From: Joshua Lock <jlock@vmware.com>
To: "openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: [PATCH v2 0/3] Enforce Shared State Signing when optionsset
Date: Tue, 30 Jul 2019 13:16:03 +0000 [thread overview]
Message-ID: <cover.1564487218.git.jlock@vmware.com> (raw)
There are 2 surprising behaviours in the current shared state signing
implementation which this pull request addresses:
1) when signature verification is enabled a failure to verify doesn't prevent
the shared state object from being used. A warning is printed and the
unsigned shared state object is used to accelerate the task.
2) when signing is enabled the taskhash doesn't change and any existing,
unsigned, shared state objects will not be signed. This is particularly
problematic when combined with 1.
Please review the following changes for suitability for inclusion. If you have
any objections or suggestions for improvement, please respond to the patches. If
you agree with the changes, please provide your Acked-by.
Changes since v1:
* removed spurious Python subclass class and handling of an error condition that
couldn't occur
The following changes since commit 835f7eac0610325e906591cd81890bebe8627580:
meta/lib/oeqa: Test for bootimg-biosplusefi Source (2019-07-23 22:26:28 +0100)
are available in the Git repository at:
https://github.com/joshuagl/poky joshuagl/signed-sstate2
https://github.com/joshuagl/poky/tree/joshuagl/signed-sstate2
Joshua Lock (3):
sstate: fix log message
classes/sstate: don't use unsigned sstate when verification enabled
classes/sstate: regenerate sstate when signing enabled
meta/classes/sstate.bbclass | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--
2.21.0
next reply other threads:[~2019-07-30 13:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 13:16 Joshua Lock [this message]
2019-07-30 13:16 ` [PATCH v2 1/3] sstate: fix log message Joshua Lock
2019-07-30 13:16 ` [PATCH v2 2/3] classes/sstate: don't use unsigned sstate when verification enabled Joshua Lock
2019-07-30 13:16 ` [PATCH v2 3/3] classes/sstate: regenerate sstate when signing enabled Joshua Lock
2019-07-30 13:31 ` ✗ patchtest: failure for Enforce Shared State Signing when optionsset Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1564487218.git.jlock@vmware.com \
--to=jlock@vmware.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox