From 299655ee2600874667fa9e21e6d1e598bb011b56 Mon Sep 17 00:00:00 2001 From: Klaus Aehlig Date: Mon, 5 Aug 2019 05:01:43 -0700 Subject: [PATCH] Flip --incompatible_disallow_unverified_http_downloads to default to true As discussed in #8607, downloading files over plain http without reasonable verification afterwards (e.g., checking the sha256 sum) is a security risk and therefore should be discouraged. Flip the the corresponding flag disallowing such downloads to true. The flag was available with default false already in 0.29, and migration was possible even before that, simply by adding known-good checksums. Change-Id: Ia3d46115996bf7b7c4aed56dcd15fa7317b5d4fa PiperOrigin-RevId: 261662705 --- .../devtools/build/lib/packages/StarlarkSemanticsOptions.java | 2 +- .../com/google/devtools/build/lib/syntax/StarlarkSemantics.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java b/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java index 3211834b677d88..0b28c8635390e1 100644 --- a/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java +++ b/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java @@ -455,7 +455,7 @@ public class StarlarkSemanticsOptions extends OptionsBase implements Serializabl @Option( name = "incompatible_disallow_unverified_http_downloads", - defaultValue = "false", + defaultValue = "true", documentationCategory = OptionDocumentationCategory.STARLARK_SEMANTICS, effectTags = {OptionEffectTag.LOADING_AND_ANALYSIS}, metadataTags = { diff --git a/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java b/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java index 9860f6f86bae0d..9865368bd63ecd 100644 --- a/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java +++ b/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java @@ -278,7 +278,7 @@ public static Builder builderWithDefaults() { .incompatibleDisallowOldStyleArgsAdd(true) .incompatibleDisallowRuleExecutionPlatformConstraintsAllowed(false) .incompatibleDisallowStructProviderSyntax(false) - .incompatibleDisallowUnverifiedHttpDownloads(false) + .incompatibleDisallowUnverifiedHttpDownloads(true) .incompatibleExpandDirectories(true) .incompatibleNewActionsApi(true) .incompatibleNoAttrLicense(true)