From nobody Mon May 13 08:10:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676775068224459.34525791849; Sat, 18 Feb 2023 18:51:08 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.497654.768541 (Exim 4.92) (envelope-from ) id 1pTZmU-00031p-Na; Sun, 19 Feb 2023 02:50:26 +0000 Received: by outflank-mailman (output) from mailman id 497654.768541; Sun, 19 Feb 2023 02:50:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmU-00031g-K9; Sun, 19 Feb 2023 02:50:26 +0000 Received: by outflank-mailman (input) for mailman id 497654; Sun, 19 Feb 2023 02:50:25 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmT-0002li-LU for xen-devel@lists.xenproject.org; Sun, 19 Feb 2023 02:50:25 +0000 Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 252d0f3c-b000-11ed-93b5-47a8fe42b414; Sun, 19 Feb 2023 03:50:22 +0100 (CET) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id A53FB3200583; Sat, 18 Feb 2023 21:50:17 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sat, 18 Feb 2023 21:50:18 -0500 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 18 Feb 2023 21:50:15 -0500 (EST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 252d0f3c-b000-11ed-93b5-47a8fe42b414 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1676775017; x=1676861417; bh=+fUifg3+9Sx5Ngno/T4jBLJLFOiv4d2p9UY Hj/k/F/0=; b=TfR/aOp2aVlCdkZUazTk0r14QyQkxybV9277sXvzmNGUSFOUsxR 6XI938akoGyBXIRDBZB6YCs4Xl+d3wPq6GOzV6LD6jVvdIBv5fq23qZzIdf689hv ZxDl59Dvsof5VyZbBFJhJUSVdKNVjNNb5bXyqMIMPdj66i+T5rdUhZ9D+ROie+Wm Nc7VtSrzVQT9WQ1c4u9wKbukvbs/HeAWfnuxfAxRu4aiDrU1SI8/y2RsHA8yT0my 5wrQ4svb/1Xnu5PDvFH0CmZJY2ptWiZI+rT43TLAYFNxhz4E9yd7ZWHNdlCLsVk0 yvUdSa8EB9Vnrrx5cATVhNMpspSSN9bpZaQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1676775017; x=1676861417; bh=+fUifg3+9Sx5N gno/T4jBLJLFOiv4d2p9UYHj/k/F/0=; b=QTAAJMt9lbOncEBb8aHoSh4T+ZiMZ qpRzkOX7piAX0G2MX94k78Jky9lv1KErqjXgCWknn4zzjQDaQrUGBDfoDhiS96Qt fbs1BZs7gxT1cHrvEJH2KuzqKVhJa3jefRssB7OoL5+9zIuMNql9F/i5jPYQg2Tc YGPX4z19ajqjiCBpHY0SItBu6dptj4LEYVNX4HBgyxnCdNLnNP7Aq5BdgfdUQwQD o8PFZ+fGXLamp8bFS1j/h+7fwGOThPnjUYqnvlfRQlQ2yZaOk0njkGpiE4Wqxv2i vBGJjHdSQwYpfVnurwQRveb+T6YqW1wmL//Q7EAvTmBTndrHDOZYG43EQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudejvddggeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgvmhhi ucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhihhngh hslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhepuefgffeihefhffelkeehffeljeeu teeihfeiudejgeeufffhheeugfekhfeiffeinecuffhomhgrihhnpeigvghnrdhorhhgpd igvghnphhrohhjvggtthdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhgshhlrggsrd gtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail From: Demi Marie Obenour To: xen-devel@lists.xenproject.org Cc: Demi Marie Obenour , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , Ross Lagerwall Subject: [PATCH v4 1/3] Use HTTPS for all xenbits.xen.org Git repos Date: Sat, 18 Feb 2023 21:46:13 -0500 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1676775069762100001 Content-Type: text/plain; charset="utf-8" Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports for all xenbits.xen.org Git repositories. It was generated with the following shell script: git ls-files -z | xargs -0 -- sed -Ei -- 's@(git://xenbits\.xen\.org|http://xenbits\.xen\= .org/git-http)/@https://xenbits.xen.org/git-http/@g' All altered links have been tested and are known to work. Signed-off-by: Demi Marie Obenour --- Config.mk | 18 +++++------------- docs/misc/livepatch.pandoc | 2 +- docs/process/xen-release-management.pandoc | 2 +- scripts/get_maintainer.pl | 2 +- 4 files changed, 8 insertions(+), 16 deletions(-) diff --git a/Config.mk b/Config.mk index 10eb443b17d85381b2d1e2282f8965c3e99767e0..75f1975e5e78af44d36c2372cba= 6e89b425267a5 100644 --- a/Config.mk +++ b/Config.mk @@ -215,19 +215,11 @@ ifneq (,$(QEMU_TAG)) QEMU_TRADITIONAL_REVISION ?