Xen project Mailing List

Re: [PATCH] Replace git:// and http:// with https://

To: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 7 Feb 2023 01:15:14 -0500

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 07 Feb 2023 06:16:04 +0000

Feedback-id: iac594737:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Feb 07, 2023 at 05:16:21AM +0100, Marek Marczykowski-Górecki wrote: > On Mon, Feb 06, 2023 at 10:10:33PM -0500, Demi Marie Obenour wrote: > > Obtaining code over an insecure transport is a terrible idea for > > blatently obvious reasons. Even for non-executable data, insecure > > transports are considered deprecated. > > > > This patch was created by doing a tree-wide search and replace with sed, > > then reverting changes that were pointless or wrong. > > > > Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> > > --- > > Config.mk | 20 ++++++-------------- > > README | 4 ++-- > > automation/build/centos/CentOS-7.2.repo | 8 ++++---- > > automation/build/debian/stretch-llvm-8.list | 4 ++-- > > automation/build/debian/unstable-llvm-8.list | 4 ++-- > > automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +- > > docs/README.remus | 2 +- > > docs/conf.py | 2 +- > > scripts/get_maintainer.pl | 2 +- > > stubdom/configure | 18 +++++++++--------- > > stubdom/configure.ac | 18 +++++++++--------- > > stubdom/grub.patches/10graphics.diff | 2 +- > > tools/examples/xeninfo.pl | 2 +- > > tools/firmware/etherboot/Makefile | 4 ++-- > > tools/firmware/etherboot/README | 2 +- > > tools/firmware/hvmloader/pci_regs.h | 2 +- > > tools/firmware/hvmloader/pir.c | 2 +- > > tools/firmware/hvmloader/pir_types.h | 2 +- > > tools/firmware/hvmloader/smbios_types.h | 2 +- > > 19 files changed, 47 insertions(+), 55 deletions(-) > > > > diff --git a/Config.mk b/Config.mk > > index > > 10eb443b17d85381b2d1e2282f8965c3e99767e0..fd0719e38be1c679946c4d677c0f0dbdb2a85411 > > 100644 > > --- a/Config.mk > > +++ b/Config.mk > > @@ -191,7 +191,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), > > -I$(i)) > > EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector > > -fno-stack-protector-all > > EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables > > > > -XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles > > +XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles > > # All the files at that location were downloaded from elsewhere on > > # the internet. The original download URL is preserved as a comment > > # near the place in the Xen Makefiles where the file is used. > > @@ -215,19 +215,11 @@ ifneq (,$(QEMU_TAG)) > > QEMU_TRADITIONAL_REVISION ?= $(QEMU_TAG) > > endif > > > > -ifeq ($(GIT_HTTP),y) > > -OVMF_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/ovmf.git > > -QEMU_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/qemu-xen.git > > -QEMU_TRADITIONAL_URL ?= > > http://xenbits.xen.org/git-http/qemu-xen-traditional.git > > -SEABIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/seabios.git > > -MINIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/mini-os.git > > -else > > -OVMF_UPSTREAM_URL ?= git://xenbits.xen.org/ovmf.git > > -QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-xen.git > > -QEMU_TRADITIONAL_URL ?= git://xenbits.xen.org/qemu-xen-traditional.git > > -SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git > > -MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git > > -endif > > +OVMF_UPSTREAM_URL ?= https://xenbits.xen.org/ovmf.git > > +QEMU_UPSTREAM_URL ?= https://xenbits.xen.org/qemu-xen.git > > +QEMU_TRADITIONAL_URL ?= https://xenbits.xen.org/qemu-xen-traditional.git > > +SEABIOS_UPSTREAM_URL ?= https://xenbits.xen.org/seabios.git > > +MINIOS_UPSTREAM_URL ?= https://xenbits.xen.org/mini-os.git > > xenbits http server has git under /git-http/, so you need to adjust URLs > when changing the protocol. Verify if all other URLs in this patch > actually work too. New version coming with what I believe to be fixed URLs for everything except the TPM emulator. The TPM emulator was originally hosted on BerliOS, which I believe no longer exists, so it only makes sense to download it from Xen’s own servers. I’ll fail the build if an attempt is made to download it from the original (now defunct) website. > > diff --git a/automation/build/debian/stretch-llvm-8.list > > b/automation/build/debian/stretch-llvm-8.list > > index > > 09fe843fb2a31ae38f752d7c8c71cf97f5b14513..590001ca81e826ab624ba9185423adf4b0c51a21 > > 100644 > > --- a/automation/build/debian/stretch-llvm-8.list > > +++ b/automation/build/debian/stretch-llvm-8.list > > @@ -1,3 +1,3 @@ > > # Strech LLVM 8 repos > > -deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > > -deb-src http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > > +deb https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > > +deb-src https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main > > APT used to require extra package (apt-transport-https) to support > HTTPS (I'm pretty sure it applies to stretch, but probably not to > unstable). And also, it needs ca-certificates installed. So, this may > require some more work before switching the protocol. You can observe > https://gitlab.com/xen-project/patchew/xen/-/pipelines if/when gitlab > picks it up, to see if everything still works. Will do. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.