.appveyor.yml

@@ -53,7 +53,10 @@ artifacts:
 install:
   - curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
   # Bootstrap ICF-like system installation
+  - sudo hostname data.inm-icf.de
   - sudo .appveyor/install_apt_pkgs
+  - .appveyor/apache_enable_ssl
+  - .appveyor/apache_enable_user_dir
   # build the singularity image, unless we got it from the cache
   - sh: "[ ! -f icf.sif ] && singularity build --fakeroot icf.sif singularity/icf.def || true"
   # install image as `icf-utils` (mounting the ICF /data store on-run)
@@ -124,7 +127,6 @@ build_script:
   - git config --global user.email "test@appveyor.land"
   - git config --global user.name "Appveyor Almighty"
 
-
 before_test:
   # simple call to see if datalad and git-annex are installed properly
   - icf-utils datalad wtf
@@ -139,12 +141,6 @@ test_script:
         curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
       fi
   - icf-utils python3 -m pytest -s -v ../tests
-  - sh:
-      if [ X"$ACTIVATE_SSH_LOGIN" == "Xpost-tests" ]; then
-        curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -;
-        touch $HOME/build.lock;
-        while [ -e $HOME/build.lock ]; do sleep 5; done;
-      fi;
 
 
 on_finish:

.appveyor/apache_enable_ssl

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e -u
+
+sudo cp .appveyor/data/ssl-cert-snakeoil.crt /etc/ssl/certs/ssl-cert-snakeoil.pem
+sudo cp .appveyor/data/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key
+sudo cp .appveyor/data/INM-ICF-TestCA.crt /usr/local/share/ca-certificates/
+
+sudo /sbin/dpkg-reconfigure ca-certificates
+
+sudo a2enmod ssl
+sudo systemctl restart apache2
+
+sudo a2ensite default-ssl
+sudo systemctl reload apache2
+
+echo "ServerName data.inm-icf.de" | sudo tee -a /etc/apache2/httpd.conf

.appveyor/apache_enable_user_dir

@@ -2,11 +2,6 @@
 
 set -e -u
 
-pushd /etc/apache2/mods-enabled
+sudo a2enmod userdir
+sudo systemctl restart apache2
 
-sudo ln -s ../mods-available/userdir.load
-sudo ln -s ../mods-available/userdir.conf
-
-popd
-
-sudo apachectl restart

.appveyor/data/INM-ICF-TestCA.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIETzCCAzegAwIBAgIUfWwiVV14nSabbj0QEJZYVBgXTfEwDQYJKoZIhvcNAQEL
+BQAwgbYxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB0NvbG9n
+bmUxIjAgBgNVBAoMGUNocmlzdGlhbiBNb2VuY2ggU29mdHdhcmUxFDASBgNVBAsM
+C0RldmVsb3BtZW50MSUwIwYDVQQDDBxDaHJpc3RpYW4gTW9lbmNoIERldmVsb3Bt
+ZW50MSYwJAYJKoZIhvcNAQkBFhdjaHJpc3RpYW4ubW9lbmNoQHdlYi5kZTAeFw0y
+MzA1MzEwNjMyMzlaFw0yNDA1MzAwNjMyMzlaMIG2MQswCQYDVQQGEwJERTEMMAoG
+A1UECAwDTlJXMRAwDgYDVQQHDAdDb2xvZ25lMSIwIAYDVQQKDBlDaHJpc3RpYW4g
+TW9lbmNoIFNvZnR3YXJlMRQwEgYDVQQLDAtEZXZlbG9wbWVudDElMCMGA1UEAwwc
+Q2hyaXN0aWFuIE1vZW5jaCBEZXZlbG9wbWVudDEmMCQGCSqGSIb3DQEJARYXY2hy
+aXN0aWFuLm1vZW5jaEB3ZWIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCmeRbS/hi0qlsnbegcdwJlmH/fowvdFncjSxg1Va1hIu6CinrxoYHdUW4T
+dElUVOLom0gGy4jgoTNwYn/CqtLpEO/goVPNO7RVU5ALJ1YEq4D9J0w/99s+4x8y
+ik0bbvOAT7Dk9pIzN2xp/2HAjy+m4esF+pWY9G1fxKyXMLPZwh51AFmP/+s0JVRI
+0qSAPa5QD3Z+1LGc8AlQHo/NUXP+u3LKcqqZ+G7S86cXFpaDCm2Ug19V8VsDZqpd
+lNTiGw9STxe8jQ4rOO1+AmqucjIvxhpdhgIxNkMq84e4kHk4pwI2NgYCG30OTQ6L
+Ygjg28g1WZ8StLEpAkwzEfvyovIlAgMBAAGjUzBRMB0GA1UdDgQWBBRnWujBTlSd
+fg5Omr684f56dS7gpzAfBgNVHSMEGDAWgBRnWujBTlSdfg5Omr684f56dS7gpzAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPdVr0mA+55Z9VS+ki
+uDGx5a5l9nMhWlFIePxhil8Vvkv7feIDrl6xBUVrAIljdoj0+NdzSqg1n+edG/YA
+jyXd+VECoN8+uhdnZNfYI2Hc6rKQsi78Gc8vqHyJQ+3TVMx5ZhIBJG0+tpsoTMRf
+6FG1nD1g56hzS2SW2vMnEUGmIXv8j/jW7nrLKpPWoih5fIatBQh48R0ZW5OXIg9N
+M3dHyXU2uXE1J7wQXmF6wd2lhxdcRzRdLKA/U+Vc3W69G6CxQlpulCI25D0pjs1J
+fiXcgxFyTh48SyL4CaPvXV/hkgnu3OM8U8dAIM/8fA9FLT1DHz/KhhtQRPvEKnWr
+wFUZ
+-----END CERTIFICATE-----

