@@ -191,7 +191,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector -fno-stack-protector-all
EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
-XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
+XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles
# All the files at that location were downloaded from elsewhere on
# the internet. The original download URL is preserved as a comment
# near the place in the Xen Makefiles where the file is used.
@@ -215,19 +215,11 @@ ifneq (,$(QEMU_TAG))
QEMU_TRADITIONAL_REVISION ?= $(QEMU_TAG)
endif
-ifeq ($(GIT_HTTP),y)
-OVMF_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/ovmf.git
-QEMU_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/qemu-xen.git
-QEMU_TRADITIONAL_URL ?= http://xenbits.xen.org/git-http/qemu-xen-traditional.git
-SEABIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/seabios.git
-MINIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/mini-os.git
-else
-OVMF_UPSTREAM_URL ?= git://xenbits.xen.org/ovmf.git
-QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-xen.git
-QEMU_TRADITIONAL_URL ?= git://xenbits.xen.org/qemu-xen-traditional.git
-SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git
-MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git
-endif
+OVMF_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/ovmf.git
+QEMU_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/qemu-xen.git
+QEMU_TRADITIONAL_URL ?= https://xenbits.xen.org/git-http/qemu-xen-traditional.git
+SEABIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/seabios.git
+MINIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/mini-os.git
OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5
QEMU_UPSTREAM_REVISION ?= master
MINIOS_UPSTREAM_REVISION ?= 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3
@@ -7,7 +7,7 @@ Using Remus with libxl on Xen 4.5 and higher:
To enable network buffering, you need libnl 3.2.8
or higher along with the development headers and command line utilities.
If your distro does not have the appropriate libnl3 version, you can find
- the latest source tarball of libnl3 at http://www.carisma.slowglass.com/~tgr/libnl/
+ the latest source tarball of libnl3 at https://www.infradead.org/~tgr/libnl/
Disk replication:
VMs protected by Remus need to use DRBD based disk backends. Specifically, you
@@ -5,7 +5,7 @@
#
# This file does only contain a selection of the most common options. For a
# full list see the documentation:
-# http://www.sphinx-doc.org/en/master/config
+# https://www.sphinx-doc.org/en/master/config
# -- Path setup --------------------------------------------------------------
@@ -1457,7 +1457,7 @@ sub vcs_exists {
warn("$P: No supported VCS found. Add --nogit to options?\n");
warn("Using a git repository produces better results.\n");
warn("Try latest git repository using:\n");
- warn("git clone git://xenbits.xen.org/xen.git\n");
+ warn("git clone https://xenbits.xen.org/git-http/xen.git\n");
$printed_novcs = 1;
}
return 0;
@@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
ZLIB_URL=\$\(XEN_EXTFILES_URL\)
else
- ZLIB_URL="http://www.zlib.net"
+ ZLIB_URL="https://www.zlib.net"
fi
fi
@@ -3550,7 +3550,7 @@ if test "x$LIBPCI_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
LIBPCI_URL=\$\(XEN_EXTFILES_URL\)
else
- LIBPCI_URL="http://www.kernel.org/pub/software/utils/pciutils"
+ LIBPCI_URL="https://www.kernel.org/pub/software/utils/pciutils"
fi
fi
@@ -3565,7 +3565,7 @@ if test "x$NEWLIB_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
NEWLIB_URL=\$\(XEN_EXTFILES_URL\)
else
- NEWLIB_URL="ftp://sources.redhat.com/pub/newlib"
+ NEWLIB_URL="https://sources.redhat.com/pub/newlib"
fi
fi
@@ -3580,7 +3580,7 @@ if test "x$LWIP_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
LWIP_URL=\$\(XEN_EXTFILES_URL\)
else
- LWIP_URL="http://download.savannah.gnu.org/releases/lwip"
+ LWIP_URL="https://download.savannah.gnu.org/releases/lwip"
fi
fi
@@ -3595,7 +3595,7 @@ if test "x$GRUB_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
GRUB_URL=\$\(XEN_EXTFILES_URL\)
else
- GRUB_URL="http://alpha.gnu.org/gnu/grub"
+ GRUB_URL="https://alpha.gnu.org/gnu/grub"
fi
fi
@@ -3607,7 +3607,7 @@ GRUB_VERSION="0.97"
if test "x$OCAML_URL" = "x"; then :
- OCAML_URL="http://caml.inria.fr/pub/distrib/ocaml-4.02"
+ OCAML_URL="https://caml.inria.fr/pub/distrib/ocaml-4.02"
fi
OCAML_VERSION="4.02.0"
@@ -3621,7 +3621,7 @@ if test "x$GMP_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
GMP_URL=\$\(XEN_EXTFILES_URL\)
else
