[sword-devel] HTTPS Transport

Tobias Klein contact at tklein.info
Sun Jan 21 11:44:12 EST 2024


Hi Troy,

I have just done some testing with the latest changes in sword (SVN Rev. 
3894).

I have not observed any issues on Linux. However, on Windows 10 the 
following happens:

Repository data does not seem to be returned in the same way as before 
(I was previously on SVN Rev. 3873, which is from November 7 2021).
E.g. a helper function in node-sword-interface that returns the number 
of modules per repository suddenly returns 0 modules for the CrossWire 
repository.

Is there any explanation for that?
I did not change anything in node-sword-interface, but only updated the 
sword dependency to the latest version 3894.

Best regards,
Tobias

On 12/16/23 11:11 PM, Troy A. Griffitts wrote:
> Hey guys,
>
> For a while now, we've been working on a new mechanism for allowing a 
> remote module installation repository to use only HTTPS traffic to 
> supply their modules, if they wish.  A little history and how things 
> work in the released SWORD engine and what we have in SVN trunk now... 
> (skip to === NEW === if you don't care about the history and why)
>
> From the beginning of SWORD we have had as a core value the simple 
> enabling of Bible distribution.  The very first versions of our 
> installer could use as an installation source any working installation 
> of a SWORD library.  E.g., user 1 sets up Xiphos and manually unzips 
> 100 Bibles, commentaries, lexicons, dictionaries, etc. for use with 
> Xiphos.  User 1 can then share (network drive, USB stick, FTP) their 
> installation folder where they have unzipped all the data for their 
> library, and user 2 can come along and install Bibletime or Xiphos or 
> any other SWORD application and point their installer to this shared 
> location and install from there any Bible, commentary, lexicon, 
> dictionary, etc., from user 1's working installation.  Then user 2 can 
> travel to their school in Zimbabwe, plug into their school's network 
> and share their data folder from their working SWORD application and 
> students on that network can install Bibles from them.
>
> None of this has changed.  This is still a core value and still works 
> with all the same mechanisms.
>
> Over the years, we have added on top of this behavior optional 
> optimizations for remote repositories.  For example, instead of 
> looking for the mods.d/ folder and downloading individually all the 
> .conf files found there to present to a user a list of which Bibles, 
> commentaries, etc. are available, we first look for a mods.d.tar.gz 
> file with all the .conf files bundled into a single download.  This 
> saves a lot of time working with large remote repositories.  If we 
> don't find this file, we still fallback to downloading the individual 
> files.  We don't want a failure to happen when passing along Bibles if 
> this optimization is not in place, but we do want to speed things up 
> if the manager of the remote repository knows how to manage their 
> repository optimally and is willing to do this extra work to keep this 
> file in place and up to date.
>
> Over the years, the FTP protocol, which SWORD has primarily used for 
> remote module installation over the internet, has seen data providers 
> block traffic due to its unencrypted nature.  Being Bible 
> distributors, in most cases we don't care if anyone snoops on our data 
> packets.  Generally, again in most cases, we WANT people to snoop.  We 
> don't require user / password for distribution so the security issues 
> involved in sending those in plain text don't apply to our 
> applications, generally.  Now, of course there are scenarios which 
> people may wish to distribute Bibles without public knowledge, and 
> sometimes users may wish to protect their modules with username / 
> password credentials, and for this we have historically also supported 
> SFTP.
>
> One driving factor for the latest improvement described below is that 
> we have found some mobile data providers blocking FTP traffic on their 
> network, requiring our users to get to a WiFi connection before they 
> can install Bibles, etc.
>
>
> === NEW ===
>
> In SVN trunk there is code to handle a new facility for remote module 
> installation.  Like the optional optimization with the mods.d.tar.gz 
> file, this new mechanism is optional.  All will work as before if 
> nothing is changed.
>
> Fully enabling the new mechanism consists of 4 steps:
>
> 1. assuring https access to the root folder of your module repository.
>
> 2. mods.d.tar.gz is required for this mechanism to be successful.
>
> 3. module.zip files must be available from a packages/ folder at the 
> root of your module repository folder.  These .zip files have been 
> historically required for JSword-based apps because JSword does not 
> yet know how to install from an working installation of modules, as 
> described at the beginning of this email.  So because many of our 
> repository maintainers support JSword, this step might be as simple as 
> creating a packages/ -> symbolic link to your JSword .zip module files 
> folder, if you are already maintaining zip files.
>
> 4. adding an HTTPSPackagePreference entry into our master repository 
> list telling us the server, and path on that server, to find your 
> repository with https
>
>
> The main CrossWire repository now has this mechanism enabled and can 
> be used as a reference to test frontends and can be used as an example 
> for remote module installation repository maintainers.
>
> For CrossWire main, #1 is available here, and at the root of this 
> location you can also see #2 mods.d.tar.gz and #3 packages/ :
>
> https://crosswire.org/ftpmirror/pub/sword/raw/
>
> Step 4 can be seen in our master repo list, the first entry under 
> [Repos] here:
>
> https://crosswire.org/ftpmirror/pub/sword/masterRepoList.conf
>
>
> Any SWORD app compiled against SVN trunk should now only use HTTPS 
> when installing modules from CrossWire main.
>
> May I ask to please test and give feedback?  Thank you for all the 
> advice and encouragement to add this functionality.  I pray this 
> enhances our ability to distribute more Bibles to those who have yet 
> to hear the Good New of Jesus Christ and to be used by Him to build up 
> His church,
>
> Troy
>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page


More information about the sword-devel mailing list