[oe-layersetup,master,V2,0/2] Stop using git:// urls

Message ID	20230323135026.1842186-1-nm@ti.com
Headers	show Return-Path: <nm@ti.com> ip: 198.47.23.249, mailfrom: nm@ti.com) From: Nishanth Menon <nm@ti.com> To: Ryan Eatmon <reatmon@ti.com>, Denys Dmytriyenko <denys@konsulko.com> CC: <meta-arago@lists.yoctoproject.org>, Randolph Sapp <rs@ti.com>, Nishanth Menon <nm@ti.com> Subject: [oe-layersetup][master][PATCH V2 0/2] Stop using git:// urls Date: Thu, 23 Mar 2023 08:50:24 -0500 Message-ID: <20230323135026.1842186-1-nm@ti.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Stop using git:// urls \| expand [oe-layersetup,master,V2,0/2] Stop using git:// urls [oe-layersetup,master,V2,1/2] sample-files: gitconfig.sample: Stop using git:// urls [oe-layersetup,master,V2,2/2] configs: Stop using git:// urls

Message ID

20230323135026.1842186-1-nm@ti.com

Headers

From: Nishanth Menon <nm@ti.com>
To: Ryan Eatmon <reatmon@ti.com>, Denys Dmytriyenko <denys@konsulko.com>
CC: <meta-arago@lists.yoctoproject.org>, Randolph Sapp <rs@ti.com>,
        Nishanth
 Menon <nm@ti.com>
Subject: [oe-layersetup][master][PATCH V2 0/2] Stop using git:// urls
Date: Thu, 23 Mar 2023 08:50:24 -0500
Message-ID: <20230323135026.1842186-1-nm@ti.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

Stop using git:// urls | expand

Message

Nishanth Menon March 23, 2023, 1:50 p.m. UTC

Hi,

We did this in meta-ti and meta-arago but didn't propagate back into
oe-layersetup yet so I'll give it a go. git:// is no longer functional
proxies over on latest git versions (example: poky crops container for
ubuntu 22.04[1]), also git:// is highly susceptible to man-in-the-middle
attacks[2]. Dump git:// in favor of https.

So, things are broken atm, and yes, https:// implies certificates being
correct etc, but that is entirely the point.

[1] https://hub.docker.com/r/crops/poky/tags 22.04
[2] https://github.blog/2021-09-01-improving-git-protocol-security-github/

Changes since v1:
* Update with a new patch to fixup the gitconfig
* Update commit message in patch 2 to answer review comments of v1

V1: https://lore.kernel.org/yocto-meta-arago/20230309190858.395668-1-rs@ti.com/
Nishanth Menon (1):
  sample-files: gitconfig.sample: Stop using git:// urls

Randolph Sapp (1):
  configs: Stop using git:// urls

 configs/arago-dunfell-config.txt        | 16 ++++++++--------
 configs/arago-dunfell-next-config.txt   | 16 ++++++++--------
 configs/arago-dunfell-wip-config.txt    | 16 ++++++++--------
 configs/arago-kirkstone-config.txt      | 14 +++++++-------
 configs/arago-kirkstone-next-config.txt | 14 +++++++-------
 configs/arago-kirkstone-wip-config.txt  | 14 +++++++-------
 configs/arago-master-config.txt         | 14 +++++++-------
 configs/arago-master-wip-config.txt     | 14 +++++++-------
 configs/distroless-dunfell-config.txt   |  8 ++++----
 configs/distroless-kirkstone-config.txt |  8 ++++----
 configs/distroless-master-config.txt    |  8 ++++----
 configs/poky-dunfell-config.txt         |  8 ++++----
 configs/poky-kirkstone-config.txt       | 12 ++++++------
 configs/poky-master-config.txt          | 12 ++++++------
 configs/poky-master-wip-config.txt      | 12 ++++++------
 sample-files/gitconfig.sample           |  9 ++++++---
 16 files changed, 99 insertions(+), 96 deletions(-)

Comments

Randolph Sapp March 23, 2023, 3:32 p.m. UTC | #1

On 3/23/23 08:50, Nishanth Menon wrote:
> Hi,
> 
> We did this in meta-ti and meta-arago but didn't propagate back into
> oe-layersetup yet so I'll give it a go. git:// is no longer functional
> proxies over on latest git versions (example: poky crops container for
> ubuntu 22.04[1]), also git:// is highly susceptible to man-in-the-middle
> attacks[2]. Dump git:// in favor of https.
> 
> So, things are broken atm, and yes, https:// implies certificates being
> correct etc, but that is entirely the point.
> 
> [1] https://hub.docker.com/r/crops/poky/tags 22.04
> [2] https://github.blog/2021-09-01-improving-git-protocol-security-github/
> 
> Changes since v1:
> * Update with a new patch to fixup the gitconfig
> * Update commit message in patch 2 to answer review comments of v1
> 
> V1: https://lore.kernel.org/yocto-meta-arago/20230309190858.395668-1-rs@ti.com/
> Nishanth Menon (1):
>    sample-files: gitconfig.sample: Stop using git:// urls
> 
> Randolph Sapp (1):
>    configs: Stop using git:// urls
> 
>   configs/arago-dunfell-config.txt        | 16 ++++++++--------
>   configs/arago-dunfell-next-config.txt   | 16 ++++++++--------
>   configs/arago-dunfell-wip-config.txt    | 16 ++++++++--------
>   configs/arago-kirkstone-config.txt      | 14 +++++++-------
>   configs/arago-kirkstone-next-config.txt | 14 +++++++-------
>   configs/arago-kirkstone-wip-config.txt  | 14 +++++++-------
>   configs/arago-master-config.txt         | 14 +++++++-------
>   configs/arago-master-wip-config.txt     | 14 +++++++-------
>   configs/distroless-dunfell-config.txt   |  8 ++++----
>   configs/distroless-kirkstone-config.txt |  8 ++++----
>   configs/distroless-master-config.txt    |  8 ++++----
>   configs/poky-dunfell-config.txt         |  8 ++++----
>   configs/poky-kirkstone-config.txt       | 12 ++++++------
>   configs/poky-master-config.txt          | 12 ++++++------
>   configs/poky-master-wip-config.txt      | 12 ++++++------
>   sample-files/gitconfig.sample           |  9 ++++++---
>   16 files changed, 99 insertions(+), 96 deletions(-)
> 

Well, you already know how I feel about this. I like it and feel that 
this is completely necessary now.