Enforce https connections for all package installations

to avoid security risks.
See #7006

README.md

@@ -457,10 +457,9 @@ Dock][icon-mac-instructions].
 ## Notes
 
 - Depending on the installed version of GnuTLS, securely installing Emacs
-  packages may fail. It may also fail if you have a bad internet environment.
-  In either case it is possible to install packages using `emacs --insecure`.
-  However be aware that this means your packages will be transferred using HTTP,
-  use at your own risk.
+  packages may fail. If this happens to you please update your OS and Emacs.
+  If you are behind a company proxy please trust the company firewall cert.
+  We do not longer support disabling https due to security reasons.
 
 - (*Windows)* If the following error occurs after starting Emacs:
 

core/core-command-line.el

@@ -25,9 +25,6 @@
   "If non-nil force the current emacs instance to resume layouts
   at start time despite the value of `dotspacemacs-auto-resume-layouts'.")
 
-(defvar spacemacs-insecure nil
-  "If non-nil force Spacemacs to operate without secured protocols.")
-
 (defvar spacemacs-sync-packages t
   "If non-nil packages are synchronized when the configuration layer system is
 loaded.")
@@ -63,8 +60,6 @@ arguments is that we want to process these arguments as soon as possible."
              (setq spacemacs-debug-timer-threshold next-arg-digit
                    i (1+ 1)))
            (setq spacemacs-debugp t))
-          ("--insecure"
-           (setq spacemacs-insecure t))
           ("--no-layer"
            (setq configuration-layer-exclude-all-layers t))
           ("--distribution"

core/core-configuration-layer.el

@@ -471,9 +471,9 @@ Otherwise return the recipe unchanged. PKG is of `cfgl-package' type."
       `(,pkg-name
         :fetcher file
         :path ,(configuration-layer/get-location-directory
-                         (oref pkg :name)
-                         (oref pkg :location)
-                         (car (oref pkg :owners)))))
+                (oref pkg :name)
+                (oref pkg :location)
+                (car (oref pkg :owners)))))
      (t (cons pkg-name (cdr (oref pkg :location)))))))
 
 (defun configuration-layer//package-archive-absolute-path-p (archive)
@@ -506,10 +506,7 @@ The returned list has a `package-archives' compliant format."
              (if (configuration-layer//package-archive-absolute-path-p x)
                  apath
                (concat
-                (if (and dotspacemacs-elpa-https
-                         (not spacemacs-insecure))
-                    "https://"
-                  "http://")
+                "https://"
                 apath)))))
    archives))
 
@@ -864,16 +861,16 @@ a new object."
                      (fboundp init-func))))
     (when min-version
       (oset obj :min-version
-                                 (version-to-list min-version)))
+            (version-to-list min-version)))
     (when step
       (oset obj :step step))
     (when toggle
       (oset obj :toggle toggle))
     (when (and ownerp requires)
       (oset obj :requires requires))
     (oset obj :excluded
-                               (and (configuration-layer/layer-used-p layer-name)
-                                    (or excluded (oref obj :excluded))))
+          (and (configuration-layer/layer-used-p layer-name)
+               (or excluded (oref obj :excluded))))
     (when location
       (if (and (listp location)
                (eq (car location) 'recipe)
@@ -1345,10 +1342,10 @@ PREDICATE is an additional expression that eval to a boolean."
   "Copy and replace special values of TEMPLATE to layer string NAME.
 If LAYER_DIR is nil, the private directory is used."
   (cl-flet ((cl-substitute (old new) (let ((case-fold-search nil))
-                                    (save-excursion
-                                      (goto-char (point-min))
-                                      (while (search-forward old nil t)
-                                        (replace-match new t))))))
+                                       (save-excursion
+                                         (goto-char (point-min))
+                                         (while (search-forward old nil t)
+                                           (replace-match new t))))))
     (let ((src (concat configuration-layer-template-directory
                        (format "%s.template" template)))
           (dest (if layer-dir
@@ -1404,9 +1401,9 @@ Returns nil if the directory is not a category."
 Returns nil if there is no layer named LAYER-NAME."
   (when-let ((lp (configuration-layer/get-layer-path layer-name)))
     (thread-last lp
-      directory-file-name
-      file-name-directory
-      configuration-layer//get-category-from-path)))
+                 directory-file-name
+                 file-name-directory
+                 configuration-layer//get-category-from-path)))
 
