Use https for source URLs

When updating/rebuilding from the spec file, we can be a little more
secure in downloading the sources via https.

It would be nice to check GPG signatures for the tarballs, but upstream
cgit does not provide such signatures (they sign the git tag, but that
doesn't help us here).  We _could_ check the git tarball signature,
borrowing the code from the %prep section of the git spec file.

1 files changed, 7 insertions, 4 deletions

diff --git a/cgit.spec b/cgit.spec
index 3a54c9f..e71253e 100644
--- a/cgit.spec
+++ b/cgit.spec
@@ -36,14 +36,14 @@ make V=1 %{?_smp_mflags} \\\
 
 Name:           cgit
 Version:        1.1
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        A fast web interface for git
 
 Group:          Development/Tools
 License:        GPLv2
-URL:            http://git.zx2c4.com/cgit/
-Source0:        http://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz
-Source1:        http://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz
+URL:            https://git.zx2c4.com/cgit/
+Source0:        https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz
+Source1:        https://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz
 Source2:        cgitrc
 Source3:        README.SELinux
 
@@ -158,6 +158,9 @@ install -d -m0755 %{buildroot}%{cachedir}
 
 
 %changelog
+* Sun Feb 18 2018 Todd Zullinger <tmz@pobox.com> - 1.1-10
+- Use https for source URLs
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild