> Oh, sorry, I've forgot to update "status" here.
> We can't merge a patch that fails the CI tests - this fails because fsverity 
> is enabled in the CI but the library doesn't exist in Fedora 32. Hardly 
> surprising as the library version isn't even released upstream AFAICS. That 
> can be worked around by not enabling it in the CI, but I'm also not going to 
> merge a patch I've never seen compile (and I haven't gotten around to build 
> from upstream yet, although I did notice the library thing has been merged). 
> I'd prefer to see an upstream release of fsverity library before merging and 
> optimally, said version in Fedora >= 32 so we could enable it in CI, but I do 
> realize there could be other incompatibilities preventing the latter from 
> occurring so that can't be a hard requirement.
> Speaking of enabling it in configure, I just noticed that it doesn't actually 
> check for fsverity presence in configure, so if enabled but missing it'll 
> fail in middle of compilation instead of configure time as it should. So 
> there's a minor tweak that'll be needed.

That is is totally fair, I was assuming that. My question was more about 
whether you are happy with the code as it is, while we wait for the library. we 
are really keen to start using it internally, so I wanted to be sure to agree 
on the tag numbers at least, to avoid binary incompatibilities.

RPM doesn't actually need the fsverity utility to be present, but it does need 
libfsverity, and there is a link test for that in configure. We should also 
check for the presence of libfsverity.h, since that is now going into a 
fsverity-devel package, while the library goes into the fsverity package.

The plugin only needs linux/fsverity.h since it only calls the ioctl() to 
enable things, and that looks to be covered.

I'll look into updating configure to also check for libfsverity.h and push 
further for an official upstream release of fsverity-utils, so I can push it 
into Fedora. I have been pushing for this regularly.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to