Age | Commit message (Collapse) | Author |
|
When the signature is validated using the default keyring, run an
additional check on the UIDs and show the discrepancy if the identity
used in the X-Developer-Signature header is different from the UIDs we
have on the key.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
This version returns a failure early when body modification is
recognized. This is especially useful if we have to shell out to gnupg
for validation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Minor bugfix release with better error messages for installs without any
keys and unconfigured git.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Not really necessary, but let's keep them synced across major versions.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Nothing really different in 0.3.0, just a few cleanups.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|
|
Move end-to-end attestation code into its own library: patatt. See
https://git.kernel.org/pub/scm/utils/patatt/patatt.git/about/
It is included into b4 as a submodule, but you will need to init it
first:
git submodule update --init
This change significantly simplifies our attestation code, dropping
thousands of lines of rather hairy code. Notably, patatt-style
attestation is incompatible with previous attestation implementations
done directly in b4, but that's just as well -- we've always marked it
as "experimental" and the lack of adoption was proving that we weren't
on the right path.
Next to come is keyring management and documentation.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
|