Can this be rather True/False?

Can you assume some defaults? I.e., get('REPO_NO_SSL', False)

It's weird to have True/False here, and 1/0 three lines above. Otherwise I don't mind.

The defaults come from config.py, but I can adjust it here as you propose.

PTAL

+1

Hello, why you are not using already present ENFORCE_PROTOCOL_FOR_BACKEND_URL?

I don't want to disable ssl globally for backend, that would be overkill since the infrastructure is perfectly OK to run on SSL.

E.g. urls for build chroots on a build detail are generated like this:

@property
def result_dir_url(self):
    return urljoin(app.config["BACKEND_BASE_URL"], os.path.join(
        "results", self.build.copr.full_name, self.name, self.result_dir, ""))

so there is no url fixing.

fix_protocol_for_backend (the function using the ENFORCE_ thing) is used for only for yum repo url generation, which should be what you need.

If you want to introduce REPO_NO_SSL as a replacement for ENFORCE_PROTOCOL_FOR_BACKEND_URL, I am fine with that as REPO_NO_SSL is probably a better name.

I thought that ENFORCE_PROTOCOL_FOR_BACKEND_URL has more global effect, lemme check.

See get_yum_repos in API, and fix_protocol_for_backend.

IOW, I don't really want to (even accidentally in future) make the copr infrastructure to communicate over http:// (e.g. rpmbulid <=> backend <=> distgit <=> frontend needs to be fully over SSL). I only want to affect the *.repo file contents.

Voting says +1 so far, so I could probably merge. I'd do it tomorrow, please suggest
a change or speak up.

if REPO_NO_SSL is False then use http? I would say the semantic should be opposite. Do that if it is true. Right?

If app.config.get('REPO_NO_SSL') returns True then it is replaced. False is only the default.

No more changes requested, merging.