=3D $(QEMU_TAG) endif =20 -ifeq ($(GIT_HTTP),y) -OVMF_UPSTREAM_URL ?=3D http://xenbits.xen.org/git-http/ovmf.git -QEMU_UPSTREAM_URL ?=3D http://xenbits.xen.org/git-http/qemu-xen.git -QEMU_TRADITIONAL_URL ?=3D http://xenbits.xen.org/git-http/qemu-xen-traditi= onal.git -SEABIOS_UPSTREAM_URL ?=3D http://xenbits.xen.org/git-http/seabios.git -MINIOS_UPSTREAM_URL ?=3D http://xenbits.xen.org/git-http/mini-os.git -else -OVMF_UPSTREAM_URL ?=3D git://xenbits.xen.org/ovmf.git -QEMU_UPSTREAM_URL ?=3D git://xenbits.xen.org/qemu-xen.git -QEMU_TRADITIONAL_URL ?=3D git://xenbits.xen.org/qemu-xen-traditional.git -SEABIOS_UPSTREAM_URL ?=3D git://xenbits.xen.org/seabios.git -MINIOS_UPSTREAM_URL ?=3D git://xenbits.xen.org/mini-os.git -endif +OVMF_UPSTREAM_URL ?=3D https://xenbits.xen.org/git-http/ovmf.git +QEMU_UPSTREAM_URL ?=3D https://xenbits.xen.org/git-http/qemu-xen.git +QEMU_TRADITIONAL_URL ?=3D https://xenbits.xen.org/git-http/qemu-xen-tradit= ional.git +SEABIOS_UPSTREAM_URL ?=3D https://xenbits.xen.org/git-http/seabios.git +MINIOS_UPSTREAM_URL ?=3D https://xenbits.xen.org/git-http/mini-os.git OVMF_UPSTREAM_REVISION ?=3D 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 QEMU_UPSTREAM_REVISION ?=3D master MINIOS_UPSTREAM_REVISION ?=3D 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3 diff --git a/docs/misc/livepatch.pandoc b/docs/misc/livepatch.pandoc index d38e4ce074b399946aecdaedb4cb6fe5b8043b66..a94fb57eb568e85a25c93bf6a98= 8f123d4e48443 100644 --- a/docs/misc/livepatch.pandoc +++ b/docs/misc/livepatch.pandoc @@ -993,7 +993,7 @@ The design of that is not discussed in this design. This is implemented in a seperate tool which lives in a seperate GIT repo. =20 -Currently it resides at git://xenbits.xen.org/livepatch-build-tools.git +Currently it resides at https://xenbits.xen.org/git-http/livepatch-build-t= ools.git =20 ### Exception tables and symbol tables growth =20 diff --git a/docs/process/xen-release-management.pandoc b/docs/process/xen-= release-management.pandoc index 8f80d61d2f1aa9e63da9b1e61b77a67c826efe6f..7826419dad563a3b70c3c97fc4c= 0fb5339bd58e9 100644 --- a/docs/process/xen-release-management.pandoc +++ b/docs/process/xen-release-management.pandoc @@ -271,7 +271,7 @@ Hi all, =20 Xen X.Y rcZ is tagged. You can check that out from xen.git: =20 -git://xenbits.xen.org/xen.git X.Y.0-rcZ +https://xenbits.xen.org/git-http/xen.git X.Y.0-rcZ =20 For your convenience there is also a tarball at: https://downloads.xenproject.org/release/xen/X.Y.0-rcZ/xen-X.Y.0-rcZ.tar.gz diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 48e07370e8d462ced70a1de13ec8134b4eed65ba..cf629cdf3c44e4abe67214378c4= 9a3a9d858d9b5 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1457,7 +1457,7 @@ sub vcs_exists { warn("$P: No supported VCS found. Add --nogit to options?\n"); warn("Using a git repository produces better results.