On 2017-09-27 11:20, Claudius Heine wrote: > Hi, > > On 09/27/2017 10:59 AM, Jan Kiszka wrote: >> On 2017-09-27 10:08, [ext] Jan Kiszka wrote: >>> On 2017-09-27 10:03, Claudius Heine wrote: >>>> Hi Jan, >>>> >>>> On 09/27/2017 09:25 AM, Jan Kiszka wrote: >>>>> On 2017-09-26 15:22, [ext] [email protected] wrote: >>>>>> From: Claudius Heine <[email protected]> >>>>>> >>>>>> Signed-off-by: Claudius Heine <[email protected]> >>>>>> --- >>>>>> .travis.yml | 19 ++++++++++++++++++- >>>>>> 1 file changed, 18 insertions(+), 1 deletion(-) >>>>>> >>>>>> diff --git a/.travis.yml b/.travis.yml >>>>>> index 4fa4045..db7c1f6 100644 >>>>>> --- a/.travis.yml >>>>>> +++ b/.travis.yml >>>>>> @@ -15,6 +15,10 @@ env: >>>>>> - TARGET=native >>>>>> - TARGET=i586 >>>>>> - TARGET=cppcheck >>>>>> + global: >>>>>> + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, >>>>>> created >>>>>> + # via the "travis encrypt" command using the project repo's >>>>>> public key >>>>>> + - secure: "" >>>>> >>>>> Don't get the role of this statement yet, specifically not from the >>>>> comment. We don't have this in Jailhouse as well. So, either this >>>>> statement is unneeded, or we have a gap in our Jailhouse config. >>>> >>>> You need to insert the security token you get from coverity here. I >>>> deleted mine before sending this patch. >>> >>> Still no explanation why we need "- secure:". >>> >>> OK, I will try removing that statement to see if there is a real need >>> (unlikely, given that Jailhouse also works fine without it). >>> >> >> Works perfectly. You can pick up the change from current coverity_scan >> branch, including the fix for the certs stuff. > > If it works ok, but I am not feeling completely comfortable using it > different from how its documented.
OK, to clarify this: There are two ways to get secure vars into your build. One is based on encrypting the var via a local tool (travis encrypt SOMEVAR="secretvalue"), the other is using the web interface and storing the var securely there. For Jailhouse and now also for EFI Boot Guard, we chose the second path. That makes the secure statement obsolete (and the empty one was useless anyway). Jan -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/b9ee2c47-258e-a34c-8def-e5a3ee095873%40siemens.com. For more options, visit https://groups.google.com/d/optout.
