From: Andrea Arcangeli on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571987049
Hi Waiman,
Agreed, re-evaluating it later sounds the best. Thanks for checking!
___
kernel mailing list -- kernel@lists.fedoraproject.org
From: Waiman Long on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571980449
Perhaps, this patchset can wait until the final merge to v5.14 after
which the code will be more stable.
___
kernel mailing list -- kernel@list
From: Long Xin on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1063#note_571979271
@ptalbert I'm on the reviewer list, but I can't see the approve button
from my side, any idea why?
___
kernel mailing list -- kernel@lists.fedorap
From: Simo Sorce on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125#note_571911037
We should probably set y also: ECDH, ECDSA, LIB_CURVE25519, need confirm
from lab that we can claim these as approved in FIPS-140-3, but we can
still build them statically and then just ma
From: Simo Sorce on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125#note_571906895
Not clear why we need to change values for compression algorithms?
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send
From: Justin Forbes on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/#note_571904765
There is now a patch queued for upstream, which fixes the build issue. I
am okay with this going in, if it is merged before that patch lands, I
will do a temp MR to include it in releas
From: Eric Sandeen on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1057#note_571895599
Sorry I missed this earlier. David is always reachable via email for any
questions.
___
kernel mailing list -- kernel@lists.fedoraproject.org
From: Andrea Arcangeli on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571886822
That's a valid concern indeed, but one I have no solution for since I
also deal with the rejects. The best I can do is to repost it later if
needed, and no problem with me if it cann
From: Bruno Meneguele on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1127#note_571858640
cc @msalter for review too (aarch64).
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le..
From: Don Zickus on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571858501
@aarcange - The concern is fedora/ark tree git merges linus tree almost
daily. This patchset looks ripe for potential merge conflicts. We
would like to reduce that otherwise we are stuck
From: Bruno Meneguele on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1127#note_571857533
cc @lszubowi @jsnitsel @sfbest for review.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel
From: Bruno Meneguele
redhat: enable INTEGRITY_TRUSTED_KEYRING across all variants
This CONFIG option deprecates CONFIG_IMA_TRUSTED_KEYRING, however the old
one is still being required by some other options in upstream, that's why we
don't remove it yet.
Signed-off-by: Bruno Meneguele
diff a/
From: Bruno Meneguele
redhat: load specific ARCH keys to INTEGRITY_PLATFORM_KEYRING
In the current upstream kernel state all RHEL supported arches (aarch64,
x86_64, s390x and powerpc) supports loading platform keys (coming from the
boot process) to a trusted keyring in the system.
This patch en
From: Bruno Meneguele
redhat: enable INTEGRITY_ASYMMETRIC_KEYS across all variants
INTEGRITY_ASYMMETRIC_KEYS was already enabled in Fedora/generic/. This patch
adds it to common/generic because all supported ARK arches supports it.
Signed-off-by: Bruno Meneguele
diff a/redhat/configs/ark/gene
From: Bruno Meneguele on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1127
This MR enable specific platform keys to be loaded in the integrity
platform
keyring (`.platform`). In the current state of the kernel the three
arches:
x86_64, aarch64, s390x, ppc, h
From: Bruno Meneguele
redhat: enable SYSTEM_BLACKLIST_KEYRING across all variants
It was already supported in Fedora/generic. Does the same for all ARK
arches.
Signed-off-by: Bruno Meneguele
diff a/redhat/configs/ark/generic/x86/x86_64/CONFIG_SYSTEM_BLACKLIST_KEYRING
b/redhat/configs/common/
From: Andrea Arcangeli on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571771065
Hi Don,
as fast as I know, upstream was clear about
09854ba94c6aad7886996bfbee2530b3d8a7f4f4 being correct, so trying to
argue about that point again doesn't seem a productive under
From: Patrick Talbert on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1057#note_571719746
I have pushed an extra commit to enable CONFIG_NETFS_STATS.
We'll squash this all down to one commit upon merge.
___
kernel mailing list -
From: CKI Gitlab on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1057
NOTE: Truncated patchset due to missing @redhat.com email
address on your GitLab profile at https://gitlab.com/-/profile.
Once that is fixed, close and reopen the merge request
From: Don Zickus on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1124#note_571683854
@aarcange - Any reason why this isn't going upstream?
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Phil Sutter
[redhat] Disable CONFIG_NETFILTER_XTABLES_COMPAT
This setting seems to have slipped through review process: Before this
symbol was introduced, the relevant feature was always enabled. Since it
is there now, we should use the opportunity to disable it and avoid any
further secur
From: Vladis Dronov
[redhat] Embed crypto algos, modes and templates needed in the FIPS mode
Currently a number of FIPS-allowed algorithms are built as modules or are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by embedding the FIPS-allowed
From: Justin Forbes on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/351#note_571531270
Reverting this for now, it seems to not work as intended:
fatal: 'ark/patches/master' is not a commit and a branch 'ark/master'
cannot be created from it
___
From: Jan Stancek on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1122#note_571399112
Acked-by: Jan Stancek
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproje
24 matches
Mail list logo