From a1c42cca001788be5a4d86450c8a6b0f277a17e3 Mon Sep 17 00:00:00 2001
From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date: Sat, 2 Sep 2017 20:34:53 +0200
Subject: payloads/external: Clone GRUB2 over HTTPS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since the git:// protocol is unencrypted and unauthenticated, there's a
security risk associated with using it: A man-in-the-middle attacker
could replace e.g. the master branch with malicious code.

Mitigate this risk somewhat by cloning GRUB2 via HTTPS.

Change-Id: Ice8f8d108e7dfa1a1ecd58d9735944fa9570ace8
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-on: https://review.coreboot.org/21344
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Alexander Couzens <lynxis@fe80.eu>
---
 payloads/external/GRUB2/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'payloads/external/GRUB2')

diff --git a/payloads/external/GRUB2/Makefile b/payloads/external/GRUB2/Makefile
index 4a0a49106a..71c7352d3b 100644
--- a/payloads/external/GRUB2/Makefile
+++ b/payloads/external/GRUB2/Makefile
@@ -3,7 +3,7 @@ TAG-$(CONFIG_GRUB2_REVISION)=$(CONFIG_GRUB2_REVISION_ID)
 NAME-$(CONFIG_GRUB2_MASTER)=HEAD
 NAME-$(CONFIG_GRUB2_REVISION)=$(CONFIG_GRUB2_REVISION_ID)
 
-project_git_repo=git://git.sv.gnu.org/grub.git
+project_git_repo=https://git.savannah.gnu.org/git/grub.git/
 project_dir=grub2
 
 unexport HOSTCC CC LD OBJCOPY STRIP
-- 
cgit v1.2.3