From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 417FF3858C31; Fri, 25 Aug 2023 16:43:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 417FF3858C31 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1692981837; bh=8ckj8KIBzbnPWB7t7ZED/P2SEPQzFDxs4hDpcm/4Tkk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=fqtVTzK/7giGPxlh2cYHANMWJerfUTDU4a3C287fjLpW+x1stw90tHa51CDQRCEEk CUKjI+rR1PGIsjqp4Wqf5z9aPjuZec1j3TQc0IFJRz4/Nf7jftHPx+dTlX3WO1fSC6 X3Sp8e0jkp9x/Kosb7jvH/L/s2sZOcL9XE3gDA8k= From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug debuginfod/28204] extend webapi / verification with forthcoming signed-contents archives Date: Fri, 25 Aug 2023 16:43:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: debuginfod X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: rgoldber at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D28204 --- Comment #25 from Mark Wielaard --- So I am looking at users/rgoldber/try-bz28204d but it isn't clear you want = to merge that in separate commits or squashed together. I am comparing to users/rgoldber/try-bz28204c which I believe is the previous version reviewe= d. It really makes things a lot easier if the actual patches that are intended= to be merged are posted (with a description of what was changed since the last review). So as far as I can tell the new series has been rebased from commit 35e059b654224b1a01d05877b13582c74c692388 to 27a84961f7a061b83f10f7e02bf433c229d6537a. Good. That is just 3 commits. - configure.ac checks updated. - debuginfod/debuginfod-client.c introduces ima_policy_t Includes an "undefined" policy? debuginfod_validate_imasig updated to read/digest in chunks of DATA_SIZE. Is the k +=3D DATA_SIZE correct? Can't pread return an n < DATA_SIZE? If the cert_paths =3D strdup (...) fails cert_paths gets assigned a static string? Won't that crash the strtok calls or the free (cert_path) call? In debuginfod_query_server the server_urls are parsed to see te ima polic= y, as described debuginfod-client-config.7 Sorry, have to stop for a bit. Will try to look at the rest later. --=20 You are receiving this mail because: You are on the CC list for the bug.=