From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A77B31396D0 for ; Sat, 19 Aug 2017 08:25:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F16D2E0DAC; Sat, 19 Aug 2017 08:25:12 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A9EE8E0D92 for ; Sat, 19 Aug 2017 08:25:12 +0000 (UTC) Received: from localhost.localdomain (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 20F83341A23; Sat, 19 Aug 2017 08:25:10 +0000 (UTC) From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Subject: [gentoo-dev] [PATCH 2/2] git-r3.eclass: Explicitly warn about unsecure protocols Date: Sat, 19 Aug 2017 10:25:02 +0200 Message-Id: <20170819082502.27716-2-mgorny@gentoo.org> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170819082502.27716-1-mgorny@gentoo.org> References: <20170819082502.27716-1-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Archives-Salt: 2be1bb18-421d-4e70-a03f-4e3cf710b9cd X-Archives-Hash: 4c11cefc0182baf4e37be6e0b7f9ca81 Explicitly warn about any URI that uses an unsecure protocol (git, http) even if it's a fallback URI. This is necessary because an attacker may block HTTPS connections, effectively forcing the fallback to the unsecure protocol. --- eclass/git-r3.eclass | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass index 42b586811368..1eb0baedc67f 100644 --- a/eclass/git-r3.eclass +++ b/eclass/git-r3.eclass @@ -570,6 +570,15 @@ git-r3_fetch() { [[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" + local r + for r in "${repos[@]}"; do + if [[ ${r} == git:* || ${r} == http:* ]]; then + ewarn "git-r3: ${r%%:*} protocol in unsafe and may be subject to MITM attacks" + ewarn "(even if used only as fallback). Please use https instead." + ewarn "[URI: ${r}]" + fi + done + local -x GIT_DIR _git-r3_set_gitdir "${repos[0]}" @@ -582,7 +591,7 @@ git-r3_fetch() { fi # try to fetch from the remote - local r success saved_umask + local success saved_umask if [[ ${EVCS_UMASK} ]]; then saved_umask=$(umask) umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" -- 2.14.1