[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/4] Build system: Replace git:// and http:// with https://
- To: George Dunlap <george.dunlap@xxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
- From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
- Date: Thu, 9 Feb 2023 15:05:14 +0000
- Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
- Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
- Delivery-date: Thu, 09 Feb 2023 15:05:53 +0000
- Ironport-data: A9a23:N5/Kl6zDfJEWZWKdCuN6t+e9xirEfRIJ4+MujC+fZmUNrF6WrkUPy mIdWDiHOq3eZDCnc9lxYYiz9RwDvJaAx9FmQQRrpSAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRkPaET5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KVwU8 eRFKC0nVzKSiN+rnu/rac1Fov12eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKZOUYn1lQ/UfrSmM+hgGX/dDtJ7kqYv6Mt70DYzRBr0airO93QEjCPbZQFwRfH/ TKZl4j/KjcabPfYyjTbyS+tjOvjnQGjApk4BLLto5aGh3XMnzdOWXX6T2CTrfS8i2a/XcxeM E0e/icyrak0+1evR9O7VBq9yFaUsxhZV9dOHukS7ACW1rGS8wufHnIDTDNKdJohrsBebT4g2 0KNntjpLSdyq7DTQnWYnp+WsDezNC49PWIEIygeQmMt+ML/qYs+ihbOSNdLE6OviNDxXzbqz FiisywWl7gVy8kR2M2T5lnCnj+o4ITJTwQ8+wHLdm+j9UZ9dYmjIYuy5jDz5O5NNo+DQnGdv XIPnI6V6+VmMH2WvHXTGqNXRujvvqvbdmSG2jaDAqXN6RyQoXq7IIBNyghcNUhUL5hZKRzNS Wvq7FY5CIBoAFOmaqp+YoSUAssszLT9GdmNas04fuaicbAqKlbZoXgGiVq4mjm0zRNyyf1X1 YKzK57EMJoMNUhwINNarc852KRj+C0xzHi7qXvTn0X+iur2iJJ4pN443LqyggIRtvvsTOb9q Yw32y62J/J3DoXDjtH/q9J7ELzzBSFT6WrKg8JWbPWfBQFtBXssDfTcqZt4JdM4z/QMzrmZr yvsMqO99LYZrSaXQeltQik8AI4DoL4l9S5rVcDSFQnAN4cfjXaHs/5EKspfkUgP/+1/1/9kJ 8TpiO3Zasmjvg/vomxHBbGk9dwKSfherV7WV8ZTSGRlLsEIqs2g0oOMQzYDAwFXU3Tr75Zj+ OTwvu4ZKLJaLzlf4A/tQKrH5zuMUbI1xL8as5fgSjWLRHjRzQ==
- Ironport-hdrordr: A9a23:j59A267GIJjTEHl8uAPXwPnXdLJyesId70hD6qm+c20sTiX4rb HUoB1/73XJYVkqKRUdcLy7Scy9qDbnhP1ICOoqXItKPjOW31dARbsKheCD/9SjIVydygc379 YHT0ERMqyIMbG4t6rHCcuDfurIDOPpzElgv4nj80s=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Feb 09, 2023 at 02:01:52PM +0000, George Dunlap wrote:
> On Wed, Feb 8, 2023 at 8:58 PM Demi Marie Obenour <
> demi@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > Obtaining code over an insecure transport is a terrible idea for
> > blatently obvious reasons. Even for non-executable data, insecure
> > transports are considered deprecated.
> >
> > This patch enforces the use of secure transports in the build system.
> >
> > Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
> >
>
> Hey Demi,
>
> Thanks for this series -- we definitely want the build system to use secure
> transports when available. Can you confirm that you've tested the "+s"
> versions of all the URLs in this patch, and verified that they actually
> work?
:'( -> https://gitlab.com/xen-project/patchew/xen/-/pipelines/771746628/
Our GitLab tests are very unhappy with the switch to TLS. Too many
containers aren't recent enough, and don't have the right certificates
(Let's encrypt I guess).
I've only looked at two failures:
ubuntu-focal-clang:
fatal: unable to access
'https://xenbits.xen.org/git-http/qemu-xen.git/': server certificate
verification failed. CAfile: none CRLfile: none
ubuntu-xenial-gcc:
ERROR: cannot verify xenbits.xen.org's certificate, issued by
'CN=R3,O=Let\'s Encrypt,C=US':
I'll try to have a look at updating those containers.
Cheers,
--
Anthony PERARD
|
