git
[branch "master"]
remote = origin
merge = refs/heads/master
[submodule "release/datafiles/locale"]
url = https://git.blender.org/blender-translations.git
[submodule "release/scripts/addons"]
url = https://git.blender.org/blender-addons.git
[submodule "release/scripts/addons_contrib"]
url = https://git.blender.org/blender-addons-contrib.git
[submodule "scons"]
url = https://git.blender.org/scons.git

Note that devs with commit access are probably pushing via ssh+git, which
is already cryptographically secure, in which case you can probably figure
out what to change on your own if you use alternate push/pull paths, etc..

As for the docboard, you may want to update any of the wiki instructions to
recommend HTTPS over HTTP, but I leave this for you to figure out.


On Thu, Dec 26, 2013 at 10:56 AM, Dan McGrath <danmcgrath.ca at gmail.com>wrote:

> Ok, the new EV SSL cert is active now on developer.blender.org and should
> always show up as a big green bar with the foundation's name in it followed
> by the ISO country code. If it doesn't, someone is wrong! ;)
> On Tue, Dec 24, 2013 at 10:49 AM, Dan McGrath <danmcgrath.ca at gmail.com>wrote:
>> Seasons greetings!
>> Just a heads up that RoosenSanta grabbed us a shiny new SSL certificate
>> from Comodo today for Developer (and Git, which isn't setup yet). I enabled
>> forced SSL in Phabricator now which seems to work fine (thx to Sergey for
>> doing the httpd setup).
>> Just a heads up though that we got a free EV (extended validation) cert,
>> but got a temporary cert (unless we choose to ignore EV) until all the
>> paper work (ugh, Fax!) is filled out and submitted, so you can probably
>> expect the cert to change in the coming days once more.
>> Note to the devs that the .arcconfig file probably needs updating to
>> HTTPS, although I would expect it to redirect, but not sure how test this.
>> Finally, users may or may not want to change their password on
>> Phabricator after the move to SSL. Also, merry Christmas and HNY! :D
>> Dan

More information about the Bf-committers mailing list