> From: Neal Gompa [mailto:ngompa13@xxxxxxxxx] > Sent: Tuesday, December 28, 2021 3:57 PM [...] > In general, Fedora does not include non-upstream functionality in its > Linux kernel builds. This can be frustrating for development and cases > where upstream requires downstream validation before upstream > acceptance, but in this case, I recommend having a COPR build of the > kernel with the patchset added. Here you can find my repository: https://copr.fedorainfracloud.org/coprs/robertosassu/DIGLIM/ It is feature-complete, at least for the kernel part. If you install the package, you could see both IMA appraisal working on all files shipped with Fedora 34, and the deterministic IMA measurement list (with only the RPM headers, unless you execute something else). The installation instructions are available here: https://lore.kernel.org/linux-integrity/48cd737c504d45208377daa27d625531@xxxxxxxxxx/ I will provide more examples, how to add user-generated digest lists, based on our digest-list-tools, available here: https://github.com/openeuler-mirror/digest-list-tools > It also looks like there's some userspace work that needs to be done > too. It'd be good to have those patches reviewed by their respective > upstreams sooner rather than later. For example, I haven't seen a PR > proposed to RPM for the plugin. Ok. Will do it, we already developed the code for openEuler. > I also agree that this feature is unlikely to affect people, as this > feature will not be enabled by default. It would be extremely useful > for people building Fedora-based appliances which need tamper > protection for various reasons. And Fedora derivatives (like > RHEL/CentOS, Amazon Linux, openEuler, etc.) can benefit from us having > the functionality integrated even if we don't enable it by default. > > Finally, I have trouble accessing gitee.com, can you put this stuff > somewhere that is more accessible (like pagure.io, gitlab.com, or > github.com)? Sure. The README and the repository are also accessible here: https://github.com/openeuler-mirror/attest-tools/blob/master/README.en.md Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
