| Message ID | 20200708071337.13108-1-grandmaster@al2klimov.de (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 541f5643d3ed627ab60d2e4a6c9dc6944b81f4d2 |
| Headers | show |
| Series | Replace HTTP links with HTTPS ones: KMOD KERNEL MODULE LOADER - USERMODE HELPER | expand |
On Wed, Jul 08, 2020 at 09:13:37AM +0200, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Acked-by: Luis Chamberlain <mcgrof@kernel.org> Shuah, can this go through your tree? Luis > --- > tools/testing/selftests/kmod/kmod.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh > index 3702dbcc90a7..84409020a40f 100755 > --- a/tools/testing/selftests/kmod/kmod.sh > +++ b/tools/testing/selftests/kmod/kmod.sh > @@ -128,7 +128,7 @@ test_reqs() > if [[ $KMOD_VERSION -le 19 ]]; then > echo "$0: You need at least kmod 20" >&2 > echo "kmod <= 19 is buggy, for details see:" >&2 > - echo "http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4" >&2 > + echo "https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4" >&2 > exit $ksft_skip > fi > > -- > 2.27.0 >
On 7/8/20 5:53 AM, Luis Chamberlain wrote: > On Wed, Jul 08, 2020 at 09:13:37AM +0200, Alexander A. Klimov wrote: >> Rationale: >> Reduces attack surface on kernel devs opening the links for MITM >> as HTTPS traffic is much harder to manipulate. >> >> Deterministic algorithm: >> For each file: >> If not .svg: >> For each line: >> If doesn't contain `\bxmlns\b`: >> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: >> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: >> If both the HTTP and HTTPS versions >> return 200 OK and serve the same content: >> Replace HTTP with HTTPS. >> >> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> > > Acked-by: Luis Chamberlain <mcgrof@kernel.org> > > Shuah, can this go through your tree? > Yes. I can take this through. thanks, -- Shuah
diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh index 3702dbcc90a7..84409020a40f 100755 --- a/tools/testing/selftests/kmod/kmod.sh +++ b/tools/testing/selftests/kmod/kmod.sh @@ -128,7 +128,7 @@ test_reqs() if [[ $KMOD_VERSION -le 19 ]]; then echo "$0: You need at least kmod 20" >&2 echo "kmod <= 19 is buggy, for details see:" >&2 - echo "http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4" >&2 + echo "https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4" >&2 exit $ksft_skip fi
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. tools/testing/selftests/kmod/kmod.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)