\n"); warn("Try latest git repository using:\n"); - warn("git clone git://xenbits.xen.org/xen.git\n"); + warn("git clone https://xenbits.xen.org/git-http/xen.git\n"); $printed_novcs =3D 1; } return 0; --=20 Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab From nobody Mon May 13 08:10:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676775076490932.7705887946719; Sat, 18 Feb 2023 18:51:16 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.497653.768531 (Exim 4.92) (envelope-from ) id 1pTZmT-0002ls-Ad; Sun, 19 Feb 2023 02:50:25 +0000 Received: by outflank-mailman (output) from mailman id 497653.768531; Sun, 19 Feb 2023 02:50:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmT-0002lj-7I; Sun, 19 Feb 2023 02:50:25 +0000 Received: by outflank-mailman (input) for mailman id 497653; Sun, 19 Feb 2023 02:50:24 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmS-0002Vk-CG for xen-devel@lists.xenproject.org; Sun, 19 Feb 2023 02:50:24 +0000 Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 27430005-b000-11ed-933d-83870f6b2ba8; Sun, 19 Feb 2023 03:50:23 +0100 (CET) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 34FC232005B5; Sat, 18 Feb 2023 21:50:21 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Sat, 18 Feb 2023 21:50:22 -0500 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 18 Feb 2023 21:50:19 -0500 (EST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 27430005-b000-11ed-933d-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1676775020; x=1676861420; bh=9rmTWwkAVzEYzOXaR0GBy2XpALP9AHIvcss Mrr/PkeE=; b=bTFcGZHZ4Sr9PUuwJZeNKl758bpRqknew5TpGmNoe9WCQc5xhyT JRRhfuAgB3Rn8VckkjdmjHB5tiWgKJhX+NokutiYqmC/616B8Mt9sAuiJuTpVLom qIeVVRWL8BoaNpc/geDtzFmsi+K2KzWl28xCX673Jr7XCArck9l7mau57Vk1w54R OluLPyyYsE/oOJftzYgX0hc6GgTf5MqPb9P3D9fog5AEzuadNt3K9JNLTh9Y3Ifh hNPmXtYMRZgGpWcRSmGbNHA2zbD/1ZwYyl7rdiGfIudTZCQEjEQW3vIECyBhIL5B sAz6Xdc2V14H3hK+rlYfBmup49VylKwWPIw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1676775020; x=1676861420; bh=9rmTWwkAVzEYz OXaR0GBy2XpALP9AHIvcssMrr/PkeE=; b=BiuPB42ujBU92ITaBR+XKK8S1uadh JBiGy7D6BAlXUWeGJQ8bvviKZLJN3/Rxq7MioPawEDBgQCqAYvsxrSMQj9DNMsmb 6ou5KGMMTeVaN5BpHcfovgueP9KHJXvZKi3hvfTP28ytyUKVW8VaiYKhroslM00/ ohP47pyRJUdSczzBF4eyjd49m6ugm5opeytHkp/XaXMsTSCqepH1NsaDgDwmyi33 ZhVJ06/SsvqH6cpY7jElexo3DJek4gb9eDFuuCFChtW20Nl5qHmzG43Z8Knu7PjO oe9OGoE5F6mss5Y0dxxIhTpyNkGda4ngMkTYN+XzazCxbrHiuomsYt2bw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudejvddghedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgvmhhi ucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhihhngh hslhgrsgdrtghomheqnecuggftrfgrthhtvghrnheptdettdevhfevgfekuedvkeehledt veeikedtgfdtlefhheefkedtteekueeluddtnecuffhomhgrihhnpeigvghnrdhorhhgpd iilhhisgdrnhgvthdpkhgvrhhnvghlrdhorhhgpdhrvgguhhgrthdrtghomhdpshhouhhr tggvfigrrhgvrdhorhhgpdhgnhhurdhorhhgpdhinhhrihgrrdhfrhdpghhmphhlihgsrd horhhgpdhpohhlrghrshhslhdrohhrghdpsggvrhhlihhoshdruggvpdhiphigvgdrohhr ghdpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepuggvmhhisehinhhvihhsihgslhgvthhhihhnghhslhgrsgdrtgho mh X-ME-Proxy: Feedback-ID: iac594737:Fastmail From: Demi Marie Obenour To: xen-devel@lists.xenproject.org Cc: Demi Marie Obenour , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Samuel Thibault , Anthony PERARD Subject: [PATCH v4 2/3] Build system: Replace git:// and http:// with https:// Date: Sat, 18 Feb 2023 21:46:14 -0500 Message-Id: <944d212b0047339e4c15f7f85d74ff7fbfe96912.1676750305.git.demi@invisiblethingslab.