[v6,0/5] Stop using insecure transports

Message ID	cover.1679412247.git.demi@invisiblethingslab.com (mailing list archive)
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Feedback-ID: iac594737:Fastmail From: Demi Marie Obenour <demi@invisiblethingslab.com> To: xen-devel@lists.xenproject.org Cc: Demi Marie Obenour <demi@invisiblethingslab.com>, Andrew Cooper <andrew.cooper3@citrix.com>, George Dunlap <george.dunlap@citrix.com>, Jan Beulich <jbeulich@suse.com>, Julien Grall <julien@xen.org>, Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, Ross Lagerwall <ross.lagerwall@citrix.com>, Samuel Thibault <samuel.thibault@ens-lyon.org>, Anthony PERARD <anthony.perard@citrix.com>, Doug Goldstein <cardoe@cardoe.com>, =?utf-8?q?Marek_Marczykowski-G=C3=B3rec?= =?utf-8?q?ki?= <marmarek@invisiblethingslab.com> Subject: [PATCH v6 0/5] Stop using insecure transports Date: Tue, 21 Mar 2023 13:33:32 -0400 Message-Id: <cover.1679412247.git.demi@invisiblethingslab.com> In-Reply-To: <cover.1677356813.git.demi@invisiblethingslab.com> References: <cover.1677356813.git.demi@invisiblethingslab.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Stop using insecure transports \| expand [v6,0/5] Stop using insecure transports [v6,1/5] Use HTTPS for all xenbits.xen.org Git repos [v6,2/5] Change remaining xenbits.xen.org link to HTTPS [v6,3/5] Build system: Do not try to use broken links [v6,4/5] Build system: Replace git:// and http:// with https:// [v6,5/5] Automation and CI: Replace git:// and http:// with https://

Message ID

cover.1679412247.git.demi@invisiblethingslab.com (mailing list archive)

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Feedback-ID: iac594737:Fastmail
From: Demi Marie Obenour <demi@invisiblethingslab.com>
To: xen-devel@lists.xenproject.org
Cc: Demi Marie Obenour <demi@invisiblethingslab.com>,
 Andrew Cooper <andrew.cooper3@citrix.com>,
 George Dunlap <george.dunlap@citrix.com>, Jan Beulich <jbeulich@suse.com>,
 Julien Grall <julien@xen.org>, Stefano Stabellini <sstabellini@kernel.org>,
 Wei Liu <wl@xen.org>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
 Ross Lagerwall <ross.lagerwall@citrix.com>,
 Samuel Thibault <samuel.thibault@ens-lyon.org>,
 Anthony PERARD <anthony.perard@citrix.com>,
 Doug Goldstein <cardoe@cardoe.com>, =?utf-8?q?Marek_Marczykowski-G=C3=B3rec?=
	=?utf-8?q?ki?= <marmarek@invisiblethingslab.com>
Subject: [PATCH v6 0/5] Stop using insecure transports
Date: Tue, 21 Mar 2023 13:33:32 -0400
Message-Id: <cover.1679412247.git.demi@invisiblethingslab.com>
In-Reply-To: <cover.1677356813.git.demi@invisiblethingslab.com>
References: <cover.1677356813.git.demi@invisiblethingslab.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Stop using insecure transports | expand

Message

Demi Marie Obenour March 21, 2023, 5:33 p.m. UTC

Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons.  Even for non-executable data, insecure
transports are considered deprecated.

Changes since v5:

- Rebase on top of the staging branch.

- Do not replace a xenbits.xenproject.org link with a xenbits.xen.org
  link.

Changes since v4:

- Remove known-broken links entirely.  They only mislead users into
  believing the code can be obtained there when it cannot.

Changes since v3:

- Drop patch 4, which is an unrelated removal of unused code.

- Do not fail with an error if one tries to build the I/O emulator,
  vTPM, or vTPM manager stubdomains and passes --enable-extfiles.  The
  user may have provided alternate download URLs via environment
  variables.

Changes since v2:

- Drop patches 5 and 6, which changed links not used by automated tools.
  These patches are the least urgent and hardest to review.

- Ensure that no links are broken, and fail with an error instead of
  trying to use links that *are* broken.

Demi Marie Obenour (5):
  Use HTTPS for all xenbits.xen.org Git repos
  Change remaining xenbits.xen.org link to HTTPS
  Build system: Do not try to use broken links
  Build system: Replace git:// and http:// with https://
  Automation and CI: Replace git:// and http:// with https://

 Config.mk                                   | 20 ++++---------
 README                                      |  4 +--
 automation/build/debian/stretch-llvm-8.list |  4 +--
 docs/misc/livepatch.pandoc                  |  2 +-
 docs/process/xen-release-management.pandoc  |  2 +-
 m4/stubdom.m4                               |  5 ++--
 scripts/get_maintainer.pl                   |  2 +-
 stubdom/configure                           | 33 ++++++---------------
 stubdom/configure.ac                        | 18 +++++------
 tools/firmware/etherboot/Makefile           |  6 +---
 10 files changed, 35 insertions(+), 61 deletions(-)

Comments

Andrew Cooper March 22, 2023, 8:37 a.m. UTC | #1

On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
> Demi Marie Obenour (5):
>   Use HTTPS for all xenbits.xen.org Git repos
>   Change remaining xenbits.xen.org link to HTTPS
>   Build system: Do not try to use broken links
>   Build system: Replace git:// and http:// with https://
>   Automation and CI: Replace git:// and http:// with https://

https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
patchew, so I think we're good now on the containers.

>
>  Config.mk                                   | 20 ++++---------
>  README                                      |  4 +--
>  automation/build/debian/stretch-llvm-8.list |  4 +--

Except for this, where I thought we'd already dropped it...

~Andrew

Anthony PERARD March 24, 2023, 4:37 p.m. UTC | #2

On Wed, Mar 22, 2023 at 08:37:43AM +0000, Andrew Cooper wrote:
> On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
> > Demi Marie Obenour (5):
> >   Use HTTPS for all xenbits.xen.org Git repos
> >   Change remaining xenbits.xen.org link to HTTPS
> >   Build system: Do not try to use broken links
> >   Build system: Replace git:// and http:// with https://
> >   Automation and CI: Replace git:// and http:// with https://
> 
> https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
> patchew, so I think we're good now on the containers.
> 
> >
> >  Config.mk                                   | 20 ++++---------
> >  README                                      |  4 +--
> >  automation/build/debian/stretch-llvm-8.list |  4 +--
> 
> Except for this, where I thought we'd already dropped it...

We dropped llvm-8 on the unstable container, I don't think there's been
patch for the stretch container.

Andrew Cooper March 24, 2023, 4:38 p.m. UTC | #3

On 24/03/2023 4:37 pm, Anthony PERARD wrote:
> On Wed, Mar 22, 2023 at 08:37:43AM +0000, Andrew Cooper wrote:
>> On 21/03/2023 5:33 pm, Demi Marie Obenour wrote:
>>> Demi Marie Obenour (5):
>>>   Use HTTPS for all xenbits.xen.org Git repos
>>>   Change remaining xenbits.xen.org link to HTTPS
>>>   Build system: Do not try to use broken links
>>>   Build system: Replace git:// and http:// with https://
>>>   Automation and CI: Replace git:// and http:// with https://
>> https://gitlab.com/xen-project/patchew/xen/-/pipelines/813510934 from
>> patchew, so I think we're good now on the containers.
>>
>>>  Config.mk                                   | 20 ++++---------
>>>  README                                      |  4 +--
>>>  automation/build/debian/stretch-llvm-8.list |  4 +--
>> Except for this, where I thought we'd already dropped it...
> We dropped llvm-8 on the unstable container, I don't think there's been
> patch for the stretch container.

Yeah, I was just figuring that out.

I'm going to commit Demi's series as is, and fix the container afterwards.

~Andrew