Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1465689ybh; Thu, 16 Jul 2020 12:55:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxnDibgYApNXezM5UqToaQ9ujWZgQYpwfP2zNSXGOg16FwPyNWBlmlfHnrEQ5R35RJyPjZ3 X-Received: by 2002:aa7:d754:: with SMTP id a20mr5828596eds.375.1594929334301; Thu, 16 Jul 2020 12:55:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594929334; cv=none; d=google.com; s=arc-20160816; b=JiI4e2073Sy5KHWwdyU18LYItTqn8k58DJ+Sj1t64pSX1Z+F2fGcLPH0SK77TINFvY NxS/lvlYvu/xbB2aOIxtzPigJfDrh5oX7A2p5VtXAQsEE/8PnPbzrjqhGhMIeQGkNBjA Nu+RrMw2mJ1O9OSfbAFn273qnsPtTHCT4E7c5xKB6Y8Ve5sCPf95Mk90knHDfBool1cn iSuTEQ1a1GanQdKzExAYfYdAngl2HlUkNCnKuV0Pu4QyQgTdCHJbqgCRoua4FrNch4S0 6zaQi40X1BTPIPK3Dkyn8oNOu2dJF+p93TOjgURQbqg8vwU5vGo6Hfr2draif+JsV3/H UeYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=87MGutnwOEmY0HJQCAuTiN28Ye5e78axGpA0tdOvyxk=; b=TGU/yJH95Oi9Y209eAFNxUoCd+8mQaGJyZPUkaX7tLZNDJvIE6HeqA7yprK0XnGD8J Auf2+5ZFbBjYNIqq6wJr08iTXTeBAL3mbh7X7ZZHxmxPn2mNZfBhzeyfBGjIOyxTqQNm U6XWBKj/aLnw679xlgAULn7B+VV9xbODotsSJ+FpALAtq0BjSeTM7wRM5yCxQ+bMxw+Q ILZP5qftQQkLDvvQcuHqVtSeHT4//pNVGcu3sjsV0Cu9cgWDxuziDVHIz7zldtWVIgTw rOTh0BL1JoHOY1hVggrHkUl2rZ1Hvln4tsVMdecRZHFLChNkSZJxOIPmOP87xeh1JQAn rrDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d14si3764697eje.95.2020.07.16.12.55.11; Thu, 16 Jul 2020 12:55:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729841AbgGPTwh (ORCPT + 99 others); Thu, 16 Jul 2020 15:52:37 -0400 Received: from smtp.al2klimov.de ([78.46.175.9]:52232 "EHLO smtp.al2klimov.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729554AbgGPTwh (ORCPT ); Thu, 16 Jul 2020 15:52:37 -0400 Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by smtp.al2klimov.de (Postfix) with ESMTPA id AA634BC078; Thu, 16 Jul 2020 19:52:33 +0000 (UTC) From: "Alexander A. Klimov" To: zohar@linux.ibm.com, dhowells@redhat.com, jarkko.sakkinen@linux.intel.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Cc: "Alexander A. Klimov" Subject: [PATCH] encrypted-keys: Replace HTTP links with HTTPS ones Date: Thu, 16 Jul 2020 21:52:27 +0200 Message-Id: <20200716195227.65839-1-grandmaster@al2klimov.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spamd-Bar: +++++ X-Spam-Level: ***** Authentication-Results: smtp.al2klimov.de; auth=pass smtp.auth=aklimov@al2klimov.de smtp.mailfrom=grandmaster@al2klimov.de Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov ' v5.7..master If there are any URLs to be removed completely or at least not just HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) include/keys/encrypted-type.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h index 38afb341c3f2..abfcbe02001a 100644 --- a/include/keys/encrypted-type.h +++ b/include/keys/encrypted-type.h @@ -2,7 +2,7 @@ /* * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar -- 2.27.0