From owner-svn-src-head@freebsd.org Thu Jun 21 22:05:52 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 939E51001A76; Thu, 21 Jun 2018 22:05:52 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "thawte SHA256 SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DC82B70CEF; Thu, 21 Jun 2018 22:05:51 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5LM3fUJ028716; Thu, 21 Jun 2018 15:05:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=pfRyR5bR3xv4vM+GmwnY6oeMqKUJepgJOqnOUNufVuc=; b=zVVmxvjhRlABXbgOUdUnu5OSGmZ9SvoE+yIFCxowW5tP7yKZLY4FVEUq0D08Ce4RRzC0 qSbLQVvJMy5aEh40E6TzrS1fgnjPRB+31EWTVRbGDCbH6Am+dGTf9asVcesh69w33Z/w WBS56ijmheJZd02vPZTnrML+MH2Nx3DVjdfGOTWp6JylrYvlaI4ZQHVBFFXH+I6YbEgA PKP7ojasCNesRRlo82KtyTPVGCtOz2Ba/+22x1qpLAcJB/HEOSJSxS3V0B2Wy2pdjGFy 5zZKKLZIoUiTi7OGjeq4jYPfTtiKUpVVMVHkRAlp8q6lceCHkZ2TyuLFdOVEi+WrDoMi HA== Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp0081.outbound.protection.outlook.com [207.46.163.81]) by mx0b-00273201.pphosted.com with ESMTP id 2jrjjjg6qp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 21 Jun 2018 15:05:45 -0700 Received: from BY1PR0501CA0007.namprd05.prod.outlook.com (2a01:111:e400:4821::17) by CY4PR05MB3112.namprd05.prod.outlook.com (2603:10b6:903:fc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.884.16; Thu, 21 Jun 2018 22:05:44 +0000 Received: from DM3NAM05FT005.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::208) by BY1PR0501CA0007.outlook.office365.com (2a01:111:e400:4821::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.776.4 via Frontend Transport; Thu, 21 Jun 2018 22:05:43 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender) Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by DM3NAM05FT005.mail.protection.outlook.com (10.152.98.110) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.906.10 via Frontend Transport; Thu, 21 Jun 2018 22:05:42 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 21 Jun 2018 15:03:22 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w5LM3L1C015976; Thu, 21 Jun 2018 15:03:22 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id 6493364AA8; Thu, 21 Jun 2018 15:03:12 -0700 (PDT) To: Warner Losh CC: "Rodney W. Grimes" , Ian Lepore , "Conrad E. Meyer" , Stephen Kiernan , Eitan Adler , src-committers , , , Subject: Re: svn commit: r335402 - head/sbin/veriexecctl In-Reply-To: References: <1529606006.24573.30.camel@freebsd.org> <201806212110.w5LLAXXS081257@pdx.rh.CN85.dnsmgr.net> Comments: In-reply-to: Warner Losh message dated "Thu, 21 Jun 2018 15:45:32 -0600." