Change in coreboot[master]: Documentation: Describe how to deal with snooping https proxies
Patrick Georgi has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Documentation: Describe how to deal with snooping https proxies
Disabling SSL verification is far from optimal, but depending on the circumstances may be the most practical way, so describe how to do that instead of leaving users confused.
It's also not _that_ bad because git's hashing scheme should uncover most attempts to tamper with code, either when checking signed tags or when people push (and see lots of modified commits).
State the command in a way that isn't conductive to careless copy & paste.
Change-Id: Idbd52ba5d6e8b0f0e891fca16e4159ccef10771a Signed-off-by: Patrick Georgi pgeorgi@google.com --- M Documentation/tutorial/part2.md 1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/37599/1
diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md index 3009e28..0838fed 100644 --- a/Documentation/tutorial/part2.md +++ b/Documentation/tutorial/part2.md @@ -58,6 +58,16 @@ where YourUserNameHere is your username, and YourPasswordHere is the password you just generated.
+If your system is behind a snooping https proxy, you might also have to +make its SSL certificate known to curl, a system specific operation. +If that's not possible for some reason, you can also disable SSL +certificate verification in git: + + git config [--global] http.sslVerify [true|false] + +The `--global` argument sets it for all git transfers of your local +user, `false` means not to validate the certificate. + ## Part 3: Clone coreboot and configure it for submitting patches
On Gerrit, click on the **Browse** tab in the upper left corner and select
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Patch Set 1: Code-Review+1
(1 comment)
Thank you.
https://review.coreboot.org/c/coreboot/+/37599/1/Documentation/tutorial/part... File Documentation/tutorial/part2.md:
https://review.coreboot.org/c/coreboot/+/37599/1/Documentation/tutorial/part... PS1, Line 61: https HTTPS
Hello Paul Menzel, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37599
to look at the new patch set (#2).
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Documentation: Describe how to deal with snooping https proxies
Disabling SSL verification is far from optimal, but depending on the circumstances may be the most practical way, so describe how to do that instead of leaving users confused.
It's also not _that_ bad because git's hashing scheme should uncover most attempts to tamper with code, either when checking signed tags or when people push (and see lots of modified commits).
State the command in a way that isn't conductive to careless copy & paste.
Change-Id: Idbd52ba5d6e8b0f0e891fca16e4159ccef10771a Signed-off-by: Patrick Georgi pgeorgi@google.com --- M Documentation/tutorial/part2.md 1 file changed, 14 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/37599/2
Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/37599/1/Documentation/tutorial/part... File Documentation/tutorial/part2.md:
https://review.coreboot.org/c/coreboot/+/37599/1/Documentation/tutorial/part... PS1, Line 61: https
HTTPS
Done
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Patch Set 2: Code-Review+1
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Patch Set 2: Code-Review+2
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/37599 )
Change subject: Documentation: Describe how to deal with snooping https proxies ......................................................................
Documentation: Describe how to deal with snooping https proxies
Disabling SSL verification is far from optimal, but depending on the circumstances may be the most practical way, so describe how to do that instead of leaving users confused.
It's also not _that_ bad because git's hashing scheme should uncover most attempts to tamper with code, either when checking signed tags or when people push (and see lots of modified commits).
State the command in a way that isn't conductive to careless copy & paste.
Change-Id: Idbd52ba5d6e8b0f0e891fca16e4159ccef10771a Signed-off-by: Patrick Georgi pgeorgi@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/37599 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Reviewed-by: Angel Pons th3fanbus@gmail.com --- M Documentation/tutorial/part2.md 1 file changed, 14 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Angel Pons: Looks good to me, approved
diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md index 3009e28..43e9253 100644 --- a/Documentation/tutorial/part2.md +++ b/Documentation/tutorial/part2.md @@ -58,6 +58,20 @@ where YourUserNameHere is your username, and YourPasswordHere is the password you just generated.
+If your system is behind a snooping HTTPS proxy, you might also have to +make its SSL certificate known to curl, a system specific operation. +If that's not possible for some reason, you can also disable SSL +certificate verification in git: + + git config [--global] http.sslVerify [true|false] + +The `--global` argument sets it for all git transfers of your local +user, `false` means not to validate the certificate. + +If that still doesn't allow you to pull or push changes to the server, the +proxy is likely tampering with the data stream, in which case there's nothing +we can do. + ## Part 3: Clone coreboot and configure it for submitting patches
On Gerrit, click on the **Browse** tab in the upper left corner and select
-
Angel Pons (Code Review) -
Patrick Georgi (Code Review)
-
Paul Menzel (Code Review)