Skip to content

Use HTTPS links where possible#86586

Merged
bors merged 3 commits intorust-lang:masterfrom
syvb:https-everywhere
Jun 26, 2021
Merged

Use HTTPS links where possible#86586
bors merged 3 commits intorust-lang:masterfrom
syvb:https-everywhere

Conversation

@syvb
Copy link
Contributor

@syvb syvb commented Jun 23, 2021

While looking at #86583, I wondered how many other (insecure) HTTP links were in rustc. This changes most other http links to https. While most of the links are in comments or documentation, there are a few other HTTP links that are used by CI that are changed to HTTPS.

Notes:

  • I didn't change any to or in licences
  • Some links don't support HTTPS :(
  • Some http links were dead, in those cases I upgraded them to their new places (all of which used HTTPS)

@rust-highfive
Copy link
Contributor

rust-highfive commented Jun 23, 2021

Changes rustc_apfloat. rustc_apfloat is currently in limbo and you almost certainly don't want to change it (see #55993).

cc @eddyb

Some changes occurred in HTML/CSS/JS.

cc @GuillaumeGomez

@rust-highfive
Copy link
Contributor

rust-highfive commented Jun 23, 2021

r? @petrochenkov

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jun 23, 2021
petrochenkov
petrochenkov reviewed Jun 23, 2021
View reviewed changes
@petrochenkov
Copy link
Contributor

petrochenkov commented Jun 23, 2021

LGTM, although I obviously didn't check whether all the links are accessible.

@petrochenkov petrochenkov added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 23, 2021
@petrochenkov
Copy link
Contributor

petrochenkov commented Jun 24, 2021

@bors r+

@bors
Copy link
Collaborator

bors commented Jun 24, 2021

📌 Commit 157898e has been approved by petrochenkov

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 24, 2021
m-ou-se added a commit to m-ou-se/rust that referenced this pull request Jun 24, 2021
@m-ou-se
Rollup merge of rust-lang#86586 - Smittyvb:https-everywhere, r=petroc…
7b661a6 
…henkov

Use HTTPS links where possible

While looking at rust-lang#86583, I wondered how many other (insecure) HTTP links were in `rustc`. This changes most other `http` links to `https`. While most of the links are in comments or documentation, there are a few other HTTP links that are used by CI that are changed to HTTPS.

Notes:
- I didn't change any to or in licences
- Some links don't support HTTPS :(
- Some `http` links were dead, in those cases I upgraded them to their new places (all of which used HTTPS)
@m-ou-se m-ou-se mentioned this pull request Jun 24, 2021
Closed
@bors
Copy link
Collaborator

bors commented Jun 25, 2021

⌛ Testing commit 157898e with merge 3d991178fe4bcc8ea8153cd15a311bc9f8ece22e...

@bors
Copy link
Collaborator

bors commented Jun 25, 2021

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jun 25, 2021
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@petrochenkov
Copy link
Contributor

petrochenkov commented Jun 25, 2021

CI is unable to download from https://gcc.gnu.org/pub/gcc/infrastructure/mpfr-2.4.2.tar.bz2

--2021-06-25 04:05:16--  https://gcc.gnu.org/pub/gcc/infrastructure/mpfr-2.4.2.tar.bz2
Resolving gcc.gnu.org... 8.43.85.97, 2620:52:3:1:0:246e:9693:128c
Connecting to gcc.gnu.org|8.43.85.97|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.

@petrochenkov petrochenkov added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 25, 2021
@dns2utf8
Copy link
Contributor

dns2utf8 commented Jun 25, 2021
edited
Loading

On the mailinglist from 2015 there was a discussion about including TLS 1.2 in Debian 6 (the image we are using):
https://lists.debian.org/debian-lts/2015/02/msg00012.html

The host gcc.gnu.org supports TLSv1.2 only:
https://www.ssllabs.com/ssltest/analyze.html?d=gcc.gnu.org&s=8.43.85.97&hideResults=on&ignoreMismatch=on

Where AWS supports TLS 1.0 to 1.3 the old image can use 1.1:
https://www.ssllabs.com/ssltest/analyze.html?d=ci%2dcaches.rust%2dlang.org&s=65.8.17.76&latest

Should we update it to Debian 7 because TLS 1.2 support will not happen and the LTS support has ended in 2016?

