On Tue, Dec 13, 2022 at 07:34:00PM -0500, Eric Snowberg wrote: > +/** > + * restrict_link_by_ca - Restrict additions to a ring of CA keys > + * @dest_keyring: Keyring being linked to. > + * @type: The type of key being added. > + * @payload: The payload of the new key. > + * @trust_keyring: Unused. > + * > + * Check if the new certificate is a CA. If it is a CA, then mark the new > + * certificate as being ok to link. > + * > + * Returns 0 if the new certificate was accepted, -ENOKEY if the > + * certificate is not a CA. -ENOPKG if the signature uses unsupported > + * crypto, or some other error if there is a matching certificate but > + * the signature check cannot be performed. > + */ > +int restrict_link_by_ca(struct key *dest_keyring, > + const struct key_type *type, > + const union key_payload *payload, > + struct key *trust_keyring) Why you want to define trust_keyring, other than matching the parameter list in restrict_link_by_signature()? Also if it is unused, it should be then just "struct key *)", right? BR, Jarkko
