Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Jun 2018 08:33:46 -0700
From:      "Simon J. Gerraty" <sjg@juniper.net>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        <cem@freebsd.org>, "Stephen J. Kiernan" <stevek@freebsd.org>, src-committers <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@freebsd.org>, <sjg@juniper.net>
Subject:   Re: svn commit: r335402 - head/sbin/veriexecctl
Message-ID:  <80645.1529508826@kaos.jnpr.net>
In-Reply-To: <201806201342.w5KDgMeS040038@slippy.cwsent.com>
References:  <201806201342.w5KDgMeS040038@slippy.cwsent.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert <Cy.Schubert@cschubert.com> wrote:
> > The signing of manifests is external.  The veriexecctl tool is I assume
> > a straight copy of what's in NetBSD (I've not looked at it in at least a
> > decade).
> 
> If this is correct, should it not be imported into the vendor branches 
> first?
> 
> What are the criteria to import through the vendor branches v.s. direct 
> import into HEAD? Do I fail to understand a missing piece of 
> information or is there an inconsistency?

AFAIK the key is whether there is an upstream project that will be
tracked, which is not the case here.
The ctl tool is the only bit that bears any relationship to the NetBSD
code - because we never used it.

Once I commit the loader stuff, we can replace the above with something
more useful - can leverage the same library to verify manifest
signatures.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80645.1529508826>