Stefan, On Thu, May 06, 2021 at 04:10:25PM -0400, Stefan Berger wrote: > On 5/5/21 11:46 PM, Vitaly Chikunov wrote: > > Allow user to set signature's keyid using `--keyid' option. Keyid should > > correspond to SKID in certificate. When keyid is calculated using SHA-1 > > in libimaevm it may mismatch keyid extracted by the kernel from SKID of > > certificate (the way public key is presented to the kernel), thus making > > signatures not verifiable. This may happen when certificate is using non > > SHA-1 SKID (see rfc7093) or just 'unique number' (see rfc5280 4.2.1.2). > > As a last resort user may specify arbitrary keyid using the new option. > > Certificate @filename could be used instead of the hex number. And, > > third option is to read keyid from the cert appended to the key file. > > > > These commits create backward incompatible ABI change for libimaevm, > > thus soname should be incremented on release. > > I hope this will not be forgotten about. Maybe it should be part of this > series here? https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html "Update the version information only immediately before a public release of your software." I believe we should follow this. Thanks,