 (defun configuration-layer/discover-layers (&optional refresh-index)
   "Initialize `configuration-layer--indexed-layers' with layer directories.
@@ -2190,15 +2187,15 @@ to update."
           (if (string= answer "no")
               (progn (spacemacs-buffer/append "Packages update has been cancelled.\n" t)
                      (user-error "Packages update has been cancelled.\n"))
-        ;; backup the package directory and construct an alist
-        ;; variable to be cached for easy update and rollback
+            ;; backup the package directory and construct an alist
+            ;; variable to be cached for easy update and rollback
             (when (string= answer "some")
               (setq update-packages
                     ;; 'apply nconc on list of lists' is equivalent to 'cl-remove-if nil'
                     (apply #'nconc (mapcar (lambda (pkg)
                                              (when (yes-or-no-p (format "Update package '%s'? " pkg))
                                                (list pkg)))
-                                    update-packages))))
+                                           update-packages))))
             (setq upgrade-count (length update-packages)))))
       (spacemacs-buffer/append
        "--> performing backup of package(s) to update...\n" t)

core/core-dotspacemacs.el

@@ -109,13 +109,6 @@ in emacs 27."
   'integer
   'spacemacs-dotspacemacs-init)
 
-(spacemacs|defc dotspacemacs-elpa-https t
-  "If non nil ELPA repositories are contacted via HTTPS whenever it's
-possible. Set it to nil if you have no way to use HTTPS in your
-environment, otherwise it is strongly recommended to let it set to t."
-  'boolean
-  'spacemacs-dotspacemacs-init)
-
 (spacemacs|defc dotspacemacs-elpa-timeout 5
   "Maximum allowed time in seconds to contact an ELPA repository."
   'integer

core/templates/.spacemacs.template

@@ -112,14 +112,6 @@ It should only modify the values of Spacemacs settings."
    ;; (default (format "spacemacs-%s.pdmp" emacs-version))
    dotspacemacs-emacs-dumper-dump-file (format "spacemacs-%s.pdmp" emacs-version)
 
-   ;; If non-nil ELPA repositories are contacted via HTTPS whenever it's
-   ;; possible. Set it to nil if you have no way to use HTTPS in your
-   ;; environment, otherwise it is strongly recommended to let it set to t.
-   ;; This variable has no effect if Emacs is launched with the parameter
-   ;; `--insecure' which forces the value of this variable to nil.
-   ;; (default t)
-   dotspacemacs-elpa-https t
-
    ;; Maximum allowed time in seconds to contact an ELPA repository.
    ;; (default 5)
    dotspacemacs-elpa-timeout 5

doc/FAQ.org

@@ -7,8 +7,6 @@
   - [[#why-do-you-call-this-a-distribution-i-dont-see-any-spacemacs-executable][Why do you call this a "distribution", I don't see any "Spacemacs" executable?]]
   - [[#why-are-packages-installed-with-package-install-automatically-deleted-by-spacemacs-when-it-boots][Why are packages installed with =package-install= automatically deleted by Spacemacs when it boots?]]
   - [[#environment-variables-or-path-are-not-set-properly][Environment variables or PATH are not set properly]]
-  - [[#how-to-fix-package-download-errors-when-installing-spacemacs-][How to fix package download errors when installing Spacemacs ?]]
-  - [[#how-to-fix-symbols-value-as-variable-is-void-errors-on-startup][How to fix =Symbol's value as variable is void= errors on startup?]]
   - [[#how-to-fix-error-package-package-build--is-unavailable][How to fix =error: Package 'package-build-' is unavailable=?]]
   - [[#how-to-fix-warning-bytecomp-and-other-compilation-warnings][How to fix =Warning (bytecomp)= and other compilation warnings?]]
   - [[#how-to-fix-wrong-type-argument-arrayp-nil-errors-on-startup][How to fix =(wrong-type-argument arrayp nil)= errors on startup?]]
@@ -94,24 +92,6 @@ environment variables in the =env= file. You can open this file with
 ~SPC f e e~. More information in the =Environment variables= section of the
 [[https://github.com/syl20bnr/spacemacs/blob/master/doc/DOCUMENTATION.org][documentation]].
 
-** How to fix package download errors when installing Spacemacs ?
-Since 0.105.0 HTTPS protocol is used by default to download packages. If your
-environment does not allow HTTPS to reach ELPA repositories then you can start
-Emacs with the =--insecure= argument for force the usage of HTTP non secured
-protocol. You can set the variable =dotspacemacs-elpa-https= to =nil= in your
-dotfile to remove the need to start Emacs with =--insecure= argument.
-
-** How to fix =Symbol's value as variable is void= errors on startup?
-If Emacs reports an error that the symbol =closed= or =-= is unbound as a
-variable, it is probably because you are using HTTPS to download packages, but
-you shouldn't be. Try deleting your packages (the =.emacs.d/elpa= folder), and
-restart Emacs without HTTPS to download the packages again. There are two ways
-to do this:
-- Run Emacs with the =--insecure= command line argument: =emacs --insecure=. You
-  will have to do this again the next time you update your packages.
-- Set the variable =dotspacemacs-elpa-https= to =nil= in your dotfile. This has
-  the same effect as =--insecure=, but is persistent.
-
 ** How to fix =error: Package 'package-build-' is unavailable=?
 This may occur due to heavy network traffic. You can fix it by setting the
 =dotspacemacs-elpa-timeout= variable to =70= in your =dotspacemacs= file.