summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-25 16:23:27 -0400
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-05-25 16:23:27 -0400
commit59c5614e36a343e57326e6190ee33e871f6052ad (patch)
treefaf7b35c4fa8cec1f97f4fd09a21fd97a80e70da
parent036c0f3f4f17d091556dfc26bee5aa3a29f7912a (diff)
downloadb4-59c5614e36a343e57326e6190ee33e871f6052ad.tar.gz
Update attestation section in the README
- the default attestation policy is now "softfail" - include instructions about installing the patatt submodule Better read-the-docs style documentation will be coming in 0.8. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r--README.rst29
1 files changed, 17 insertions, 12 deletions
diff --git a/README.rst b/README.rst
index 0fe5222..e13367a 100644
--- a/README.rst
+++ b/README.rst
@@ -30,7 +30,11 @@ an alias in your .bash_profile::
alias b4="$HOME/path/to/b4/b4.sh"
-Setting up a symlink should also be possible.
+Setting up a symlink should also be possible. Remember to run the
+following command after the initial clone in order to pull in the
+dependencies that are tracked via submodules::
+
+ git submodule update --init
Patch attestation (EXPERIMENTAL)
--------------------------------
@@ -47,28 +51,29 @@ clone patatt as a submodule of b4.
For attesting your outgoing patches, see patatt documentation.
https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/
-Showing attestation on received patches
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-There are three attestation verification policies in b4:
+Display attestation results on received patches
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+There are four attestation verification modes in b4:
-- check (default)
-- softfail
+- off
+- check
+- softfail (default)
- hardfail
-The default "check" policy is look for any available attestation and try
-to verify it. If verification fails, b4 will not output any errors, but
+The "check" policy is look for any available attestation and try to
+verify it. If verification fails, b4 will not output any errors, but
will not show verification checkmarks either.
-In "softfail" mode, any verification errors will be prominently
-displayed, but b4 will still generate the .mbx file with patches.
+In the "softfail" mode, any verification errors will be prominently
+displayed, but b4 will still produce the resulting file with patches.
The "hardfail" mode will show verification errors and exit without
-generating the .mbox file with patches.
+generating the .mbx file with patches.
You can set the preferred policy via the git configuration file::
[b4]
- attestation-policy = softfail
+ attestation-policy = hardfail
Support
-------