Mailing List Archive

[xen master] build: Use HTTPS for all xenbits.xen.org Git repos
commit eb23eef476bf44f933fcff42e55119473a1d6e19
Author: Demi Marie Obenour <demi@invisiblethingslab.com>
AuthorDate: Tue Mar 21 13:33:34 2023 -0400
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Fri Mar 24 16:29:13 2023 +0000

build: Use HTTPS for all xenbits.xen.org Git repos

Obtaining code over an insecure transport is a terrible idea for
blatently obvious reasons. Even for non-executable data, insecure
transports are considered deprecated.

This patch enforces the use of secure transports for all xenbits git
repositories. It was generated with the following shell script:

git ls-files -z |
xargs -0 -- sed -Ei -- 's@(git://xenbits\.xen\.org|http://xenbits\.xen\.org/git-http)/@https://xenbits.xen.org/git-http/@g'

All altered links have been tested and are known to work.

Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
Config.mk | 20 +++++++-------------
docs/misc/livepatch.pandoc | 2 +-
docs/process/xen-release-management.pandoc | 2 +-
scripts/get_maintainer.pl | 2 +-
4 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/Config.mk b/Config.mk
index 10eb443b17..a90d093010 100644
--- a/Config.mk
+++ b/Config.mk
@@ -215,28 +215,22 @@ ifneq (,$(QEMU_TAG))
QEMU_TRADITIONAL_REVISION ?= $(QEMU_TAG)
endif

-ifeq ($(GIT_HTTP),y)
-OVMF_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/ovmf.git
-QEMU_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/qemu-xen.git
-QEMU_TRADITIONAL_URL ?= http://xenbits.xen.org/git-http/qemu-xen-traditional.git
-SEABIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/seabios.git
-MINIOS_UPSTREAM_URL ?= http://xenbits.xen.org/git-http/mini-os.git
-else
-OVMF_UPSTREAM_URL ?= git://xenbits.xen.org/ovmf.git
-QEMU_UPSTREAM_URL ?= git://xenbits.xen.org/qemu-xen.git
-QEMU_TRADITIONAL_URL ?= git://xenbits.xen.org/qemu-xen-traditional.git
-SEABIOS_UPSTREAM_URL ?= git://xenbits.xen.org/seabios.git
-MINIOS_UPSTREAM_URL ?= git://xenbits.xen.org/mini-os.git
-endif
+OVMF_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/ovmf.git
OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5
+
+QEMU_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/qemu-xen.git
QEMU_UPSTREAM_REVISION ?= master
+
+MINIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/mini-os.git
MINIOS_UPSTREAM_REVISION ?= 5bcb28aaeba1c2506a82fab0cdad0201cd9b54b3

+SEABIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/seabios.git
SEABIOS_UPSTREAM_REVISION ?= rel-1.16.1

ETHERBOOT_NICS ?= rtl8139 8086100e


+QEMU_TRADITIONAL_URL ?= https://xenbits.xen.org/git-http/qemu-xen-traditional.git
QEMU_TRADITIONAL_REVISION ?= 3d273dd05e51e5a1ffba3d98c7437ee84e8f8764
# Wed Jul 15 10:01:40 2020 +0100
# qemu-trad: remove Xen path dependencies
diff --git a/docs/misc/livepatch.pandoc b/docs/misc/livepatch.pandoc
index d38e4ce074..a94fb57eb5 100644
--- a/docs/misc/livepatch.pandoc
+++ b/docs/misc/livepatch.pandoc
@@ -993,7 +993,7 @@ The design of that is not discussed in this design.
This is implemented in a seperate tool which lives in a seperate
GIT repo.

-Currently it resides at git://xenbits.xen.org/livepatch-build-tools.git
+Currently it resides at https://xenbits.xen.org/git-http/livepatch-build-tools.git

### Exception tables and symbol tables growth

diff --git a/docs/process/xen-release-management.pandoc b/docs/process/xen-release-management.pandoc
index 8f80d61d2f..7826419dad 100644
--- a/docs/process/xen-release-management.pandoc
+++ b/docs/process/xen-release-management.pandoc
@@ -271,7 +271,7 @@ Hi all,

Xen X.Y rcZ is tagged. You can check that out from xen.git:

-git://xenbits.xen.org/xen.git X.Y.0-rcZ
+https://xenbits.xen.org/git-http/xen.git X.Y.0-rcZ

For your convenience there is also a tarball at:
https://downloads.xenproject.org/release/xen/X.Y.0-rcZ/xen-X.Y.0-rcZ.tar.gz
diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
index 48e07370e8..cf629cdf3c 100755
--- a/scripts/get_maintainer.pl
+++ b/scripts/get_maintainer.pl
@@ -1457,7 +1457,7 @@ sub vcs_exists {
warn("$P: No supported VCS found. Add --nogit to options?\n");
warn("Using a git repository produces better results.\n");
warn("Try latest git repository using:\n");
- warn("git clone git://xenbits.xen.org/xen.git\n");
+ warn("git clone https://xenbits.xen.org/git-http/xen.git\n");
$printed_novcs = 1;
}
return 0;
--
generated by git-patchbot for /home/xen/git/xen.git#master