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1676775077295100001 Content-Type: text/plain; charset="utf-8" Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in the build system. Some URLs returned 301 or 302 redirects, so I replaced them with the URLs that were redirected to. Signed-off-by: Demi Marie Obenour --- Config.mk | 2 +- stubdom/configure | 18 +++++++++--------- stubdom/configure.ac | 18 +++++++++--------- tools/firmware/etherboot/Makefile | 6 +----- 4 files changed, 20 insertions(+), 24 deletions(-) diff --git a/Config.mk b/Config.mk index 75f1975e5e78af44d36c2372cba6e89b425267a5..b2bef45b059976d5a6320eabada= 6073004eb22ee 100644 --- a/Config.mk +++ b/Config.mk @@ -191,7 +191,7 @@ APPEND_CFLAGS +=3D $(foreach i, $(APPEND_INCLUDES), -I$= (i)) EMBEDDED_EXTRA_CFLAGS :=3D -fno-pie -fno-stack-protector -fno-stack-protec= tor-all EMBEDDED_EXTRA_CFLAGS +=3D -fno-exceptions -fno-asynchronous-unwind-tables =20 -XEN_EXTFILES_URL ?=3D http://xenbits.xen.org/xen-extfiles +XEN_EXTFILES_URL ?=3D https://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on # the internet. The original download URL is preserved as a comment # near the place in the Xen Makefiles where the file is used. diff --git a/stubdom/configure b/stubdom/configure index b8bffceafdd46181e26a79b85405aefb8bc3ff7d..c717d315c75a596850b94e59c72= c5d5f010f8888 100755 --- a/stubdom/configure +++ b/stubdom/configure @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : ZLIB_URL=3D\$\(XEN_EXTFILES_URL\) else - ZLIB_URL=3D"http://www.zlib.net" + ZLIB_URL=3D"https://www.zlib.net" fi =20 fi @@ -3550,7 +3550,7 @@ if test "x$LIBPCI_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : LIBPCI_URL=3D\$\(XEN_EXTFILES_URL\) else - LIBPCI_URL=3D"http://www.kernel.org/pub/software/utils/pciutils" + LIBPCI_URL=3D"https://mirrors.edge.kernel.org/pub/software/utils/pciutil= s" fi =20 fi @@ -3565,7 +3565,7 @@ if test "x$NEWLIB_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : NEWLIB_URL=3D\$\(XEN_EXTFILES_URL\) else - NEWLIB_URL=3D"ftp://sources.redhat.com/pub/newlib" + NEWLIB_URL=3D"https://sourceware.org/ftp/newlib" fi =20 fi @@ -3580,7 +3580,7 @@ if test "x$LWIP_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : LWIP_URL=3D\$\(XEN_EXTFILES_URL\) else - LWIP_URL=3D"http://download.savannah.gnu.org/releases/lwip" + LWIP_URL=3D"https://download.savannah.gnu.org/releases/lwip" fi =20 fi @@ -3595,7 +3595,7 @@ if test "x$GRUB_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : GRUB_URL=3D\$\(XEN_EXTFILES_URL\) else - GRUB_URL=3D"http://alpha.gnu.org/gnu/grub" + GRUB_URL=3D"https://alpha.gnu.org/gnu/grub" fi =20 fi @@ -3607,7 +3607,7 @@ GRUB_VERSION=3D"0.97" =20 if test "x$OCAML_URL" =3D "x"; then : =20 - OCAML_URL=3D"http://caml.inria.fr/pub/distrib/ocaml-4.02" + OCAML_URL=3D"https://caml.inria.fr/pub/distrib/ocaml-4.02" =20 fi OCAML_VERSION=3D"4.02.0" @@ -3621,7 +3621,7 @@ if test "x$GMP_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : GMP_URL=3D\$\(XEN_EXTFILES_URL\) else - GMP_URL=3D"ftp://ftp.gmplib.org/pub/gmp-4.3.2" + GMP_URL=3D"https://gmplib.org/download/gmp/archive" fi =20 fi @@ -3636,7 +3636,7 @@ if test "x$POLARSSL_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : POLARSSL_URL=3D\$\(XEN_EXTFILES_URL\) else - POLARSSL_URL=3D"http://polarssl.org/code/releases" + POLARSSL_URL=3D"https://polarssl.org/code/releases" fi =20 fi @@ -3651,7 +3651,7 @@ if test "x$TPMEMU_URL" =3D "x"; then : if test "x$extfiles" =3D "xy"; then : TPMEMU_URL=3D\$\(XEN_EXTFILES_URL\) else - TPMEMU_URL=3D"http://download.berlios.de/tpm-emulator" + TPMEMU_URL=3D"https://download.berlios.de/tpm-emulator" fi =20 fi diff --git a/stubdom/configure.ac b/stubdom/configure.ac index e20d99edac0da88098f4806333edde9f31dbc1a7..ab52e00293bee033db9ff7133ef= d34daa5944c8d 100644 --- a/stubdom/configure.ac +++ b/stubdom/configure.ac @@ -55,15 +55,15 @@ AC_PROG_INSTALL AX_DEPENDS_PATH_PROG([vtpm], [CMAKE], [cmake]) =20 # Stubdom libraries version and