On Wed, Jan 04, 2023 at 11:51:52AM +0000, Jarkko Sakkinen wrote: > On Tue, Dec 13, 2022 at 07:34:00PM -0500, Eric Snowberg wrote: > > +/** > > + * restrict_link_by_ca - Restrict additions to a ring of CA keys > > + * @dest_keyring: Keyring being linked to. > > + * @type: The type of key being added. > > + * @payload: The payload of the new key. > > + * @trust_keyring: Unused. > > + * > > + * Check if the new certificate is a CA. If it is a CA, then mark the new > > + * certificate as being ok to link. > > + * > > + * Returns 0 if the new certificate was accepted, -ENOKEY if the > > + * certificate is not a CA. -ENOPKG if the signature uses unsupported > > + * crypto, or some other error if there is a matching certificate but > > + * the signature check cannot be performed. > > + */ > > +int restrict_link_by_ca(struct key *dest_keyring, > > + const struct key_type *type, > > + const union key_payload *payload, > > + struct key *trust_keyring) > > Why you want to define trust_keyring, other than matching the parameter > list in restrict_link_by_signature()? > > Also if it is unused, it should be then just "struct key *)", right? Please ignore, I forgot how this worked, i.e. "restriction" is set to the correct function so this looks correct to me :-) So it's good. Sorry for the confusion. BR, Jarkko
