diff options
| author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-25 16:23:27 -0400 |
|---|---|---|
| committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-25 16:23:27 -0400 |
| commit | 59c5614e36a343e57326e6190ee33e871f6052ad (patch) | |
| tree | faf7b35c4fa8cec1f97f4fd09a21fd97a80e70da | |
| parent | 036c0f3f4f17d091556dfc26bee5aa3a29f7912a (diff) | |
| download | b4-59c5614e36a343e57326e6190ee33e871f6052ad.tar.gz | |
Update attestation section in the README
- the default attestation policy is now "softfail"
- include instructions about installing the patatt submodule
Better read-the-docs style documentation will be coming in 0.8.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
| -rw-r--r-- | README.rst | 29 |
1 files changed, 17 insertions, 12 deletions
@@ -30,7 +30,11 @@ an alias in your .bash_profile:: alias b4="$HOME/path/to/b4/b4.sh" -Setting up a symlink should also be possible. +Setting up a symlink should also be possible. Remember to run the +following command after the initial clone in order to pull in the +dependencies that are tracked via submodules:: + + git submodule update --init Patch attestation (EXPERIMENTAL) -------------------------------- @@ -47,28 +51,29 @@ clone patatt as a submodule of b4. For attesting your outgoing patches, see patatt documentation. https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/ -Showing attestation on received patches -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -There are three attestation verification policies in b4: +Display attestation results on received patches +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +There are four attestation verification modes in b4: -- check (default) -- softfail +- off +- check +- softfail (default) - hardfail -The default "check" policy is look for any available attestation and try -to verify it. If verification fails, b4 will not output any errors, but +The "check" policy is look for any available attestation and try to +verify it. If verification fails, b4 will not output any errors, but will not show verification checkmarks either. -In "softfail" mode, any verification errors will be prominently -displayed, but b4 will still generate the .mbx file with patches. +In the "softfail" mode, any verification errors will be prominently +displayed, but b4 will still produce the resulting file with patches. The "hardfail" mode will show verification errors and exit without -generating the .mbox file with patches. +generating the .mbx file with patches. You can set the preferred policy via the git configuration file:: [b4] - attestation-policy = softfail + attestation-policy = hardfail Support ------- |