.appveyor/data/ssl-cert-snakeoil.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYDCCA0igAwIBAgIUYIUlxtOdFy8jNrjeZxYjJjj+swEwDQYJKoZIhvcNAQEL
+BQAwgbYxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB0NvbG9n
+bmUxIjAgBgNVBAoMGUNocmlzdGlhbiBNb2VuY2ggU29mdHdhcmUxFDASBgNVBAsM
+C0RldmVsb3BtZW50MSUwIwYDVQQDDBxDaHJpc3RpYW4gTW9lbmNoIERldmVsb3Bt
+ZW50MSYwJAYJKoZIhvcNAQkBFhdjaHJpc3RpYW4ubW9lbmNoQHdlYi5kZTAeFw0y
+MzA1MzExMDUxNDZaFw0zMzA1MjgxMDUxNDZaMIGNMQswCQYDVQQGEwJERTEeMBwG
+A1UECAwVTm9ydGggUmhpbmUgV2VzdGZhbGlhMRAwDgYDVQQHDAdKdWVsaWNoMSAw
+HgYDVQQKDBdSZXNlYXJjaCBDZW50ZXIgSnVlbGljaDEQMA4GA1UECwwHSU5NLUlD
+RjEYMBYGA1UEAwwPZGF0YS5pbm0taWNmLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAyU/rVULEz05xVwQfnpK33OX17ponuMWhKYldsenSkKb3gBjp
+L0h8yQBKgqjepO8qcLi2rOa9PIpDu67NsSuT4YWLobVi3l5z+2UU3g8c4SYxLvKU
+9DTidFBBYVd/GfXZq9plsxMTfAfAXqt++w64/P8/ofILQa56KEjt0Nrn09AwaSBW
+f74XOaHMLdXxFyV2YcpDv3sq7/dIn+DOaaY7b5CNuG63U6eRJglSmgsj4J23dyGh
+rzjjLym3wULV8CRZDV400/uZ5+BN0VNEWK8eHO12VASviS+ZLrS1ULwXeJEvNEMt
+FN1klL9b2YLag6WbP6CFx8ziq5ojWfJB13oWmQIDAQABo4GMMIGJMAsGA1UdDwQE
+AwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREEHjAcgg9kYXRhLmlubS1p
+Y2YuZGWCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUiBt9XUKo2wqJBEq7kba8QfTTnrcw
+HwYDVR0jBBgwFoAUZ1rowU5UnX4OTpq+vOH+enUu4KcwDQYJKoZIhvcNAQELBQAD
+ggEBABNImL63Hexh9PHUeLCDGMsmswame1ejVy0OXcAtoKfLPHgxaSvvVf2FOHfn
+pRsnkhmI1QPf2KWdDY50IMR66rTty+9ovrBR1HAg+r2aoHNAYuiL2gENQnWZ4Rzt
+Kl1E/M1WxD5QRxJoly0zhymxEis8aNs7xBLIXTfV30BhuE5uvgnY369eApNlguZE
+UqLZPiN36KHl+agvOEXlKd/ZfQqcUzO2P2/rgHuSNFe2IRvolz1fkXJ57sbEU9X/
+nm8p7TAff3He1w0K0EzMhpxpyiwTeDvDq4+I+vvR7HJwpQ0doNkQDLxK+ClK25jA
+TEwqIKrzt44ueFqeqvLl1OyCi7M=
+-----END CERTIFICATE-----

