Xen project Mailing List

Re: [PATCH] Replace git:// and http:// with https://

To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 7 Feb 2023 05:16:21 +0100

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 07 Feb 2023 04:16:55 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Feb 06, 2023 at 10:10:33PM -0500, Demi Marie Obenour wrote: > Obtaining code over an insecure transport is a terrible idea for > blatently obvious reasons. Even for non-executable data, insecure > transports are considered deprecated. > > This patch was created by doing a tree-wide search and replace with sed, > then reverting changes that were pointless or wrong. > > Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> > --- > Config.mk | 20 ++++++-------------- > README | 4 ++-- > automation/build/centos/CentOS-7.2.repo | 8 ++++---- > automation/build/debian/stretch-llvm-8.list | 4 ++-- > automation/build/debian/unstable-llvm-8.list | 4 ++-- > automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +- > docs/README.remus | 2 +- > docs/conf.py | 2 +- > scripts/get_maintainer.pl | 2 +- > stubdom/configure | 18 +++++++++--------- > stubdom/configure.ac | 18 +++++++++--------- > stubdom/grub.patches/10graphics.diff | 2 +- > tools/examples/xeninfo.pl | 2 +- > tools/firmware/etherboot/Makefile | 4 ++-- > tools/firmware/etherboot/README | 2 +- > tools/firmware/hvmloader/pci_regs.h | 2 +- > tools/firmware/hvmloader/pir.c | 2 +- > tools/firmware/hvmloader/pir_types.h | 2 +- > tools/firmware/hvmloader/smbios_types.h | 2 +- > 19 files changed, 47 insertions(+), 55 deletions(-) > > diff --git a/Config.mk b/Config.mk > index > 10eb443b17d85381b2d1e2282f8965c3e99767e0..fd0719e38be1c679946c4d677c0f0dbdb2a85411 > 100644 > --- a/Config.mk > +++ b/Config.mk > @@ -191,7 +191,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) > EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector > -fno-stack-protector-all > EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables > > -XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles > +XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles > # All the files at that location were downloaded from elsewhere on > # the internet. The original download URL is preserved as a comment > # near the place in the Xen Makefiles where the file is used. > @@ -215,19 +215,11 @@ ifneq (,$(QEMU_TAG)) > QEMU_TRADITIONAL_REVISION ?= $(QEMU_TAG) > endif > > -ifeq ($(GIT_HTTP),y) > -OVMF_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/ovmf.git > -QEMU_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/qemu-xen.git > -QEMU_TRADITIONAL_URL ?= > http://xenbits.xen.org/git-http/qemu-xen-traditional.git > -SEABIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/seabios.git > -MINIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/mini-os.git > -else > -OVMF_UPSTREAM_URL ?= git://xenbits.xen.org/ovmf.git > -QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-xen.git > -QEMU_TRADITIONAL_URL ?= git://xenbits.xen.org/qemu-xen-traditional.git > -SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git > -MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git > -endif > +OVMF_UPSTREAM_URL ?= https://xenbits.xen.org/ovmf.git > +QEMU_UPSTREAM_URL ?= https://xenbits.xen.org/qemu-xen.git > +QEMU_TRADITIONAL_URL ?= https://xenbits.xen.org/qemu-xen-traditional.git > +SEABIOS_UPSTREAM_URL ?= https://xenbits.xen.org/seabios.git > +MINIOS_UPSTREAM_URL ?= https://xenbits.xen.org/mini-os.git xenbits http server has git under /git-http/, so you need to adjust URLs when changing the protocol. Verify if all other URLs in this patch actually work too. (...) > diff --git a/automation/build/debian/stretch-llvm-8.list > b/automation/build/debian/stretch-llvm-8.list > index > 09fe843fb2a31ae38f752d7c8c71cf97f5b14513..590001ca81e826ab624ba9185423adf4b0c51a21 > 100644 > --- a/automation/build/debian/stretch-llvm-8.list > +++ b/automation/build/debian/stretch-llvm-8.list > @@ -1,3 +1,3 @@ > # Strech LLVM 8 repos > -deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > -deb-src http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > +deb https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > +deb-src https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main APT used to require extra package (apt-transport-https) to support HTTPS (I'm pretty sure it applies to stretch, but probably not to unstable). And also, it needs ca-certificates installed. So, this may require some more work before switching the protocol. You can observe https://gitlab.com/xen-project/patchew/xen/-/pipelines if/when gitlab picks it up, to see if everything still works. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.