27.10.2020 22:06, Mimi Zohar пишет: > On Tue, 2020-10-27 at 21:51 +0300, Mikhail Novosyolov wrote: >> Hello, >> >> 27.10.2020 19:06, Mimi Zohar пишет: >>> [Cc'ing Wartan Hachaturow] >>> >>> Hi Wartan, >>> >>> On Tue, 2020-10-20 at 20:02 +0200, Petr Vorel wrote: >>>>>> [1] https://bugs.debian.org/972459 linux: Reenable CONFIG_IMA >>>>> I wasn't aware that because of lockdown, IMA was disabled. Thank you >>>>> for reporting and updating the IMA w/lockdown status. >>>> Feel free to comment it, please. It'd be nice to have IMA in Debian (not sure >>>> about Ubuntu status). >>>> >>>> @Dmitry: do you plan to update Debian package? (you're the listed maintainer, >>>> although the package was signed by Wartan Hachaturow). >>> Earlier this year Dmitry Eremin-Solenikov posted a patch to add >>> libressl support to ima-evm-utils. Part of the reason for our adding >>> travis support was in order to create a testing matrix for testing >>> openssl, libressl, ibmtss and tpm2-tss, which further led to the >>> travis-docker distro support. (Due to some issues, the libressl >>> support was not upstreamed.) >> Mimi, it was me who posted patch for LibreSSL ("[PATCH] ima-evm- >> utils: Fix compatibility with LibreSSL"), but unfortunately I did not >> have enough time to finish it properly (I am very sorry...). >> >> I was just going to try a newer version of ima-evm-utils and, if >> possible, continue upstreamizing support of LibreSSL. also, a >> colleague of mine made an additional patch which requires separate >> upstreamization. Was there another patch from Dmitry about which I do >> not know > Mikhail, my mistake. Thank you for the correction! Testing the > libressl changes should be a lot easier now. Please remember to > include a distro travis.yml example. What do you mean? Do you mean adding testing of building ima-evm-utils against LibreSSL? Which environment is used there and which ones are available? There are not many dsitros where LibreSSL is pre-packaged [1], in many of them it is not updated often enough. I would choose either ROSA where I myself maintain LibreSSL and ima-evm-utils or Arch Linux, is at least Arch Linux available in CI/CD environment? Won't we have to deal with often breakages of other parts of the rolling Arch Linux? Also, I can just build LibreSSL from source in any available distro, e.g. Ubuntu, but the pipeline will take a lot more time. How do we better deal with it? [1] https://repology.org/project/libressl/versions
