1. Patchew
  2. Xen
  3. View series

[PATCH v6 0/5] Stop using insecure transports

Demi Marie Obenour posted 5 patches 1 year ago
Test gitlab-ci passed
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/cover.1679412247.git.demi@invisiblethingslab.com
Config.mk                                   | 20 ++++---------
README                                      |  4 +--
automation/build/debian/stretch-llvm-8.list |  4 +--
docs/misc/livepatch.pandoc                  |  2 +-
docs/process/xen-release-management.pandoc  |  2 +-
m4/stubdom.m4                               |  5 ++--
scripts/get_maintainer.pl                   |  2 +-
stubdom/configure                           | 33 ++++++---------------
stubdom/configure.ac                        | 18 +++++------
tools/firmware/etherboot/Makefile           |  6 +---
10 files changed, 35 insertions(+), 61 deletions(-)
[PATCH v6 0/5] Stop using insecure transports
Posted by Demi Marie Obenour 1 year ago 
Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons.  Even for non-executable data, insecure
transports are considered deprecated.

Changes since v5:

- Rebase on top of the staging branch.

- Do not replace a xenbits.xenproject.org link with a xenbits.xen.org
  link.

Changes since v4:

- Remove known-broken links entirely.  They only mislead users into
  believing the code can be obtained there when it cannot.

Changes since v3:

- Drop patch 4, which is an unrelated removal of unused code.

- Do not fail with an error if one tries to build the I/O emulator,
  vTPM, or vTPM manager stubdomains and passes --enable-extfiles.  The
  user may have provided alternate download URLs via environment
  variables.

Changes since v2:

- Drop patches 5 and 6, which changed links not used by automated tools.
  These patches are the least urgent and hardest to review.

- Ensure that no links are broken, and fail with an error instead of
  trying to use links that *are* broken.

Demi Marie Obenour (5):
  Use HTTPS for all xenbits.xen.org Git repos
  Change remaining xenbits.xen.org link to HTTPS
  Build system: Do not try to use broken links
  Build system: Replace git:// and http:// with https://
  Automation and CI: Replace git:// and http:// with https://

 Config.mk                                   | 20 ++++---------
 README                                      |  4 +--
 automation/build/debian/stretch-llvm-8.list |  4 +--
 docs/misc/livepatch.pandoc                  |  2 +-
 docs/process/xen-release-management.pandoc  |  2 +-
 m4/stubdom.m4                               |  5 ++--
 scripts/get_maintainer.pl                   |  2 +-
 stubdom/configure                           | 33 ++++++---------------
 stubdom/configure.ac                        | 18 +++++------
 tools/firmware/etherboot/Makefile           |  6 +---
 10 files changed, 35 insertions(+), 61 deletions(-)

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
Re: [PATCH v6 0/5] Stop using insecure transports
Posted by Andrew Cooper 1 year ago 
On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
> Demi Marie Obenour (5):
>   Use HTTPS for all xenbits.xen.org Git repos
>   Change remaining xenbits.xen.org link to HTTPS
>   Build system: Do not try to use broken links
>   Build system: Replace git:// and http:// with https://
>   Automation and CI: Replace git:// and http:// with https://

https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
patchew, so I think we're good now on the containers.

>
>  Config.mk                                   | 20 ++++---------
>  README                                      |  4 +--
>  automation/build/debian/stretch-llvm-8.list |  4 +--

Except for this, where I thought we'd already dropped it...

~Andrew
Re: [PATCH v6 0/5] Stop using insecure transports
Posted by Anthony PERARD 1 year ago 
On Wed, Mar 22, 2023 at 08:37:43AM +0000, Andrew Cooper wrote:
> On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
> > Demi Marie Obenour (5):
> >   Use HTTPS for all xenbits.xen.org Git repos
> >   Change remaining xenbits.xen.org link to HTTPS
> >   Build system: Do not try to use broken links
> >   Build system: Replace git:// and http:// with https://
> >   Automation and CI: Replace git:// and http:// with https://
> 
> https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
> patchew, so I think we're good now on the containers.
> 
> >
> >  Config.mk                                   | 20 ++++---------
> >  README                                      |  4 +--
> >  automation/build/debian/stretch-llvm-8.list |  4 +--
> 
> Except for this, where I thought we'd already dropped it...

We dropped llvm-8 on the unstable container, I don't think there's been
patch for the stretch container.

-- 
Anthony PERARD
Re: [PATCH v6 0/5] Stop using insecure transports
Posted by Andrew Cooper 1 year ago 
On 24/03/2023 4:37 pm, Anthony PERARD wrote:
> On Wed, Mar 22, 2023 at 08:37:43AM +0000, Andrew Cooper wrote:
>> On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
>>> Demi Marie Obenour (5):
>>>   Use HTTPS for all xenbits.xen.org Git repos
>>>   Change remaining xenbits.xen.org link to HTTPS
>>>   Build system: Do not try to use broken links
>>>   Build system: Replace git:// and http:// with https://
>>>   Automation and CI: Replace git:// and http:// with https://
>> https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
>> patchew, so I think we're good now on the containers.
>>
>>>  Config.mk                                   | 20 ++++---------
>>>  README                                      |  4 +--
>>>  automation/build/debian/stretch-llvm-8.list |  4 +--
>> Except for this, where I thought we'd already dropped it...
> We dropped llvm-8 on the unstable container, I don't think there's been
> patch for the stretch container.

Yeah, I was just figuring that out.

I'm going to commit Demi's series as is, and fix the container afterwards.

~Andrew

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.