Change in coreboot[master]: util/crossgcc: Ignore TLS certificate issues

List overview All Threads
Download

newer

older

Change in coreboot[master]: build...

Change in coreboot[master]:...

Patrick Georgi (Code Review)

24 Nov 2020 24 Nov '20

4:49 p.m.

Patrick Georgi has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

util/crossgcc: Ignore TLS certificate issues

We have our own hashes to check, so while https is nice to improve the chance of things going over the wire unadulterated, we don't rely on it.

Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Signed-off-by: Patrick Georgi pgeorgi@google.com --- M util/crossgcc/buildgcc 1 file changed, 1 insertion(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/47935/1

diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc index 01c4f86..3e618c3 100755 --- a/util/crossgcc/buildgcc +++ b/util/crossgcc/buildgcc @@ -1066,7 +1066,7 @@ download_showing_percentage() { url=$1 echo - curl -O --progress-bar --location --retry 3 "$url" + curl -O --insecure --progress-bar --location --retry 3 "$url" } fi

Attachments:

attachment.htm (text/html — 2.4 KB)

Show replies by date

Patrick Georgi (Code Review)

24 Nov 24 Nov

5:07 p.m.

Patrick Georgi has uploaded a new patch set (#2). ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

util/crossgcc: Ignore TLS certificate issues

We have our own hashes to check, so while https is nice to improve the chance of things going over the wire unadulterated, we don't rely on it.

Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Signed-off-by: Patrick Georgi pgeorgi@google.com --- M util/crossgcc/buildgcc 1 file changed, 1 insertion(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/47935/2

Idwer Vollering (Code Review)

25 Nov 25 Nov

4:03 p.m.

Idwer Vollering has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Patch Set 2: Code-Review+1

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 2 Gerrit-Owner: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-Comment-Date: Wed, 25 Nov 2020 16:03:15 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Patrick Georgi (Code Review)

30 Nov 30 Nov

9:52 p.m.

Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Patch Set 2:

Nico, adding you for review because you proposed something along these lines on IRC

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 2 Gerrit-Owner: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: Nico Huber nico.h@gmx.de Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Mon, 30 Nov 2020 21:52:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment

Mariusz Szafrański (Code Review)

2 Dec 2 Dec

6:21 p.m.

Mariusz Szafrański has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Patch Set 3: Code-Review+1

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 3 Gerrit-Owner: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: Mariusz Szafrański mariuszx.szafranski@intel.com Gerrit-Reviewer: Nico Huber nico.h@gmx.de Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Wed, 02 Dec 2020 18:21:55 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Nico Huber (Code Review)

6 Dec 6 Dec

5:13 p.m.

Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Patch Set 3: Code-Review+1

(1 comment)

IIRC, we were well aware that we do the hash checks anyway, and the reason to move to https was to make sure that no adversary can see the full URL (at least that's the only argument I remember that technically made sense). We'd lose that this way.

Honestly, I don't care. An alternative would be to offer to try again without certificate checks in case of failure, so the user would have a choice.

https://review.coreboot.org/c/coreboot/+/47935/3/util/crossgcc/buildgcc File util/crossgcc/buildgcc:

https://review.coreboot.org/c/coreboot/+/47935/3/util/crossgcc/buildgcc@1060 PS3, Line 1060: wget --tries=3 "$url" 2>&1 | while read -r line; do Should we add `--no-check-certificate` here?

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 3 Gerrit-Owner: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: Mariusz Szafrański mariuszx.szafranski@intel.com Gerrit-Reviewer: Nico Huber nico.h@gmx.de Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Sun, 06 Dec 2020 17:13:12 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Angel Pons (Code Review)

19 Jan 19 Jan

6:26 p.m.

Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Patch Set 4: Code-Review+1

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 4 Gerrit-Owner: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: Mariusz Szafrański mariuszx.szafranski@intel.com Gerrit-Reviewer: Nico Huber nico.h@gmx.de Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-Comment-Date: Tue, 19 Jan 2021 18:26:52 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Patrick Georgi (Code Review)

19 Nov 19 Nov

2:26 p.m.

Patrick Georgi has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/47935 )

Change subject: util/crossgcc: Ignore TLS certificate issues ......................................................................

Abandoned

-- To view, visit https://review.coreboot.org/c/coreboot/+/47935 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id6ebb301775e1279b3c00e5064491c8f88be73ef Gerrit-Change-Number: 47935 Gerrit-PatchSet: 4 Gerrit-Owner: Patrick Georgi patrick@coreboot.org Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com Gerrit-Reviewer: Idwer Vollering vidwer@gmail.com Gerrit-Reviewer: Mariusz Szafrański mariuszx.szafranski@intel.com Gerrit-Reviewer: Nico Huber nico.h@gmx.de Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@mailbox.org Gerrit-MessageType: abandon

1046

days inactive

1406

days old

coreboot-gerrit@coreboot.org

7 comments

5 participants

tags (0)

participants (5)

Angel Pons (Code Review)
Idwer Vollering (Code Review)
Mariusz Szafrański (Code Review)
Nico Huber (Code Review)
Patrick Georgi (Code Review)