Delta generator does not support SSL

[btkostner]

Setting up the elementary flatpak repository with flat-manager I came across an error with publishing.

Our Setup

We have a simple server running flat-manager. It is setup with very similar ansible playbooks. We then have delta generator running on another server also setup from the ansible playbooks.

The flatpak repository itself is published with nginx with regular http and https enabled (both work, no redirects).

The relevant flat-manager config looks like this:

{
  "repos": {
    "elementary": {
      "path": "/mnt/flatpak_elementary_io/repository/repo",
      "base-url": "https://flatpak.elementary.io/repo",
      "collection-id": "io.elementary",
      "suggested-repo-name": "elementary",
      "runtime-repo-url": "https://flatpak.elementary.io/repo.flatpakrepo",
      "subsets": {},
      "deltas": [
        { "id": ["*.Platform", "*.Sdk", "*.Platform.Compat.*" ], "depth": 3},
        { "id": ["*.Sdk.Locale", "*.Platform.Locale"], "depth": 2},
        { "id": ["*.Locale"], "depth": 0},
        { "id": ["*.Sdk.Debug", "*.Platform.Compat.Debug"], "depth": 2},
        { "id": ["*.Debug"], "arch": ["x86_64"], "depth": 2},
        { "id": ["*.Debug"], "depth": 0},
        { "id": ["*.Sources"], "depth": 0},
        { "id": ["*"], "arch": ["x86_64"], "depth": 2},
        { "id": ["*"], "depth": 1}
      ],
      "appstream-delta-depth": 5
    }
  }
}

Console log

When flat-manager runs a publish job, it gets assigned to the delta generator worker successfully, but then errors out pretty fast with this:

Apr 27 05:23:54 flatpak-delta delta-generator-client[34803]:  WARN 2021-04-27T05:23:54Z: flatmanager::ostree: Pull error, retrying commit 0c8541999d2800ce48fb5579bfcc6f92e60da12f55e20a4bf5e40c5517913635: Command ostree pull exited unsucessfully with stderr: error: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta delta-generator-client[34803]:  INFO 2021-04-27T05:23:54Z: flatmanager::ostree: Pulling commit 0c8541999d2800ce48fb5579bfcc6f92e60da12f55e20a4bf5e40c5517913635
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/7f/bd8d6aed46d8ef91f40a881c37e92e11f89526d0df1f7ab2a47f1e7db2366f.filez>: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/3e/36eb4b4105a5f323a1a913f5deaa066ef5cf47239958aa955b153e7a065e2c.filez>: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/1f/330e24596aa43c10d6a388da8674d78724e391026e8e8db56153974d5b8fa1.filez>: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/67/c7f1829adec5cc1dc0e95be1441b53034f643a15913b9c8a58d13a6704587c.filez>: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/db/3bacca2f45754090bb7fb4485edf9cdef0479773f687a5d403655d3d959b88.filez>: Server returned status 403: Forbidden
Apr 27 05:23:54 flatpak-delta ostree[35688]: libostree HTTP error from remote upstream for <https://flatpak.elementary.io/repo/objects/cf/8a7355154f5a9655a94efc443a5c5375346fd264b5b1204d97ff4b152f1a2a.filez>: Server returned status 403: Forbidden

All of those files do exist, and from what I can tell, it seems the http client used for delta generator is trying to access https://flatpak.elementary.io without ssl configured / enabled, and therefor getting an error.

As a sanity check, this is from the delta-generator server:

root@flatpak-delta:/home/btkostner# curl https://flatpak.elementary.io/repo/config
[core]
repo_version=1
mode=archive-z2
indexed-deltas=true