@petrochenkov
Copy link
Contributor

petrochenkov commented Jun 25, 2021
edited
Loading

Should we update it to Debian 7 because TLS 1.2 support will not happen and the LTS support has ended in 2016?

Maybe, but certainly not in this PR.
If changing http to https doesn't "just work" and require infra tweaks in some cases, then those changes and tweaks need to go to a separate PR (probably assigned to Mark-Simulacrum).

@syvb
Download the GCC sources insecurely
3da037f 
This is needed as they are built on a long-outdated Debian version. :(
@petrochenkov
Copy link
Contributor

petrochenkov commented Jun 26, 2021

@bors r+

@bors
Copy link
Collaborator

bors commented Jun 26, 2021

📌 Commit 3da037f has been approved by petrochenkov

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 26, 2021
@bors
Copy link
Collaborator

bors commented Jun 26, 2021

⌛ Testing commit 3da037f with merge 4819719...

@bors
Copy link
Collaborator

bors commented Jun 26, 2021

☀️ Test successful - checks-actions
Approved by: petrochenkov
Pushing 4819719 to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Jun 26, 2021
@bors bors merged commit 4819719 into rust-lang:master Jun 26, 2021
@rustbot rustbot added this to the 1.55.0 milestone Jun 26, 2021
@rust-highfive
Copy link
Contributor

rust-highfive commented Jun 26, 2021

📣 Toolstate changed by #86586!

Tested on commit 4819719.
Direct link to PR: #86586

🎉 rls on linux: test-fail → test-pass (cc @Xanewok).

rust-highfive added a commit to rust-lang-nursery/rust-toolstate that referenced this pull request Jun 26, 2021
@rust-highfive
📣 Toolstate changed by rust-lang/rust#86586!
fd2a000 
Tested on commit rust-lang/rust@4819719.
Direct link to PR: <rust-lang/rust#86586>

🎉 rls on linux: test-fail → test-pass (cc @Xanewok).
@bors bors mentioned this pull request Jun 26, 2021
Merged
@cuviper cuviper mentioned this pull request Apr 25, 2023
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Apr 26, 2023
@bors
Auto merge of rust-lang#110784 - cuviper:build-gcc-https, r=jyn514
70540d5 
Revert "Download the GCC sources insecurely"

This reverts commit 3da037f.

This workaround was added after TLS problems with Debian 6 were noted in <rust-lang#86586 (comment)>, but we should be well past that since rust-lang#95026, where our oldest images are now based on CentOS 7.
RalfJung pushed a commit to RalfJung/rust-analyzer that referenced this pull request Apr 20, 2024
@bors
Auto merge of #110784 - cuviper:build-gcc-https, r=jyn514
f36a3fa 
Revert "Download the GCC sources insecurely"

This reverts commit 3da037f.

This workaround was added after TLS problems with Debian 6 were noted in <rust-lang/rust#86586 (comment)>, but we should be well past that since #95026, where our oldest images are now based on CentOS 7.
RalfJung pushed a commit to RalfJung/rust-analyzer that referenced this pull request Apr 27, 2024
@bors
Auto merge of #110784 - cuviper:build-gcc-https, r=jyn514
11645c9 
Revert "Download the GCC sources insecurely"

This reverts commit 3da037f.

This workaround was added after TLS problems with Debian 6 were noted in <rust-lang/rust#86586 (comment)>, but we should be well past that since #95026, where our oldest images are now based on CentOS 7.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@petrochenkov petrochenkov petrochenkov left review comments

Assignees

@petrochenkov petrochenkov

Labels

merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.

Projects

None yet

Milestone

1.55.0

Development

Successfully merging this pull request may close these issues.

7 participants

@syvb @rust-highfive @petrochenkov @bors @rust-log-analyzer @dns2utf8 @rustbot