Bastien Nocera writes:
>> > If you are creating a cert to sign the out-of-tree modules and expect
>> > it to be accepted by the kernel, it cannot be ephemeral. A user would
>> > need someway to import it into their kernel or have it passed from
>> > grub. [...]
>>
>> That just proves that Rest
On Feb 22, 2016 6:33 AM, "Bastien Nocera" wrote:
>
>
>
> - Original Message -
> > Josh Boyer wrote:
> > > If you are creating a cert to sign the out-of-tree modules and expect
> > > it to be accepted by the kernel, it cannot be ephemeral. A user would
> > > need someway to import it into
- Original Message -
> Josh Boyer wrote:
> > If you are creating a cert to sign the out-of-tree modules and expect
> > it to be accepted by the kernel, it cannot be ephemeral. A user would
> > need someway to import it into their kernel or have it passed from
> > grub. The only way to d
Josh Boyer wrote:
> This is a major part of why we disallowed them in the past and that
> was before any of the existing kernel team members were on the team
> yet. Our stance has not changed over time or with the introduction of
> new team members.
And I still believe that it is wrong to reject
Josh Boyer wrote:
> If you are creating a cert to sign the out-of-tree modules and expect
> it to be accepted by the kernel, it cannot be ephemeral. A user would
> need someway to import it into their kernel or have it passed from
> grub. The only way to do so is to have it embedded in shim or th
Am 15.01.2016 um 01:07 schrieb Andrew Lutomirski:
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald wrote:
Am 15.01.2016 um 00:36 schrieb Andrew Lutomirski:
If, for example, it simply installed into
/lib/modules/VERSION/akmod/path/to/driver.ko, then rpm could be taught
to delete /lib/modules/V
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald wrote:
>
>
> Am 15.01.2016 um 00:36 schrieb Andrew Lutomirski:
>>
>> If, for example, it simply installed into
>> /lib/modules/VERSION/akmod/path/to/driver.ko, then rpm could be taught
>> to delete /lib/modules/VERSION when the corresponding kernel pa
Am 15.01.2016 um 00:36 schrieb Andrew Lutomirski:
If, for example, it simply installed into
/lib/modules/VERSION/akmod/path/to/driver.ko, then rpm could be taught
to delete /lib/modules/VERSION when the corresponding kernel package
goes away (either using a scriptlet in the kernel package or an
On Thu, Jan 14, 2016 at 3:04 PM, Ian Malone wrote:
> On 14 January 2016 at 19:29, Andrew Lutomirski wrote:
>> 2. Assuming that shipping an out-of-tree module is okay, is akmod a good
>> mechanism?
>>
>> I would argue strongly that akmod is *not* a good mechanism.
>>
>> Clearly any end-user-box-bu
On 14 January 2016 at 19:29, Andrew Lutomirski wrote:
>
> On Jan 14, 2016 9:34 AM, "Nicolas Chauvet" wrote:
>>
>> 2016-01-14 18:05 GMT+01:00 Neal Gompa :
>>>
>>> On Thu, Jan 14, 2016 at 11:01 AM, Reindl Harald
>>> wrote:
>>> >
>>> > Am 14.01.2016 um 16:56 schrieb Neal Gompa:
>>> >>
>>> >> I've r
On Thu, 2016-01-14 at 10:56 -0500, Neal Gompa wrote:
> Hello all,
>
> I've recently been wondering why we haven't allowed kernel module
> packages in Fedora since Fedora 8. I've tried searching through our
> wiki and the mailing list, but I haven't come up with any concrete
> reasons for why we di
On Jan 14, 2016 9:34 AM, "Nicolas Chauvet" wrote:
>
> 2016-01-14 18:05 GMT+01:00 Neal Gompa :
>>
>> On Thu, Jan 14, 2016 at 11:01 AM, Reindl Harald
wrote:
>> >
>> > Am 14.01.2016 um 16:56 schrieb Neal Gompa:
>> >>
>> >> I've recently been wondering why we haven't allowed kernel module
>> >> packa
On Thu, Jan 14, 2016 at 2:09 PM, Neal Gompa wrote:
> On Thu, Jan 14, 2016 at 2:00 PM, Josh Boyer wrote:
>> On Thu, Jan 14, 2016 at 1:54 PM, Neal Gompa wrote:
