Xen project Mailing List

[PATCH v4 2/3] Build system: Replace git:// and http:// with https://

From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Sat, 18 Feb 2023 21:46:14 -0500

Cc: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>

Delivery-date: Sun, 19 Feb 2023 02:50:52 +0000

Feedback-id: iac594737:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in the build system. Some URLs returned 301 or 302 redirects, so I replaced them with the URLs that were redirected to. Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> --- Config.mk | 2 +- stubdom/configure | 18 +++++++++--------- stubdom/configure.ac | 18 +++++++++--------- tools/firmware/etherboot/Makefile | 6 +----- 4 files changed, 20 insertions(+), 24 deletions(-) diff --git a/Config.mk b/Config.mk index 75f1975e5e78af44d36c2372cba6e89b425267a5..b2bef45b059976d5a6320eabada6073004eb22ee 100644 --- a/Config.mk +++ b/Config.mk @@ -191,7 +191,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles +XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on # the internet. The original download URL is preserved as a comment # near the place in the Xen Makefiles where the file is used. diff --git a/stubdom/configure b/stubdom/configure index b8bffceafdd46181e26a79b85405aefb8bc3ff7d..c717d315c75a596850b94e59c72c5d5f010f8888 100755 --- a/stubdom/configure +++ b/stubdom/configure @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then : if test "x$extfiles" = "xy"; then : ZLIB_URL=\$$XEN_EXTFILES_URL$ else - ZLIB_URL="http://www.zlib.net"; + ZLIB_URL="https://www.zlib.net"; fi fi @@ -3550,7 +3550,7 @@ if test "x$LIBPCI_URL" = "x"; then : if test "x$extfiles" = "xy"; then : LIBPCI_URL=\$$XEN_EXTFILES_URL$ else - LIBPCI_URL="http://www.kernel.org/pub/software/utils/pciutils"; + LIBPCI_URL="https://mirrors.edge.kernel.org/pub/software/utils/pciutils"; fi fi @@ -3565,7 +3565,7 @@ if test "x$NEWLIB_URL" = "x"; then : if test "x$extfiles" = "xy"; then : NEWLIB_URL=\$$XEN_EXTFILES_URL$ else - NEWLIB_URL="ftp://sources.redhat.com/pub/newlib"; + NEWLIB_URL="https://sourceware.org/ftp/newlib"; fi fi @@ -3580,7 +3580,7 @@ if test "x$LWIP_URL" = "x"; then : if test "x$extfiles" = "xy"; then : LWIP_URL=\$$XEN_EXTFILES_URL$ else - LWIP_URL="http://download.savannah.gnu.org/releases/lwip"; + LWIP_URL="https://download.savannah.gnu.org/releases/lwip"; fi fi @@ -3595,7 +3595,7 @@ if test "x$GRUB_URL" = "x"; then : if test "x$extfiles" = "xy"; then : GRUB_URL=\$$XEN_EXTFILES_URL$ else - GRUB_URL="http://alpha.gnu.org/gnu/grub"; + GRUB_URL="https://alpha.gnu.org/gnu/grub"; fi fi @@ -3607,7 +3607,7 @@ GRUB_VERSION="0.97" if test "x$OCAML_URL" = "x"; then : - OCAML_URL="http://caml.inria.fr/pub/distrib/ocaml-4.02"; + OCAML_URL="https://caml.inria.fr/pub/distrib/ocaml-4.02"; fi OCAML_VERSION="4.02.0" @@ -3621,7 +3621,7 @@ if test "x$GMP_URL" = "x"; then : if test "x$extfiles" = "xy"; then : GMP_URL=\$$XEN_EXTFILES_URL$ else - GMP_URL="ftp://ftp.gmplib.org/pub/gmp-4.3.2"; + GMP_URL="https://gmplib.org/download/gmp/archive"; fi fi @@ -3636,7 +3636,7 @@ if test "x$POLARSSL_URL" = "x"; then : if test "x$extfiles" = "xy"; then : POLARSSL_URL=\$$XEN_EXTFILES_URL$ else - POLARSSL_URL="http://polarssl.org/code/releases"; + POLARSSL_URL="https://polarssl.org/code/releases"; fi fi @@ -3651,7 +3651,7 @@ if test "x$TPMEMU_URL" = "x"; then : if test "x$extfiles" = "xy"; then : TPMEMU_URL=\$$XEN_EXTFILES_URL$ else - TPMEMU_URL="http://download.berlios.de/tpm-emulator"; + TPMEMU_URL="https://download.berlios.de/tpm-emulator"; fi fi diff --git a/stubdom/configure.ac b/stubdom/configure.ac index e20d99edac0da88098f4806333edde9f31dbc1a7..ab52e00293bee033db9ff7133efd34daa5944c8d 100644 --- a/stubdom/configure.ac +++ b/stubdom/configure.ac @@ -55,15 +55,15 @@ AC_PROG_INSTALL AX_DEPENDS_PATH_PROG([vtpm], [CMAKE], [cmake]) # Stubdom libraries version and url setup -AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [http://www.zlib.net]) -AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [http://www.kernel.org/pub/software/utils/pciutils]) -AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [ftp://sources.redhat.com/pub/newlib]) -AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [http://download.savannah.gnu.org/releases/lwip]) -AX_STUBDOM_LIB([GRUB], [grub], [0.97], [http://alpha.gnu.org/gnu/grub]) -AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [http://caml.inria.fr/pub/distrib/ocaml-4.02]) -AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [ftp://ftp.gmplib.org/pub/gmp-4.3.2]) -AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [http://polarssl.org/code/releases]) -AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [http://download.berlios.de/tpm-emulator]) +AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [https://www.zlib.net]) +AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [https://mirrors.edge.kernel.org/pub/software/utils/pciutils]) +AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [https://sourceware.org/ftp/newlib]) +AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [https://download.savannah.gnu.org/releases/lwip]) +AX_STUBDOM_LIB([GRUB], [grub], [0.97], [https://alpha.gnu.org/gnu/grub]) +AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [https://caml.inria.fr/pub/distrib/ocaml-4.02]) +AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [https://gmplib.org/download/gmp/archive]) +AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [https://polarssl.org/code/releases]) +AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [https://download.berlios.de/tpm-emulator]) #These stubdoms should be enabled if the dependent one is AX_STUBDOM_AUTO_DEPENDS([vtpmmgr], [vtpm]) diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile index 4bc3633ba3d67ff9f52a9cb7923afea73c861da9..6ab9e5bc6b4cc750f2e802128fbc71e9150397b1 100644 --- a/tools/firmware/etherboot/Makefile +++ b/tools/firmware/etherboot/Makefile @@ -4,11 +4,7 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk include Config -ifeq ($(GIT_HTTP),y) -IPXE_GIT_URL ?= http://git.ipxe.org/ipxe.git -else -IPXE_GIT_URL ?= git://git.ipxe.org/ipxe.git -endif +IPXE_GIT_URL ?= https://github.com/ipxe/ipxe.git # put an updated tar.gz on xenbits after changes to this variable IPXE_GIT_TAG := 3c040ad387099483102708bb1839110bc788cefb -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.