Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gpg2 with all fixes included #510

Merged
merged 23 commits into from Feb 8, 2019
Merged

Gpg2 with all fixes included #510

merged 23 commits into from Feb 8, 2019

Conversation

tlaurion
Copy link
Collaborator

@tlaurion tlaurion commented Jan 26, 2019
edited

Supersedes gpg2 branch that is not based on master

@kylerankin @flammit : please review!

@kylerankin please rebase #490 on this branch?
I'll then propose factory resetting options based on #490.

This was referenced Jan 26, 2019
Closed
Closed
@tlaurion
Copy link
Collaborator Author

fixes #435

@tlaurion tlaurion mentioned this pull request Jan 26, 2019
Closed
@tlaurion
Copy link
Collaborator Author

tlaurion commented Jan 26, 2019
edited

Deleted.

@jandryuk
Copy link
Contributor

Should this PR be cleaned up? Off the top of my head, these two commits cancel reach other out:
02728ff
ee12c3a

Those two could just be dropped.

Other commits are fix ups that could just be squashed.

tlaurion and others added 9 commits January 29, 2019 11:15
@tlaurion
GPG_TTY is forced to /dev/console under init. Ash console is never ca…
fb3e206 
…lled; trying to get console tty from the tty returns "no console". NEEDs BETTER FIX.
@tlaurion
instruct gpg to use gpg-agent.
46ddc20
@tlaurion
Port gpg1 patch to gpg2 to force crosscompiling and output to stderr.
75c1148
@jandryuk @tlaurion
Set GPG_TTY before calling gpg in key-init
ca3a5fd 
gpg2 needs GPG_TTY set to function properly.  We set it in /init so it
is inherited by all children.  The call to $(tty) must be after /dev and
(preferably) /dev/pts are mounted.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
@itay-grudev @tlaurion
Enabled GPG2 in the Librem board config
92c547c
@itay-grudev @tlaurion
Disabled libsecret support in the pinentry module
3bc7949
@tlaurion
Removing CONFIG_GPG in librem boards
4f75da7
@tlaurion
GPG2 required changes for key and trustdb generation and inclusion in…
5eee5aa 
… rom

.ash_history: add examples to generate keys and otrust in rom
flash-gui: export otrust and import it in rom
key-init: import otrust.txt if present to supress warning about user public key being untrusted
@tlaurion
module/pinentry: disable-pinentry-qt instead of qt5
8dd1082 
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
@tlaurion
Copy link
Collaborator Author

tlaurion commented Jan 29, 2019
edited

@jandryuk

Should this PR be cleaned up? Off the top of my head, these two commits cancel reach other out:
02728ff
ee12c3a

Those two could just be dropped.

Done.

@flammit @kylerankin : something else? Ready to merge?

@tlaurion
Copy link
Collaborator Author

tlaurion commented Jan 30, 2019
edited

Deleted. Will be done in anoother PR. Not pertinent here and complicates things.

@kylerankin
Copy link
Collaborator

I'd prefer separating any factory-reset dependencies from just having gpg2 be implemented in Heads. Then changes we'd need to make so your factory-reset workflow works would be limited to those PRs.

@tlaurion
Copy link
Collaborator Author

tlaurion commented Feb 8, 2019
edited

@kylerankin actually, this is already in this state for the current PR.

I would add some changes i've done so that otrust.txt export at key generation is not needed anymore, the trusting being applied when the armored gpg key is imported.

@tlaurion
properly deal with trusting keys to supress UX confusion about truste…
005a19e 
…d keys

key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability.
flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
@tlaurion
Copy link
Collaborator Author

tlaurion commented Feb 8, 2019
edited

@jandryuk @flammit @kylerankin : please comment the code ASAP so we can merge ASAP.
Thanks. :)

kylerankin
kylerankin approved these changes Feb 8, 2019
View reviewed changes
Copy link
Collaborator

@kylerankin kylerankin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

@tlaurion tlaurion merged commit eafb470 into linuxboot:master Feb 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylerankin kylerankin kylerankin approved these changes

@osresearch osresearch Awaiting requested review from osresearch

@flammit flammit Awaiting requested review from flammit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@tlaurion @jandryuk @kylerankin @druimalban @osresearch @itay-grudev