url setup -AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [http://www.zlib.net]) -AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [http://www.kernel.org/pub/sof= tware/utils/pciutils]) -AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [ftp://sources.redhat.com/pub= /newlib]) -AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [http://download.savannah.gnu.org/= releases/lwip]) -AX_STUBDOM_LIB([GRUB], [grub], [0.97], [http://alpha.gnu.org/gnu/grub]) -AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [http://caml.inria.fr/pub= /distrib/ocaml-4.02]) -AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [ftp://ftp.gmplib.org/pub/gmp-4.3= .2]) -AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [http://polarssl.org/code/= releases]) -AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [http://download= .berlios.de/tpm-emulator]) +AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [https://www.zlib.net]) +AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [https://mirrors.edge.kernel.o= rg/pub/software/utils/pciutils]) +AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [https://sourceware.org/ftp/n= ewlib]) +AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [https://download.savannah.gnu.org= /releases/lwip]) +AX_STUBDOM_LIB([GRUB], [grub], [0.97], [https://alpha.gnu.org/gnu/grub]) +AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [https://caml.inria.fr/pu= b/distrib/ocaml-4.02]) +AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [https://gmplib.org/download/gmp/= archive]) +AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [https://polarssl.org/code= /releases]) +AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [https://downloa= d.berlios.de/tpm-emulator]) =20 #These stubdoms should be enabled if the dependent one is AX_STUBDOM_AUTO_DEPENDS([vtpmmgr], [vtpm]) diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/M= akefile index 4bc3633ba3d67ff9f52a9cb7923afea73c861da9..6ab9e5bc6b4cc750f2e802128fb= c71e9150397b1 100644 --- a/tools/firmware/etherboot/Makefile +++ b/tools/firmware/etherboot/Makefile @@ -4,11 +4,7 @@ XEN_ROOT =3D $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk include Config =20 -ifeq ($(GIT_HTTP),y) -IPXE_GIT_URL ?=3D http://git.ipxe.org/ipxe.git -else -IPXE_GIT_URL ?=3D git://git.ipxe.org/ipxe.git -endif +IPXE_GIT_URL ?=3D https://github.com/ipxe/ipxe.git =20 # put an updated tar.gz on xenbits after changes to this variable IPXE_GIT_TAG :=3D 3c040ad387099483102708bb1839110bc788cefb --=20 Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab From nobody Mon May 13 08:10:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676775076641183.65702252645372; Sat, 18 Feb 2023 18:51:16 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.497655.768553 (Exim 4.92) (envelope-from ) id 1pTZmY-0003KN-0u; Sun, 19 Feb 2023 02:50:30 +0000 Received: by outflank-mailman (output) from mailman id 497655.768553; Sun, 19 Feb 2023 02:50:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmX-0003KE-TW; Sun, 19 Feb 2023 02:50:29 +0000 Received: by outflank-mailman (input) for mailman id 497655; Sun, 19 Feb 2023 02:50:28 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pTZmW-0002Vk-B1 for xen-devel@lists.xenproject.org; Sun, 19 Feb 2023 02:50:28 +0000 Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 29919810-b000-11ed-933d-83870f6b2ba8; Sun, 19 Feb 2023 03:50:27 +0100 (CET) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 27CBE3200583; Sat, 18 Feb 2023 21:50:25 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sat, 