summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Georgi <pgeorgi@google.com>2019-12-09 10:57:34 +0100
committerPatrick Georgi <pgeorgi@google.com>2019-12-10 11:15:42 +0000
commite86ded841fdb3846b070a9cbe1793f72efe540aa (patch)
tree6b07c96c468e04a6ad0d77be9650d26e2b3a0661
parent19b963ce86058a65d34d9951d9b9f3420316343e (diff)
Documentation: Describe how to deal with snooping https proxies
Disabling SSL verification is far from optimal, but depending on the circumstances may be the most practical way, so describe how to do that instead of leaving users confused. It's also not _that_ bad because git's hashing scheme should uncover most attempts to tamper with code, either when checking signed tags or when people push (and see lots of modified commits). State the command in a way that isn't conductive to careless copy & paste. Change-Id: Idbd52ba5d6e8b0f0e891fca16e4159ccef10771a Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37599 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
-rw-r--r--Documentation/tutorial/part2.md14
1 files changed, 14 insertions, 0 deletions
diff --git a/Documentation/tutorial/part2.md b/Documentation/tutorial/part2.md
index 3009e28167..43e9253fde 100644
--- a/Documentation/tutorial/part2.md
+++ b/Documentation/tutorial/part2.md
@@ -58,6 +58,20 @@ the password, and add the following to your `$HOME/.netrc` file:
where YourUserNameHere is your username, and YourPasswordHere is the password you
just generated.
+If your system is behind a snooping HTTPS proxy, you might also have to
+make its SSL certificate known to curl, a system specific operation.
+If that's not possible for some reason, you can also disable SSL
+certificate verification in git:
+
+ git config [--global] http.sslVerify [true|false]
+
+The `--global` argument sets it for all git transfers of your local
+user, `false` means not to validate the certificate.
+
+If that still doesn't allow you to pull or push changes to the server, the
+proxy is likely tampering with the data stream, in which case there's nothing
+we can do.
+
## Part 3: Clone coreboot and configure it for submitting patches
On Gerrit, click on the **Browse** tab in the upper left corner and select