Xen project Mailing List

[PATCH v6 4/5] Build system: Replace git:// and http:// with https://

From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 21 Mar 2023 13:33:40 -0400

Cc: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 21 Mar 2023 17:35:20 +0000

Feedback-id: iac594737:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in the build system. Some URLs returned 301 or 302 redirects, so I replaced them with the URLs that were redirected to. Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> --- stubdom/configure | 12 ++++++------ stubdom/configure.ac | 12 ++++++------ tools/firmware/etherboot/Makefile | 6 +----- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/stubdom/configure b/stubdom/configure index 4ea95baa9192f3b319349ac2a14a3055a21ce705..540e9cd331888449b0e24c1aa974bc22c5bcab54 100755 --- a/stubdom/configure +++ b/stubdom/configure @@ -3545,7 +3545,7 @@ if test "x$LIBPCI_URL" = "x"; then : if test "x$extfiles" = "xy"; then : LIBPCI_URL=\$$XEN_EXTFILES_URL$ else - LIBPCI_URL="http://www.kernel.org/pub/software/utils/pciutils"; + LIBPCI_URL="https://mirrors.edge.kernel.org/pub/software/utils/pciutils"; fi fi @@ -3560,7 +3560,7 @@ if test "x$NEWLIB_URL" = "x"; then : if test "x$extfiles" = "xy"; then : NEWLIB_URL=\$$XEN_EXTFILES_URL$ else - NEWLIB_URL="ftp://sources.redhat.com/pub/newlib"; + NEWLIB_URL="https://sourceware.org/ftp/newlib"; fi fi @@ -3575,7 +3575,7 @@ if test "x$LWIP_URL" = "x"; then : if test "x$extfiles" = "xy"; then : LWIP_URL=\$$XEN_EXTFILES_URL$ else - LWIP_URL="http://download.savannah.gnu.org/releases/lwip"; + LWIP_URL="https://download.savannah.gnu.org/releases/lwip"; fi fi @@ -3590,7 +3590,7 @@ if test "x$GRUB_URL" = "x"; then : if test "x$extfiles" = "xy"; then : GRUB_URL=\$$XEN_EXTFILES_URL$ else - GRUB_URL="http://alpha.gnu.org/gnu/grub"; + GRUB_URL="https://alpha.gnu.org/gnu/grub"; fi fi @@ -3602,7 +3602,7 @@ GRUB_VERSION="0.97" if test "x$OCAML_URL" = "x"; then : - OCAML_URL="http://caml.inria.fr/pub/distrib/ocaml-4.02"; + OCAML_URL="https://caml.inria.fr/pub/distrib/ocaml-4.02"; fi OCAML_VERSION="4.02.0" @@ -3616,7 +3616,7 @@ if test "x$GMP_URL" = "x"; then : if test "x$extfiles" = "xy"; then : GMP_URL=\$$XEN_EXTFILES_URL$ else - GMP_URL="ftp://ftp.gmplib.org/pub/gmp-4.3.2"; + GMP_URL="https://gmplib.org/download/gmp/archive"; fi fi diff --git a/stubdom/configure.ac b/stubdom/configure.ac index c648b1602c227ed5fe63b9fbdf3fa52fd2e1654b..471e371e14a82aedc10314c95bcaf39ce9f89f90 100644 --- a/stubdom/configure.ac +++ b/stubdom/configure.ac @@ -56,12 +56,12 @@ AX_DEPENDS_PATH_PROG([vtpm], [CMAKE], [cmake]) # Stubdom libraries version and url setup AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3]) -AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [http://www.kernel.org/pub/software/utils/pciutils]) -AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [ftp://sources.redhat.com/pub/newlib]) -AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [http://download.savannah.gnu.org/releases/lwip]) -AX_STUBDOM_LIB([GRUB], [grub], [0.97], [http://alpha.gnu.org/gnu/grub]) -AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [http://caml.inria.fr/pub/distrib/ocaml-4.02]) -AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [ftp://ftp.gmplib.org/pub/gmp-4.3.2]) +AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [https://mirrors.edge.kernel.org/pub/software/utils/pciutils]) +AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [https://sourceware.org/ftp/newlib]) +AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [https://download.savannah.gnu.org/releases/lwip]) +AX_STUBDOM_LIB([GRUB], [grub], [0.97], [https://alpha.gnu.org/gnu/grub]) +AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [https://caml.inria.fr/pub/distrib/ocaml-4.02]) +AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [https://gmplib.org/download/gmp/archive]) AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4]) AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4]) diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile index 4bc3633ba3d67ff9f52a9cb7923afea73c861da9..6ab9e5bc6b4cc750f2e802128fbc71e9150397b1 100644 --- a/tools/firmware/etherboot/Makefile +++ b/tools/firmware/etherboot/Makefile @@ -4,11 +4,7 @@ XEN_ROOT = $(CURDIR)/../../.. include $(XEN_ROOT)/tools/Rules.mk include Config -ifeq ($(GIT_HTTP),y) -IPXE_GIT_URL ?= http://git.ipxe.org/ipxe.git -else -IPXE_GIT_URL ?= git://git.ipxe.org/ipxe.git -endif +IPXE_GIT_URL ?= https://github.com/ipxe/ipxe.git # put an updated tar.gz on xenbits after changes to this variable IPXE_GIT_TAG := 3c040ad387099483102708bb1839110bc788cefb -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.