Xen project Mailing List

[PATCH v4 3/3] Automation and CI: Replace git:// and http:// with https://

From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Sat, 18 Feb 2023 21:46:15 -0500

Cc: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>

Delivery-date: Sun, 19 Feb 2023 02:50:52 +0000

Feedback-id: iac594737:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in automation and CI. All URLs are known to work. Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> --- README | 4 ++-- automation/build/centos/CentOS-7.2.repo | 8 ++++---- automation/build/debian/stretch-llvm-8.list | 4 ++-- automation/build/debian/unstable-llvm-8.list | 4 ++-- automation/scripts/qemu-smoke-dom0-arm32.sh | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README b/README index 755b3d8eaf8f7a58a945b7594e68a3fe455a7bdf..f8cc426f78d690f37e013242e81d4e440556c330 100644 --- a/README +++ b/README @@ -181,7 +181,7 @@ Python Runtime Libraries Various tools, such as pygrub, have the following runtime dependencies: * Python 2.6 or later. - URL: http://www.python.org/ + URL: https://www.python.org/ Debian: python Note that the build system expects `python` to be available. If your system @@ -197,7 +197,7 @@ Intel(R) Trusted Execution Technology Support Intel's technology for safer computing, Intel(R) Trusted Execution Technology (Intel(R) TXT), defines platform-level enhancements that provide the building blocks for creating trusted platforms. For more information, see -http://www.intel.com/technology/security/. +https://www.intel.com/technology/security/. Intel(R) TXT support is provided by the Trusted Boot (tboot) module in conjunction with minimal logic in the Xen hypervisor. diff --git a/automation/build/centos/CentOS-7.2.repo b/automation/build/centos/CentOS-7.2.repo index 4da27faeb5fa863fd4e140cbeaad308b9a543b86..8e37da1a03f839c486eb9bd0af46716cfb9086e0 100644 --- a/automation/build/centos/CentOS-7.2.repo +++ b/automation/build/centos/CentOS-7.2.repo @@ -6,28 +6,28 @@ [base] name=CentOS-7.2.1511 - Base -baseurl=http://vault.centos.org/7.2.1511/os/$basearch/ +baseurl=https://vault.centos.org/7.2.1511/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-7.2.1511 - Updates -baseurl=http://vault.centos.org/7.2.1511/updates/$basearch/ +baseurl=https://vault.centos.org/7.2.1511/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-7.2.1511 - Extras -baseurl=http://vault.centos.org/7.2.1511/extras/$basearch/ +baseurl=https://vault.centos.org/7.2.1511/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-7.2.1511 - Plus -baseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/ +baseurl=https://vault.centos.org/7.2.1511/centosplus/$basearch/ gpgcheck=1 gpgcheck=1 enabled=0 diff --git a/automation/build/debian/stretch-llvm-8.list b/automation/build/debian/stretch-llvm-8.list index 09fe843fb2a31ae38f752d7c8c71cf97f5b14513..590001ca81e826ab624ba9185423adf4b0c51a21 100644 --- a/automation/build/debian/stretch-llvm-8.list +++ b/automation/build/debian/stretch-llvm-8.list @@ -1,3 +1,3 @@ # Strech LLVM 8 repos -deb http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main -deb-src http://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main +deb https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main +deb-src https://apt.llvm.org/stretch/ llvm-toolchain-stretch-8 main diff --git a/automation/build/debian/unstable-llvm-8.list b/automation/build/debian/unstable-llvm-8.list index dc119fa0b4df1bd6e742c42776710abcd6deaa86..1db1598997429d7a14d3fcd8f0f8152aa6d40b8a 100644 --- a/automation/build/debian/unstable-llvm-8.list +++ b/automation/build/debian/unstable-llvm-8.list @@ -1,3 +1,3 @@ # Unstable LLVM 8 repos -deb http://apt.llvm.org/unstable/ llvm-toolchain-8 main -deb-src http://apt.llvm.org/unstable/ llvm-toolchain-8 main +deb https://apt.llvm.org/unstable/ llvm-toolchain-8 main +deb-src https://apt.llvm.org/unstable/ llvm-toolchain-8 main diff --git a/automation/scripts/qemu-smoke-dom0-arm32.sh b/automation/scripts/qemu-smoke-dom0-arm32.sh index 98e4d481f65c2b29ac935ddf6247132ddf94fa1d..950ad3a0daa63d66fc8647c0a390ff59c2f22b1a 100755 --- a/automation/scripts/qemu-smoke-dom0-arm32.sh +++ b/automation/scripts/qemu-smoke-dom0-arm32.sh @@ -4,7 +4,7 @@ set -ex cd binaries # Use the kernel from Debian -curl --fail --silent --show-error --location --output vmlinuz http://http.us.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz +curl --fail --silent --show-error --location --output vmlinuz https://ftp.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz # Use a tiny initrd based on busybox from Alpine Linux curl --fail --silent --show-error --location --output initrd.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.