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <49198.1529618592.1@kaos.jnpr.net> Date: Thu, 21 Jun 2018 15:03:12 -0700 Message-ID: <53990.1529618592@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39860400002)(39380400002)(2980300002)(199004)(189003)(59450400001)(186003)(446003)(117636001)(11346002)(81156014)(2810700001)(305945005)(316002)(2906002)(478600001)(54906003)(16586007)(336012)(356003)(26005)(6346003)(126002)(229853002)(476003)(77096007)(23726003)(486006)(55016002)(50466002)(47776003)(97876018)(7126003)(86362001)(6266002)(97756001)(69596002)(76176011)(7696005)(8936002)(6916009)(6246003)(106466001)(53416004)(105596002)(8676002)(5660300001)(39060400002)(81166006)(107886003)(97736004)(46406003)(4326008)(68736007)(50226002)(53936002)(76506005)(9686003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR05MB3112; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT005; 1:paoADRck9Bw1bzYAQkzI7duyuSV6RU2y3v+pUttyMFzlpbyaCJUe3IOxiSfAcN0WieEyYfEIvcL7XrpMrx1NJ7eelvzHdKDuyxX+TaA+tZ85CSl6rAGuxtsQoQoHt1eb X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: db58c96b-3370-49f4-7dc5-08d5d7c3222a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(2017052603328)(7153060); SRVR:CY4PR05MB3112; X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3112; 3:SAVEVaY3qBaoqCuLTMFXJiHMRipqig5gqnVtXb4nQK2dnJ2m05Ugqj4Uha/LhjnUjufu2ZpkrHCA+krdRWiwIG+gPlFPgE2ej81oIMHrVCzBQYgI14rhQADsctB9T7nsTvdBzFcOO/AI7rIVde4ljtlCklcM0+9rRkoZknWnm5I7JO+6AzbZ5GDnmCREg2Up+Q+eIHfe4B8NVmStG7QvhYCABwhlpL1vvF2A3bllo3+cy6WbPs3gyIbgtHKdxr+lluDGDVXcDDsSgbqiFnDDoJiCQsn7ljcPvSZb1YRXb0YtO+bmFwtKMfJ7nGJ7h2eKT5S/2S1ymdmiEYEyeAjDxp2inCeGu1Qigbz1bJH7j8Q=; 25:xxc/fyrsRhlwajZkPBNvIxukb5vgmFQ3wpqPPW1ovToq1XlNT/0GLxegv4IYHd459RVBRkJf6RcHon+LhsPNeSaB0quzt4EasbEDqfBMynMouGJ/MzKFShAfl1ROOuLfy1rnc3+xPgza75phAM+htGKaJxCGEiF6MxmrBgjoRhMAbtpWVGUOB/fp2GMvRXuEA7Uwy2HijxfWUHlyC5ESFiKhl4IuBR3CrZ7lcSUVFMTD6losdKklsPicj+ulYglO6fXy3sn9r7Bh+I4Dwt+cRWNmjiLf9D39ffuzv9SnZVAwy7oVwy12v40nG1N43m+4+zav6GwzrWpV1sy0QW3xQg== X-MS-TrafficTypeDiagnostic: CY4PR05MB3112: X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3112; 31:B3YFIrrOu3A1WPYbuKaVaybpI6Knadsqgc80NT+QuxUmAPQ8fIxGh6iD+ftnoLUz2+ovSRhbbRBsFRy2hvxZhWs/8KwIwL1V8a7jBk/UBWrrTC7Nprq/8YrhdbauhvpcmJ4jabYHvcsYhJlzrh6MPiG/uVUyqjEhvPjpZhw7EomE6o7X6ca9H89cO+3zhuURU0JA++MkpmwDEWoFHiW/Fdow1DatoHTONbyhxOQbIJY=; 20:4lJIZZO4k+KdDbT4tzayDdOeIIRVmYirzSo2lAqeFn6+Oq12AI5TLvXJrxwqes+GXps935rgWD49/0VsDuSaji55lexH05e1GdU9iB6Tmrui8xIMOEheAbayVpUXqa7svPQ9URyvlMij9e7nKAMwULaON3CMVIXgDo/GP5ZlEqv/WLMhIm28NHvEzQgy2bBNSNqm3QvUIzPGckkR+xC5uLb4qN54aqe8CkwZz2OvxWs1+/u5LFYIXWKeBlDO49+/x05ohJwSdt+P30kpaJ0MFTYdgWVuT8B0wh6M41MXPdaBiHhwLv+U9WVlP9zEaQviuObiIDHwgNGedNmAL/2tF/Yd0M+sU7k2mm6zD4owYInFy6wzlUcdvovakTL3UBQgnVSJeWRwPNsZBg9fPDdbo/RRUwvw+OLwfb0cMCGyPx4VBS4WIg7aOqvU+iCWaFJgqhSBpePHPSPYNdqXeZO6wppnoJkLuaXF4CCnE5Zr6CFsEpHkx4OhfKMWg4AmngZY