From: Kees Cook <keescook@chromium.org>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
Konstantin Ryabitsev <konstantin@linuxfoundation.org>,
tools@linux.kernel.org, users@linux.kernel.org
Subject: Re: merging pull requests
Date: Fri, 1 Oct 2021 17:15:17 -0700 [thread overview]
Message-ID: <202110011712.E01892340C@keescook> (raw)
In-Reply-To: <20211001115948.GK3544071@ziepe.ca>
On Fri, Oct 01, 2021 at 08:59:48AM -0300, Jason Gunthorpe wrote:
> On Thu, Sep 30, 2021 at 04:42:58PM -0700, Kees Cook wrote:
>
> > The only "hole" I see with the integrity checking is that since only tags
> > or mbox headers are signed, and those aren't part of the merge, there
> > isn't a easy way that I see to follow the integrity chain for a given
> > resulting tree. (Which is technically different from the "trust" chain.)
>
> The git tag and signature are part of the merge commit:
>
> $ git show --show-signature v5.15-rc3-151-g78c56e53821a7e
> commit 78c56e53821a7ec3462ce448c1fe6a8d44358831
> merged tag 'for-linus'
> gpg: Signature made Wed 29 Sep 2021 09:57:42 PM ADT
> gpg: using RSA key 7C1EC530B87EF10C4BFBA8B7386DF7157E209B1A
> gpg: Good signature from "Jason Gunthorpe <jgg@nvidia.com>" [ultimate]
> gpg: aka "Jason Gunthorpe <jgg@mellanox.com>" [ultimate]
> gpg: aka "Jason Gunthorpe <jgg@ziepe.ca>" [ultimate]
> gpg: aka "Jason Gunthorpe <jgunthorpe@obsidianresearch.com>" [ultimate]
> gpg: aka "Jason Gunthorpe <jgunthorpe@gmail.com>" [ultimate]
> gpg: aka "Jason Gunthorpe <jgg@kernel.org>" [ultimate]
> Merge: 02d5e016800d08 e671f0ecfece14
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Thu Sep 30 12:00:46 2021 -0700
> [..]
>
> You can see the raw data like this:
>
> $ git cat-file commit v5.15-rc3-151-g78c56e53821a7e
Ah-ha! It does! Thank you; I couldn't figure out how to find the tags
internally.
--
Kees Cook
next prev parent reply other threads:[~2021-10-02 0:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 17:33 merging pull requests Kees Cook
2021-09-30 20:00 ` Konstantin Ryabitsev
2021-09-30 23:09 ` Kees Cook
2021-09-30 23:22 ` Stephen Rothwell
2021-09-30 23:29 ` Kees Cook
2021-09-30 23:29 ` Stephen Rothwell
2021-09-30 23:42 ` Kees Cook
2021-10-01 11:59 ` Jason Gunthorpe
2021-10-02 0:15 ` Kees Cook [this message]
2021-10-01 17:01 ` Steven Rostedt
2021-10-01 17:07 ` James Bottomley
2021-10-02 0:17 ` Kees Cook
2021-10-01 17:19 ` Konstantin Ryabitsev
2021-10-02 2:35 ` Kees Cook
2021-09-30 23:31 ` Olof Johansson
2021-10-01 0:09 ` Kees Cook
2021-10-01 0:27 ` Olof Johansson
2021-10-01 17:05 ` Steven Rostedt
2021-10-02 0:12 ` Kees Cook
2021-10-01 18:26 ` Konstantin Ryabitsev
2021-10-01 18:47 ` Linus Torvalds
2021-10-01 19:30 ` Konstantin Ryabitsev
2021-10-02 0:08 ` Kees Cook
2021-10-02 6:22 ` Willy Tarreau
2021-10-02 0:11 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202110011712.E01892340C@keescook \
--to=keescook@chromium.org \
--cc=jgg@ziepe.ca \
--cc=konstantin@linuxfoundation.org \
--cc=sfr@canb.auug.org.au \
--cc=tools@linux.kernel.org \
--cc=users@linux.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.