This repository was archived by the owner on May 30, 2023. It is now read-only.
*: *: use https instead of git for Github URLs (take 2)#1394
Merged
dongsupark merged 3 commits intomainfrom Nov 3, 2021
Merged
*: *: use https instead of git for Github URLs (take 2)#1394dongsupark merged 3 commits intomainfrom
dongsupark merged 3 commits intomainfrom
Conversation
Replace `git://` with `https://` for GITHUB URLs, because Github now rejects an unauthenticated git access. * app-admin/locksmith * app-admin/mayday * app-admin/sdnotify-proxy * app-admin/toolbox * app-admin/updateservicectl * app-arch/torcx * app-crypt/go-tspi * app-emulation/acbuild * app-emulation/actool * coreos-base/afterburn * coreos-base/coreos-cloudinit * coreos-base/coreos-init * coreos-base/emerge-gitclone * coreos-base/nova-agent-watcher * coreos-base/update-ssh-keys * coreos-base/update_engine * coreos-devel/fero-client * coreos-devel/mantle * sys-apps/baselayout * sys-apps/ignition * sys-apps/seismograph * sys-boot/grub * sys-boot/shim * sys-kernel/bootengine * sys-libs/nss-usrfiles See also https://github.blog/2021-09-01-improving-git-protocol-security-github/.
tormath1
approved these changes
Nov 3, 2021
Now that Github rejects access to an unauthenticated URL with `git://`, we have to make git and libcurl work with `https://`. However, during the SDK stage2, curl is not explicitly installed, but just inherited from the stage1. As a result, curl is built without the `ssl` USE flag. So installation of baselayout fails with: ``` git fetch https://github.com/flatcar-linux/baselayout.git --prune +HEAD:refs/git-r3/HEAD fatal: unable to access 'https://github.com/flatcar-linux/baselayout.git/': Protocol "https" not supported or disabled in libcurl ``` To resolve the issue, we need to install curl with `BOOTSTRAP_USE=ssl` before trying to install baselayout. Also we need to set `CURL_SSL=openssl` as required by curl. Using a USE_EXPAND variable `curl_ssl_openssl` in `BOOTSTRAP_USE`, we can specify the correct `CURL_SSL` variable in curl.
c7ce3df to
e847ce9
Compare
Contributor
Author
|
cherry-picked to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
(This PR is another attempt of #1386, which was reverted)
Replace
git://withhttps://for Github URLs, because Github now rejects an unauthenticated git access.See also https://github.blog/2021-09-01-improving-git-protocol-security-github/.
In addition, fix a build issue during SDK stage2, where git + libcurl could not fetch from
https://URLs.To resolve the issue, we need to install curl with
BOOTSTRAP_USE=sslbefore trying to install baselayout.Also we need to set
CURL_SSL=opensslas required by curl. Using a USE_EXPAND variablecurl_ssl_opensslinBOOTSTRAP_USE, we can specify the correctCURL_SSLvariable in curl.This PR should be merged together with flatcar-archive/portage-stable#240.
Testing done
CI passed: http://jenkins.infra.kinvolk.io:8080/job/os/job/manifest/4063/cldsv