X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:CY4PR05MB3112; BCL:0; PCL:0; RULEID:; SRVR:CY4PR05MB3112; X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3112; 4:h6TUU0wtV0bXUPLXQ3w73UyQWWEyZuACR41dSOr/N7mEpORj2gOs2aczpVmmGl2Y1yw3WG4KwcJo2EJ6HGAwaP/9xco2bMkqXl+SIXwf79KHSKLCJvFeTHPTvCUwvNE/8udjmtfYPVV4WA7QxqR1KI5g+7hwFLwbmFGHwVJFUiNQCEPePnAGsBj1KJ8lovjhPayxwB06PwAQ65yHZ+RfyJuQlpPXpAqNj3isqJa1yE3uiubD4fL9c0Lw0d03QRA5UFMgjpN9r9Ke5te7Kja8iA== X-Forefront-PRVS: 07106EF9B9 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR05MB3112; 23:yeT/zqC8iB+abkCiBDwqUHPYvRzrKYds8F8gk4UwR?= =?us-ascii?Q?Ks3YsHC6jQgp2ir7oEEgLtnhepQqYYNCtzOwGyhNVX/lNH/HCgg1EjBp0WmH?= =?us-ascii?Q?pxQfvk8Y3SlrpYxjXVrNppNmblH+PDqrgb9hHMQb7wlg/OlEn1WLnwGbPFJC?= =?us-ascii?Q?Ny92YKcW9ge0JhZC5SzWLHM0Heu6bv5rdf3CCulPn7rbMO1unmuLEBnC7GxQ?= =?us-ascii?Q?/72SPSB2gqE5LoQF5sMFQrZPVL2h6mSiw6pP+zNYm8tgBv9FvRMQGbGiCB9+?= =?us-ascii?Q?imI9frt3dr83uHOiJUkU1zAOxIB42h9rcDvqonyOZSrCLKGN6s72VEYtyBlN?= =?us-ascii?Q?NlCS0GS9RXWs9jyijKYJ/QeGFeM0wzwhUDpzybVJQSejfrJOrfL4jymAJEVn?= =?us-ascii?Q?14YXXLw9AWzlbLgnAXWI2GDcMkwvmmgnGe4HmLh8Q0mm8dDn7Ys/Y76gfo43?= =?us-ascii?Q?mmADuY+5xfKF6HL/svQu0iFDuwzCpekAxJti/2F6b5ruJSAdup01EGmHL975?= =?us-ascii?Q?47yCaPzgvLeA86LBGsefc57vwYu44O0hYMsXvhXFblxrko+8twDOFRUvfEw/?= =?us-ascii?Q?tfQWLrqAx4LSaPUBLWI/g+ykNrXIrUHFgiFr6Hdb38R+nIET3Tk430i20jJM?= =?us-ascii?Q?y1+w2mU0Hxuasg62fNrsYZw9FwmHSuEzEVhHjh2KIMvbTLfs94EZJmCNpABI?= =?us-ascii?Q?eGjmGYyqCMhuzG7DW2SHVO6mxhRXX+uGAwsWjqWy6oXiKTUJmifyCcEpPfmt?= =?us-ascii?Q?pbvpT5N8oyna+IU/68cEPkWJjclWrIAKHeXxu1o7yCDQc3vmdxXnOB9sJkKl?= =?us-ascii?Q?016wxXTMVEVOmrSmJo3DC4KW7YT6/8emEMOImg84OITdeOR7WiQgomU/mL9n?= =?us-ascii?Q?MCespuwC51d6asrkopcMbOREql8xMA60H9jTnaCqIWSpY60kN55l2D2X4wyz?= =?us-ascii?Q?LMHboVlIgaG5OjvC8JJ+glYYUbJkIWyDNgaG5tzR6fQgKlOcHSmjUrr/lZyD?= =?us-ascii?Q?OSFkS1AN21ZbHJzf/UbhF6N4pJxIdBCDDX6buZJsoq0bT+98teOZe5GesEB4?= =?us-ascii?Q?ZcOL2qIqR7AYCj+qMCYQUn5OHQ+tWakZ7q7l+SRk+h/pc+9ZiFXhE22E+vzP?= =?us-ascii?Q?Lgwg1vWNjIdkv9H7bmGqMsDcgt4PTpBskQQnuVZBdsKnxfLKxYojw0fQoSUF?= =?us-ascii?Q?2NfAKmzofaI13+9VOQA21wma7luvxwjp73qBg6KsVomLT7399C74czC1Gbg/?= =?us-ascii?Q?DPTGX8gBNrzRIicVhjoo8KeWeGtStaxMxAZcSqDq7cGreatuZJiuqXTOMO9i?= =?us-ascii?Q?rDXi6rOfA7x3Wi4qv9PLWnK+/vlGMEG6UVANJQV89qFIfGm8MEdZVpys4u0C?= =?us-ascii?Q?TqtDQ+5dc/ficxl7/UuZMnrCw0KipET+tTQG3D6XPuZjTmZ?