>>> On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
On 01/14/2016 07:56 AM, Neal Gompa wrote:
>
> Aside from the DNF iss
Am 14.01.2016 um 20:09 schrieb Neal Gompa:
On Thu, Jan 14, 2016 at 2:00 PM, Josh Boyer wrote:
On Thu, Jan 14, 2016 at 1:54 PM, Neal Gompa wrote:
On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
On 01/14/2016 07:56 AM, Neal Gompa wrote:
Aside from the DNF issue, is there anything else
On Thu, Jan 14, 2016 at 10:56 AM, Neal Gompa wrote:
> Hello all,
>
> I've recently been wondering why we haven't allowed kernel module
> packages in Fedora since Fedora 8. I've tried searching through our
> wiki and the mailing list, but I haven't come up with any concrete
> reasons for why we dis
On Thu, Jan 14, 2016 at 2:00 PM, Josh Boyer wrote:
> On Thu, Jan 14, 2016 at 1:54 PM, Neal Gompa wrote:
>> On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
>>> On 01/14/2016 07:56 AM, Neal Gompa wrote:
Aside from the DNF issue, is there anything else I'm missing in
relation to
Am 14.01.2016 um 19:54 schrieb Neal Gompa:
On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
On 01/14/2016 07:56 AM, Neal Gompa wrote:
Aside from the DNF issue, is there anything else I'm missing in
relation to kmods in Fedora?
If you have secure boot, you have to go through the process
On Thu, Jan 14, 2016 at 1:54 PM, Neal Gompa wrote:
> On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
>> On 01/14/2016 07:56 AM, Neal Gompa wrote:
>>>
>>> Aside from the DNF issue, is there anything else I'm missing in
>>> relation to kmods in Fedora?
>>>
>> If you have secure boot, you have t
On Thu, Jan 14, 2016 at 1:49 PM, Samuel Sieb wrote:
> On 01/14/2016 07:56 AM, Neal Gompa wrote:
>>
>> Aside from the DNF issue, is there anything else I'm missing in
>> relation to kmods in Fedora?
>>
> If you have secure boot, you have to go through the process to sign the
> kernel modules you bu
On 01/14/2016 07:56 AM, Neal Gompa wrote:
Aside from the DNF issue, is there anything else I'm missing in
relation to kmods in Fedora?
If you have secure boot, you have to go through the process to sign the
kernel modules you build and register the key with the boot system.
--
devel mailing li
2016-01-14 18:05 GMT+01:00 Neal Gompa :
> On Thu, Jan 14, 2016 at 11:01 AM, Reindl Harald
> wrote:
> >
> > Am 14.01.2016 um 16:56 schrieb Neal Gompa:
> >>
> >> I've recently been wondering why we haven't allowed kernel module
> >> packages in Fedora since Fedora 8. I've tried searching through ou
Am 14.01.2016 um 18:05 schrieb Neal Gompa:
On Thu, Jan 14, 2016 at 11:01 AM, Reindl Harald wrote:
Am 14.01.2016 um 16:56 schrieb Neal Gompa:
We have two tools that can help us in this regard: akmod and Koschei,
both came after our policy change to disallow kernel modules.
akmod is a dirty
On Thu, Jan 14, 2016 at 11:01 AM, Reindl Harald wrote:
>
> Am 14.01.2016 um 16:56 schrieb Neal Gompa:
>>
>> I've recently been wondering why we haven't allowed kernel module
>> packages in Fedora since Fedora 8. I've tried searching through our
>> wiki and the mailing list, but I haven't come up w
Hello all,
I've recently been wondering why we haven't allowed kernel module
packages in Fedora since Fedora 8. I've tried searching through our
wiki and the mailing list, but I haven't come up with any concrete
reasons for why we disallow them.
If it is perhaps the issue of keeping things in syn
Am 14.01.2016 um 16:56 schrieb Neal Gompa:
I've recently been wondering why we haven't allowed kernel module
packages in Fedora since Fedora 8. I've tried searching through our
wiki and the mailing list, but I haven't come up with any concrete
reasons for why we disallow them.
If it is perhaps
25 matches
Mail list logo