18 Feb 2023 21:50:25 -0500 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 18 Feb 2023 21:50:23 -0500 (EST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 29919810-b000-11ed-933d-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1676775024; x=1676861424; bh=x1U4BNcj9Zecyq6U+qye/Zm4u8N3JEG92kP 6XRxNw5M=; b=hyEmewljALJ6TecsrhfSuyupXf0mwhAyzyA2sNRKSkT17UL5nMK po6gDn2Xys532BqHGimKCsiwfiXV0ATqV13gTO4hcvdKVKeT+6fPlEXqXGVBW0gX pzg3fcug5r+XVDsobOHKw2pIJtux5p37N44I84m8rXMnKqGEaN+dC9S/2ZPu2G+r psS1lnBCs7nf9u8CMHE6JpgFDsRwvyTsPPf4mKoFG7JBMcKZjrIs9ecHOgIiIAJc y1RZ6Ov0ermw69a7Ushk0r/RGihAYD1U8lS+LWXTILAw1woe+47Xz4A4lH7jG/ni olJi0drxdFCgEZkB1/9htfPL+bL4Rt0k57g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1676775024; x=1676861424; bh=x1U4BNcj9Zecy q6U+qye/Zm4u8N3JEG92kP6XRxNw5M=; b=Ce/iG8l5PGkiL2aDxsYWvD9Lf47va rVHfT5CgeMYrT/cpn0qL68HbgfvsB7BzVhFXUhwmXB2KYl5oG2tcJmX01CPNhi12 3i6RlEqNxPOiXwDsyUuNrnu5gfseZ94hwEeJ/nKjxD3ONvk1o20Afb6Q0eO1Sm02 kgqcT2DREBEbGhnf54ViBD34gOIOgke3BjHYEv4hQ2r6rOR8oVdzlGz/PtCBRSc+ OJ6F6HKMwUukRgg/6823ySM1beD4D5vymJgLyp4dTAjNSegeavIJ5WbLePpykEQH 5CbpcqlRStAGIed/cnh5K9AipXKDvuzTB+XDNX2NI+rGcy+0W3iuFlMtw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudejvddghedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgvmhhi ucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhihhngh hslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhepteduueehgeeujeegudeiffffveel teeljeevudeileffieetgfegffeitedvkeeunecuffhomhgrihhnpehphihthhhonhdroh hrghdpihhnthgvlhdrtghomhdptggvnhhtohhsrdhorhhgpdhllhhvmhdrohhrghdpuggv sghirghnrdhorhhgpdgrlhhpihhnvghlihhnuhigrdhorhhgnecuvehluhhsthgvrhfuih iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggvmhhisehinhhvihhsihgslhgv thhhihhnghhslhgrsgdrtghomh X-ME-Proxy: Feedback-ID: iac594737:Fastmail From: Demi Marie Obenour To: xen-devel@lists.xenproject.org Cc: Demi Marie Obenour , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Doug Goldstein Subject: [PATCH v4 3/3] Automation and CI: Replace git:// and http:// with https:// Date: Sat, 18 Feb 2023 21:46:15 -0500 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1676775077295100002 Content-Type: text/plain; charset="utf-8" Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in automation and CI. All URLs are known to work. Signed-off-by: Demi Marie Obenour --- README | 4 ++-- automation/build/centos/CentOS-7.2.repo | 8 ++++---- automation/build/debian/stretch-llvm-8.list | 4 ++-- automation/build/debian/unstable-llvm-8.list | 4 ++-- automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README b/README index 755b3d8eaf8f7a58a945b7594e68a3fe455a7bdf..f8cc426f78d690f37e013242e81= d4e440556c330 100644 --- a/README +++ b/README @@ -181,7 +181,7 @@ Python Runtime Libraries Various tools, such as pygrub, have the following runtime dependencies: =20 * Python 2.6 or later. - URL: http://www.python.org/ + URL: https://www.python.org/ Debian: python =20 Note that the build system expects `python` to be available. If your system @@ -197,7 +197,7 @@ Intel(R) Trusted Execution Technology Support Intel's technology for safer computing, Intel(R) Trusted Execution Technol= ogy (Intel(R) TXT), defines platform-level enhancements that provide the build= ing blocks for creating trusted platforms. For more information, see -http://www.intel.com/technology/security/. +https://www.intel.com/technology/security/. =20 Intel(R) TXT support is provided by the Trusted Boot (tboot) module in conjunction with minimal logic in the Xen hypervisor. diff --git a/automation/build/centos/CentOS-7.2.repo b/automation/build/cen= tos/CentOS-7.2.repo index 4da27faeb5fa863fd4e140cbeaad308b9a543b86..8e37da1a03f839c486eb9bd0af4= 6716cfb9086e0 100644 --- a/automation/build/centos/CentOS-7.2.repo +++ b/automation/build/centos/CentOS-7.2.repo @@ -6,28 +6,28 @@ =20 [base] name=3DCentOS-7.2.1511 - Base -baseurl=3Dhttp://vault.centos.org/7.2.1511/os/$basearch/ +baseurl=3Dhttps://vault.centos.org/7.2.1511/os/$basearch/ gpgcheck=3D1 gpgkey=3Dfile:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 =20 #released updates=20 [updates] name=3DCentOS-7.2.1511 - Updates -baseurl=3Dhttp://vault.centos.org/7.2.1511/updates/$basearch/ +baseurl=3Dhttps://vault.centos.org/7.2.1511/updates/$basearch/ gpgcheck=3D1 gpgkey=3Dfile:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 =20 #additional packages that may be useful [extras] name=3DCentOS-7.2.1511 - Extras -baseurl=3Dhttp://vault.centos.org/7.2.1511/extras/$basearch/ +baseurl=3Dhttps://vault.centos.org/7.2.1511/extras/$basearch/ gpgcheck=3D1 gpgkey=3Dfile:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 =20 #additional packages that extend functionality of existing packages [centosplus] name=3DCentOS-7.2.1511 - Plus -baseurl=3Dhttp://vault.centos.org/7.2.1511/centosplus/$basearch/ +baseurl=3Dhttps://vault.centos.org/7.2.1511/centosplus/$basearch/ gpgcheck=3D1 gpgcheck=3D1 enabled=3D0 diff --git a/automation/build/debian/stretch-llvm-8.list b/automation/build= /debian/stretch-llvm-8.list index 09fe843fb2a31ae38f752d7c8c71cf97f5b14513..590001ca81e826ab624ba918542= 3adf4b0c51a21 100644 --- a/automation/build/debian/stretch-llvm-8.list +++ b/automation/build/debian/stretch-llvm-8.list @@ -1,3 +1,3 @@ # Strech LLVM 8 repos -deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main -deb-src http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main +deb https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main +deb-src https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main diff --git a/automation/build/debian/unstable-llvm-8.list b/automation/buil= d/debian/unstable-llvm-8.list index dc119fa0b4df1bd6e742c42776710abcd6deaa86..1db1598997429d7a14d3fcd8f0f= 8152aa6d40b8a 100644 --- a/automation/build/debian/unstable-llvm-8.list +++ b/automation/build/debian/unstable-llvm-8.list @@ -1,3 +1,3 @@ # Unstable LLVM 8 repos -deb http://apt.llvm.org/unstable/ llvm-toolchain-8 main -deb-src http://apt.llvm.org/unstable/ llvm-toolchain-8 main +deb https://apt.llvm.org/unstable/ llvm-toolchain-8 main +deb-src https://apt.llvm.org/unstable/ llvm-toolchain-8 main diff --git a/automation/scripts/qemu-smoke-dom0-arm32.sh b/automation/scrip= ts/qemu-smoke-dom0-arm32.sh index 98e4d481f65c2b29ac935ddf6247132ddf94fa1d..950ad3a0daa63d66fc8647c0a39= 0ff59c2f22b1a 100755 --- a/automation/scripts/qemu-smoke-dom0-arm32.sh +++ b/automation/scripts/qemu-smoke-dom0-arm32.sh @@ -4,7 +4,7 @@ set -ex =20 cd binaries # Use the kernel from Debian -curl --fail --silent --show-error --location --output vmlinuz http://http.= us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/net= boot/vmlinuz +curl --fail --silent --show-error --location --output vmlinuz https://ftp.= debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboo= t/vmlinuz # Use a tiny initrd based on busybox from Alpine Linux curl --fail --silent --show-error --location --output initrd.tar.gz https:= //dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15= .1-armhf.tar.gz =20 --=20 Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab