Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flutter Maven repository should support HTTPS #47452

Closed
GerritKopp opened this issue Dec 19, 2019 · 9 comments · Fixed by #52042
Closed

Flutter Maven repository should support HTTPS #47452

GerritKopp opened this issue Dec 19, 2019 · 9 comments · Fixed by #52042
Labels
a: existing-apps Integration with existing apps via the add-to-app flow platform-android Android applications specifically t: gradle "flutter build" and "flutter run" on Android tool Affects the "flutter" command-line tool. See also t: labels.
Projects
Add-to-app - Android tool review Tools - Gradle review

Comments

@GerritKopp
Copy link

The Flutter Maven repository (download.flutter.io) can't be accessed via HTTPS because of a certificate error (wrong host). In my opinion you should be able to download the artifacts via HTTPS for security reasons. Is the repository available via another URL or can the certificate error be fixed?
@janmoppel janmoppel added the c: new feature Nothing broken; request for a new capability label Dec 19, 2019
@dnfield dnfield added d: website - infra platform-android Android applications specifically and removed c: new feature Nothing broken; request for a new capability labels Dec 19, 2019
@dnfield
Copy link
Contributor

dnfield commented Dec 19, 2019

@blasten @kf6gpe - we need to fix the certificate attached to download.flutter.io/download.flutter.dev. Looks like it's using the one for *.storage.googleapis.com, which triggers a bunch of warnings/errors over HTTPS.

@xster xster added t: gradle "flutter build" and "flutter run" on Android a: existing-apps Integration with existing apps via the add-to-app flow labels Dec 19, 2019
@xster xster added this to the Near-term Goals milestone Dec 19, 2019
@blasten
Copy link

blasten commented Dec 23, 2019

+1. GCP storage only supports CNAME entries for custom domains, which doesn't allow HTTPS.
https://cloud.google.com/storage/docs/troubleshooting#https

If we think this is critical, then we might either need to migrate to Firebase hosting as suggested in the GCP storage doc or drop the custom domain and use https://storage.googleapis.com/download.flutter.io directly.

@dnfield
Copy link
Contributor

dnfield commented Dec 23, 2019

Would the setting up a load balancer option work out for us?

I think we should probably avoid firebase hosting for this - it will become tedious as we add more and more files (AFAIK it requires a complete local copy of your static assets to compare/upload - there's no way to just say "add these new assets").

If a load balancer doesn't work, I'd vote for just using the storage.googleapis.com domain directly. Will that have any negative impact on Chinese customers though?

@jmagman jmagman added the tool Affects the "flutter" command-line tool. See also t: labels. label Jan 3, 2020
@xster xster added this to To do in Add-to-app 2020Q1 via automation Jan 8, 2020
@xster xster removed this from To do in Add-to-app 2020Q1 Jan 8, 2020
@jmagman jmagman added this to Engineer reviewed in Add-to-app - Android tool review Jan 9, 2020
@jmagman jmagman added this to Awaiting triage in Tools - Gradle review Jan 10, 2020
@nvi9 nvi9 mentioned this issue Jan 31, 2020
Closed
@skyred
Copy link

skyred commented Feb 2, 2020

any negative impact on Chinese customers though

Cannot speak for the future, but currently https://storage.googleapis.com/download.flutter.io works in China.

@dnfield
Copy link
Contributor

dnfield commented Feb 2, 2020

@blasten what would it take to just use storage.googleapis directly?

@blasten
Copy link

blasten commented Feb 4, 2020

very easily.

flutter/packages/flutter_tools/gradle/resolve_dependencies.gradle

Line 21 in 449f4a6

url "http://download.flutter.io"
and

flutter/packages/flutter_tools/gradle/flutter.gradle

Line 44 in 2042c7d

private static final String MAVEN_REPO = "http://download.flutter.io";

@aquilarafa aquilarafa mentioned this issue Feb 18, 2020
Closed
@jonahwilliams jonahwilliams moved this from Awaiting triage to Engineer reviewed in Tools - Gradle review Feb 28, 2020
@TahaTesser TahaTesser mentioned this issue Mar 4, 2020
Closed
@jmagman jmagman mentioned this issue Mar 5, 2020
Closed
@jmagman
Copy link
Member

jmagman commented Mar 5, 2020

Need to update docs as well https://flutter.dev/docs/development/add-to-app/android/project-setup#option-a---depend-on-the-android-archive-aar

@jmagman jmagman mentioned this issue Mar 5, 2020
Merged
10 tasks
@jmagman
Copy link
Member

jmagman commented Mar 5, 2020

Docs and sample updated.
flutter/website#3768
flutter/samples#355

@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
a: existing-apps Integration with existing apps via the add-to-app flow platform-android Android applications specifically t: gradle "flutter build" and "flutter run" on Android tool Affects the "flutter" command-line tool. See also t: labels.
Projects
Tools - Gradle review
  
Engineer reviewed
Add-to-app - Android tool review
  
Engineer reviewed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Maven URL to https jmagman/flutter
7 participants
@xster @skyred @jmagman @blasten @GerritKopp @dnfield @janmoppel