https://sourceware.org/bugzilla/show_bug.cgi?id=28204
Ryan Goldberg <rgoldber at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #10 from Ryan Goldberg <rgoldber at redhat dot com> ---
Hi, it has been quite the journey, but the latest draft of this patch is ready
for review
It is sitting on the try-branch users/rgoldber/try-bz28204c (figure'd it was
big enough that just looking at a patch might be hard to follow)
Since the last review the major changes are as follows
* I added a --koji-sigcache flag to the server which will enable koji specific
mappings of rpm paths to get IMA signatures.
* DEBUGINFOD_IMA_CERT_PATH can now include paths to dirs containing PEM and DER
encoded certificates. And will be traversed looking for the first cert which
has a skid matching the signature which we need to validate.
* The verification certificates for RHEL and CentOS have been finalized and we
have a green light to distribute copies of them alongside our source (since
they have not been formally published to a known location yet). They are in
debuginfod/ima-certs and will be installed to
$(sysconfdir)/debuginfod/ima-certs. DEBUGINFOD_IMA_CERT_PATH will by default
include this path. This dir also has copies of the current fedora verification
certs (which are already public but not yet backported to f38 [fedora-repos
commit 93b2c8a])
--
You are receiving this mail because:
You are on the CC list for the bug.