= X-Microsoft-Antispam-Message-Info: T6JpgEXAhML7wRG8mL+AAi1tI0CAt8CESJ9yKmSCRFhwTm4ElDnvzIgkiQaUgIVW3hjYVSusho9REd/7HLQiBdqE5FSravZTzXtJ8WTCTuTxrmiP+Px0PZSDo96rBxYUFGVcj2CpvxehXxrc9EpmInQjAVZMjV8t9VCes+3pklA2AHmjjqzt7tPRnuvvTMlNKbUI6T8qkeH+4fzBpF+078tU8viR4YTDq8oJtnvLB75lWkA/DcP1vi/mMbwtmDn58Vkix6u5CJMWdaQ5MCHCBVVZKZOAorRQnFqHOm78K/LNRZvM1UCCDXyrzg5MHBwJQxzD5i2sgqipeXgI8Ou47Q== X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3112; 6:prffqdYOPQnBRJJKzMY/uckcOAvX3I5pIJEV164S7qi7MA23yFWLGkN/HO2NB7Mx5gYL8a8wFlnl1yfN1a8YZ/c6BgO9TsGUDDbrDdnrtDvY3/5bKuJn8WqbjsiCt528z0mcvXJ52JLbWafDBVtXGHsPKVQ1XtinkMdOqrHUkBEsU5AemgKSks22I2V9ZCrEnYYGDJskLNMerBJVADxUPIi2YKin1QC5owmZFDryepCRJBaLWIbtsLcph0JXdx+G820QV/z6uILiqEGELwtINw5VPkdU7vAIEWKONDkqXKAa7fTBvYspW92MbLLaInjnAFo/kEs4IiiITZGmnVxEQPSPyGxxiRGkAsSQMrZCXQR1Og4xg/S0O0EalFsxngTrTLO7K5/8tl9hf9L6SVmR0kW1iIQVs0DfGxcdbtM3aLdrPLRxLgQMvdM77lJnzyTHL+bxi78L/cHoSscTqna8lg==; 5:/rtUov8RaYiNRMxLSU8oN/41YdgqugCGIKJG8hfoNlJLWRXdPQ7CrONabo3b27vN6NriIi+kxG1I+lRL8NdOrURbPrvjwI9AiAoDxTVbpT1F7V3l+hN4nnOZ7+SOsNPcEmPob9lz/Gpn3IzG97ZMg32MP0zpG9QQtqJ186X9sEo=; 24:DNKwe9nqVK5TAOwQM55F2dN6bc8gq9cpKpQTU4lQzU2HXdzxZ644uc4WJ0EhaYkwFh8b/yAvDvKi6BkGZCxJV9ZBLmD92+cuZJVunHM5Tjk= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3112; 7:SKG7umwC7lTlyyX7LGIZDEObqxxMCnGNwI9gMrzPuBlanXdpwveRRrQ/nhfnR5YLmW9O8jZ2GfG+xqpSjMDQkSOxEvacU/CdEcrg0Bmc9v7nlPFvJ0d1CFNbKqdeQQW5+48QuKLhw00RgsQN72+7PoFj48PAhJyYLJB8JiaPrVZ8CFzOMWcCR5st7i/BB0Lgym9YMM//rjMEJ+wxuE5M9f+17xN+6k0ixcOkXbFbzNalz/93TlpuWDB9uM0peP1U X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2018 22:05:42.8660 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: db58c96b-3370-49f4-7dc5-08d5d7c3222a X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR05MB3112 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-21_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806210237 X-Mailman-Approved-At: Thu, 21 Jun 2018 22:31:32 +0000 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 22:05:52 -0000 Warner Losh wrote: > > Officially this code is on the 12.0 target path, it needs > > to be in the tree sooner where many eyes can work on it. > > > > I concur here. Let's give it until 12 to get sorted. If it's mostly sorted > by then, we're good. > If not we can have the discussion then. > There's also some manifest signing stuff in the works that was recently > approved to go in. Simon was talking about that. Maybe that will help fill > the gaps? I think so. The work I've done for loader supports both X.509 and OpenPGP based signatures, I need to tweak the library a bit so it is useful for userland app too. FWIW I'd meant to suggest to steve not to commit the veriexecctl tool which I think we all agree is useless as is (never used by us). I believe he'll back that bit out when he can get access to his keys - he's travelling this week. Thanks --sjg