.appveyor/data/ssl-cert-snakeoil.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJT+tVQsTPTnFX
+BB+ekrfc5fXumie4xaEpiV2x6dKQpveAGOkvSHzJAEqCqN6k7ypwuLas5r08ikO7
+rs2xK5PhhYuhtWLeXnP7ZRTeDxzhJjEu8pT0NOJ0UEFhV38Z9dmr2mWzExN8B8Be
+q377Drj8/z+h8gtBrnooSO3Q2ufT0DBpIFZ/vhc5ocwt1fEXJXZhykO/eyrv90if
+4M5ppjtvkI24brdTp5EmCVKaCyPgnbd3IaGvOOMvKbfBQtXwJFkNXjTT+5nn4E3R
+U0RYrx4c7XZUBK+JL5kutLVQvBd4kS80Qy0U3WSUv1vZgtqDpZs/oIXHzOKrmiNZ
+8kHXehaZAgMBAAECggEAFWpt+LqjBQI9arI+ul/1lRd2IZlO5ThKACkTuXnsS3Tl
+ssADq4LounnQU2TLVay3PTlbPprH0h1L3hcXHPRLtbO/IldxYoJWEI4E6ageLIID
+fLD0AWQwXIsOn4A/Plfh/Ycc509d1OWetHuGRUdATPLK9kuRYL4C0w8KFJw7ChRk
+3FtfZiQs2JYRR1qVSFIiJpMQ1QtvxRIKv9y7868DGgIKABWzgmFH+JI/JH9MI0sl
+u3xHk34LRZ0dXttKpVn3Xivftj+F5HqzRIM6IKBZgVvgutIQyDudhQg9LDXWAX6x
+Qa3I0ie8t0in2/qNgV3R4DoI/rMR1U86Jlvk81DMYQKBgQDQInH+n0hQGwkWk4Zo
+d9M9LveN9+porOa3nHIkzSAW5N40saE1TTs2czBUZG5QRFdV9M2lEStxZk0HRtyK
+eGi8JszVD6N+IjaYAZr2QyaNoMTXHq51bKRY7uC9sO05Gwvpib+mxXmNF1vIRXiJ
+z+2yeVE2wYLc/hJH73jdu5q2OQKBgQD3m9Gy5eMdEtcnqfea6XNfXWZjUrTpLw4h
+mjgjGoykBSUHqqUA4auyBGNKrUgqhCwW07hEwpoRgZzzTsRU+1o55Y3Ge9kE3S6/
+aQIN814HooxNK8BjDSYRM8wxlkUfjo5a/aFV+yLfTjpp8qQH07iGTBpqg4yGCueg
+UEc2YHtjYQKBgQCJ3BbnkXdjX9TwOD0R2zR21TIxveFs/gE/4wcT6y5zG5s3CeT+
+mi47TabYb0FGN04l6CWCTVIaJamlxUD1EvZEkeqgwWAIfv7sRjvvG+Fgc/mNh4wE
+yTY+ldMUsike5xRH1u6ztx9g3fT0PVeu6KPH0GWDwD8+w6c2MJ89NzMtuQKBgQC/
++bOwPMTFueHPAtzS4sVs3wGPaISTdsRCEUwNC3yXftWjCA8+i7mPIA/LymX1cNyu
+JiDsTuUdRZzml99o9CiUUwKFLWipeMPR7ByHrHTu/nxBKPbU1VD6bWqX16ZoPSLq
+MVNxUnFLKV/o3ROIbgLXPRIOG0hMdQ/5H8TWyB9igQKBgQDLH8j/D2MJMykI9Blg
+7fZfwWSLSsssUI2kyd9t2kgBNrGvzkQnDGeYLOOTiZji+R4DeXLqPWx2G9Shncn1
+7jd5EBgwZIOwCmH3icUkiJILjeqHhINtpWkga6U4AlUZ2yzc6JNDjgW7MajDNHb+
+YUE3ua78lQKCXPSTFdYymtWpuA==
+-----END PRIVATE KEY-----

.appveyor/install_apt_pkgs

@@ -4,6 +4,7 @@ set -e -u
 
 apt-get update -qq
 eatmydata apt-get -y install apache2
+eatmydata apt-get install ca-certificates
 # deploy singularity v2, matching the ICF deployment
 # only download when not already cached
 [ ! -f singularity-container_3.8.7_amd64.deb ] && wget https://github.com/apptainer/singularity/releases/download/v3.8.7/singularity-container_3.8.7_amd64.deb || true

singularity/icf.def

@@ -21,9 +21,14 @@ From: debian:bookworm-slim
     # into the final image, move
     mv $(cut -d = -f 2 < /tmp/dlinstaller_env.sh | cut -d : -f 1) /git-annex
     # the inm-icf-utilities
-    git clone https://github.com/psychoinformatics-de/inm-icf-utilities.git /inm-icf-utils
+    # TODO: replace the git clone command below with:
+    # TODO:   "git clone https://github.com/psychoinformatics-de/inm-icf-utilities.git /inm-icf-utils"
+    # TODO:   once the certificates are merged into main
+    git clone -b enh-ci-https https://github.com/christian-monch/inm-icf-utilities.git /inm-icf-utils
     # and the inm-icf-utilities dependencies
     python3 -m pip install --break-system-packages -r /inm-icf-utils/requirements-devel.txt
+    # add the test CA to certifi to allow 'requests' to work with the ssl-server
+    cat /inm-icf-utils/.appveyor/data/INM-ICF-TestCA.crt >> $(python3 -c "import certifi; print(certifi.where())")
     # enable "next" extension for patching datalad core, done inside the image, not
     # for a particular user
     git config --system datalad.extensions.load next

tests/fixtures.py

@@ -47,7 +47,7 @@ def test_studies_dir():
 def data_webserver(test_studies_dir, dataaccess_credential):
     """Yields a URL to a webserver providing data access"""
     if os.environ.get('APPVEYOR', None) == 'true':
-        yield 'http://data.inm-icf.de/~appveyor'
+        yield 'https://data.inm-icf.de/~appveyor'
     else:
         server = HTTPPath(
             test_studies_dir,