- GMP_URL="ftp://ftp.gmplib.org/pub/gmp-4.3.2"
+ GMP_URL="https://gmplib.org/download/gmp"
fi
fi
@@ -3636,7 +3636,7 @@ if test "x$POLARSSL_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
POLARSSL_URL=\$\(XEN_EXTFILES_URL\)
else
- POLARSSL_URL="http://polarssl.org/code/releases"
+ POLARSSL_URL="https://polarssl.org/code/releases"
fi
fi
@@ -3651,7 +3651,7 @@ if test "x$TPMEMU_URL" = "x"; then :
if test "x$extfiles" = "xy"; then :
TPMEMU_URL=\$\(XEN_EXTFILES_URL\)
else
- TPMEMU_URL="http://download.berlios.de/tpm-emulator"
+ TPMEMU_URL="https://download.berlios.de/tpm-emulator"
fi
fi
@@ -55,19 +55,25 @@ AC_PROG_INSTALL
AX_DEPENDS_PATH_PROG([vtpm], [CMAKE], [cmake])
# Stubdom libraries version and url setup
-AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [http://www.zlib.net])
-AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [http://www.kernel.org/pub/software/utils/pciutils])
-AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [ftp://sources.redhat.com/pub/newlib])
-AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [http://download.savannah.gnu.org/releases/lwip])
-AX_STUBDOM_LIB([GRUB], [grub], [0.97], [http://alpha.gnu.org/gnu/grub])
-AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [http://caml.inria.fr/pub/distrib/ocaml-4.02])
-AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [ftp://ftp.gmplib.org/pub/gmp-4.3.2])
-AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [http://polarssl.org/code/releases])
-AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [http://download.berlios.de/tpm-emulator])
+AX_STUBDOM_LIB([ZLIB], [zlib], [1.2.3], [https://www.zlib.net])
+AX_STUBDOM_LIB([LIBPCI], [libpci], [2.2.9], [https://www.kernel.org/pub/software/utils/pciutils])
+AX_STUBDOM_LIB([NEWLIB], [newlib], [1.16.0], [https://sourceware.org/ftp/newlib])
+AX_STUBDOM_LIB([LWIP], [lwip], [1.3.0], [https://download.savannah.gnu.org/releases/lwip])
+AX_STUBDOM_LIB([GRUB], [grub], [0.97], [https://alpha.gnu.org/gnu/grub])
+AX_STUBDOM_LIB_NOEXT([OCAML], [ocaml], [4.02.0], [https://caml.inria.fr/pub/distrib/ocaml-4.02])
+AX_STUBDOM_LIB([GMP], [libgmp], [4.3.2], [https://gmplib.org/download/gmp])
+AX_STUBDOM_LIB([POLARSSL], [polarssl], [1.1.4], [https://polarssl.org/code/releases])
+AX_STUBDOM_LIB([TPMEMU], [berlios tpm emulator], [0.7.4], [https://download.berlios.de/tpm-emulator])
#These stubdoms should be enabled if the dependent one is
AX_STUBDOM_AUTO_DEPENDS([vtpmmgr], [vtpm])
+if test "x$vtpm" != xn || test "x$vtpmmgr" != xn; then
+ if test "x$extfiles" != xy; then
+ AC_MSG_ERROR([Sources needed for the vTPM and vTPM manager stubdomains are no longer at their original URLs])
+ fi
+fi
+
#Conditionally enable these stubdoms based on the presense of dependencies
AX_STUBDOM_CONDITIONAL_FINISH([vtpm-stubdom], [vtpm])
AX_STUBDOM_CONDITIONAL_FINISH([vtpmmgr-stubdom], [vtpmmgr])
@@ -1187,7 +1187,7 @@ diff -Naur grub-0.97.orig/stage2/graphics.c grub-0.97/stage2/graphics.c
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
-+ * along with this program; If not, see <http://www.gnu.org/licenses/>
++ * along with this program; If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef SUPPORT_GRAPHICS
@@ -36,7 +36,7 @@ sub apiconnect
{
foreach my $xenhost (keys %xenhosts)
{
- my $xen = RPC::XML::Client->new("http://$xenhost:$xenhosts{$xenhost}{'port'}");
+ my $xen = RPC::XML::Client->new("https://$xenhost:$xenhosts{$xenhost}{'port'}");
my $session = $xen->simple_request("session.login_with_password", "user","");
if (! $session)
{
@@ -5,9 +5,9 @@ include $(XEN_ROOT)/tools/Rules.mk
include Config
ifeq ($(GIT_HTTP),y)
-IPXE_GIT_URL ?= http://git.ipxe.org/ipxe.git
+IPXE_GIT_URL ?= https://git.ipxe.org/ipxe.git
else
-IPXE_GIT_URL ?= git://git.ipxe.org/ipxe.git
+IPXE_GIT_URL ?= https://git.ipxe.org/ipxe.git
endif
# put an updated tar.gz on xenbits after changes to this variable
Obtaining code over an insecure transport is a terrible idea for blatently obvious reasons. Even for non-executable data, insecure transports are considered deprecated. This patch enforces the use of secure transports in the build system. Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com> --- Config.mk | 20 ++++++-------------- docs/README.remus | 2 +- docs/conf.py | 2 +- scripts/get_maintainer.pl | 2 +- stubdom/configure | 18 +++++++++--------- stubdom/configure.ac | 24 +++++++++++++++--------- stubdom/grub.patches/10graphics.diff | 2 +- tools/examples/xeninfo.pl | 2 +- tools/firmware/etherboot/Makefile | 4 ++-- 9 files changed, 37 insertions(+), 39 deletions(-)