When changing machine and forgetting to back up ~/.config/gokrazy, you can end up in a locked state if you have SSL enabled.
Basically, running gok update --insecure will give, as the instance has TLS enabled:
2024/06/03 00:17:18 updating root file system: unexpected HTTP status code: got 400 Bad Request, want 200 (body "expected a PUT request\n")
On the other hand, not using the insecure flag will fail at certificate verification:
2024/06/03 00:07:36 checking target partuuid support: Get "https://gokrazy:***@rpi-gokrazy/update/features": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "gokrazy")
If TLS is enabled, GetRemoteScheme gets already the correct scheme, so we should still set it, regardless of the insecure flag, so we can query the correct endpoint (without cert verification).
When changing machine and forgetting to back up
~/.config/gokrazy, you can end up in a locked state if you have SSL enabled.Basically, running
gok update --insecurewill give, as the instance has TLS enabled:2024/06/03 00:17:18 updating root file system: unexpected HTTP status code: got 400 Bad Request, want 200 (body "expected a PUT request\n")On the other hand, not using the insecure flag will fail at certificate verification:
2024/06/03 00:07:36 checking target partuuid support: Get "https://gokrazy:***@rpi-gokrazy/update/features": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "gokrazy")If TLS is enabled,
GetRemoteSchemegets already the correct scheme, so we should still set it, regardless of the insecure flag, so we can query the correct endpoint (without cert verification).