Review & pull request: dracut-modules-olpc

Martin Langhoff martin.langhoff at gmail.com
Fri Apr 30 18:39:45 EDT 2010


On Fri, Apr 30, 2010 at 5:04 PM, Daniel Drake <dsd at laptop.org> wrote:
> Maybe I asked this already, but I can't find the discussion. When the
> server communicates the time to the XO and the XO sets the clock based
> on that, shouldn't the XO verify that the delegation has not expired?
> By that I mean it should refuse to set a time/date that is beyond the
> expiration of the delegation.

Fair enough. One of the problems is that normally the expiry check is
done inside bitfrost lib and the code there only respects the system
clock.

So it's a bit messy. Rework bitfrost libs (with impact on users if the
lib) or implement a bit of code that knows enough about the sig format
to find out all the expiry dates and picks the lowest one...

If you really want it, I'll try find the time, though it's... messy.

> I don't see the benefit of reimplementing timegm() in the initramfs

Maybe it wasn't included in the old initramfs. The current one
includes lots of things.

> If you're low on time, feel free to just mark these as a FIXME. It's
> not important.

FIXME for now :-/

> Finally, can you adjust the README to talk about the more simplistic
> option of testing the initramfs without signing it? The process is
> much simpler and you aren't always working on the security code.

Sure - will do.



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



More information about the Devel mailing list