This allows to get a trusted image with known digest value
that is embedded in the ipxe script
example usage:
imgtrust
kernel http://boot.ipxe.org/memtest.0
sha1verify memtest.0 5d78d4c7e97c99bca3d3dff602b84dde5b70c5bf
boot
an md5verify cmd could easily be added,
but would not be recommended to u
@bmwiedemann pushed 1 commit.
0bc371d [digest] shift more code into shared function
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/ipxe/ipxe/pull/57/files/07f50e49126f2c98c1cb5160287bc2de447f95e0..0bc371d4ab27f7baee1968a5064fef1094bb2
ping
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecomment-290089937___
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.i
trncpy' specified bound 8 equals destination
size [-Werror=stringop-truncation]
It seems hdr.Name is not supposed to be null-terminated,
so memcpy is more appropriate.
Signed-off-by: Bernhard M. Wiedemann
---
src/util/elf2efi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --
#1090355]
Signed-off-by: Bruce Rogers
Acked-by: Bernhard M. Wiedemann
---
In http://lists.ipxe.org/pipermail/ipxe-devel/2018-April/006144.html
Michael Brown wrote:
> I'll happily accept patches to alter gcc's behaviour so that it does not
> report false positive warnings
Do not use random build_ids
to allow for reproducible builds of .rom files
and xen hvmloader (which embeds those)
See https://reproducible-builds.org/ for why this matters.
Signed-off-by: Bernhard M. Wiedemann
You can view, comment on, or merge this pull request online at:
https://github.com
I just noticed that this is similar to #34 but I cannot follow up on either.
So, if someone wants to pick this up, I'd welcome it.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecom
The idea of the patch was that hashing all relevant inputs still gives
build-ids that are different when they should.
I was trying to get xen to build reproducibly, but just noticed that it does
not even run this code-path for its etherboot. So I cannot test this.
Feel free to close.
--
You are
8 matches
Mail list logo