From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org,
"Dmitry V. Levin" <ldv@altlinux.org>
Subject: Re: [PATCH v6 1/3] ima-evm-utils: Allow manual setting keyid for signing
Date: Tue, 29 Jun 2021 04:32:01 +0300 [thread overview]
Message-ID: <20210629013201.xelhje2hmiuqybrt@altlinux.org> (raw)
In-Reply-To: <f2355538832153c82c866d1e779b128a9612b6cc.camel@linux.ibm.com>
Mimi,
On Mon, Jun 28, 2021 at 04:50:42PM -0400, Mimi Zohar wrote:
>
> Thank you for the detailed explanation.
>
> On Sat, 2021-06-26 at 03:42 +0300, Vitaly Chikunov wrote:
>
> > > Requiring the optarg value to be prefixed with "0x" would
> > > simplify the strlen test.
> > > (The subsequent patch wouldn't need a contrived prefix.)
> >
> > (I do not understand this remark at the moment.)
> >
> > Base 16 will let user pass keyid just as a string, copy-pasting from
> > somewhere else.
>
> strtoul() supports prefixing the ascii-hex string with "0x". To
> differentiate between a keyid and pathname, why not require the keyid
> be prefixed with "0x", as opposed to requiring the pathname to be
> prefixed with '@', like "--keyid @/path/to/cert.pem".
I wanted to avoid (filename vs keyid) ambiguity of the argument to
`--keyid' - if user have file named "0x00112233" they would have hard
time passing it to `--keyid'. But, it's impossible to have keyid string
starting with "@". So, "@" perfectly distinguish type of `--keyid'
argument but "0x" isn't.
Also, in some software (zip, rar) "@" is common prefix meaning value
should be taken from the specified file. But, yes, "@" is not common
in Unix environments. Do you want me to create separate option like
`--keyid-from-file'?
Thanks,
>
> The new test would be "OPTS=--keyid=0xaabbccdd"
>
> thanks,
>
> Mimi
next prev parent reply other threads:[~2021-06-29 1:32 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-11 11:56 [PATCH v6 0/3] ima-evm-utils: Add --keyid option Vitaly Chikunov
2021-05-11 11:56 ` [PATCH v6 1/3] ima-evm-utils: Allow manual setting keyid for signing Vitaly Chikunov
2021-06-25 12:21 ` Mimi Zohar
2021-06-26 0:42 ` Vitaly Chikunov
2021-06-28 20:50 ` Mimi Zohar
2021-06-29 1:32 ` Vitaly Chikunov [this message]
2021-06-30 16:39 ` Mimi Zohar
2021-06-30 19:44 ` Vitaly Chikunov
2021-06-30 20:47 ` Mimi Zohar
2021-06-30 21:10 ` Vitaly Chikunov
2021-06-30 21:32 ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 2/3] ima-evm-utils: Allow manual setting keyid from a cert file Vitaly Chikunov
2021-06-25 12:22 ` Mimi Zohar
2021-06-26 0:27 ` Vitaly Chikunov
2021-06-30 16:39 ` Mimi Zohar
2021-05-11 11:56 ` [PATCH v6 3/3] ima-evm-utils: Read keyid from the cert appended to the key file Vitaly Chikunov
2021-06-25 12:22 ` Mimi Zohar
2021-06-26 0:21 ` Vitaly Chikunov
2021-06-30 17:38 ` Mimi Zohar
2021-06-30 19:10 ` Vitaly Chikunov
2021-06-30 19:26 ` Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210629013201.xelhje2hmiuqybrt@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=ldv@altlinux.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.