Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.7] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys #39

Merged
merged 4 commits into from Jun 25, 2021
Merged

[release-4.7] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys #39

merged 4 commits into from Jun 25, 2021

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #37

/assign dagrayvid

Zvonko Kaiser and others added 4 commits June 23, 2021 18:52
Requirements for authenticating kernel modules with X.509 keys
242f176 
In RHEL 8, when a kernel module is loaded, the kernel checks the signature of the module against the public X.509 keys from the kernel system keyring (.builtin_trusted_keys) and the kernel platform keyring (.platform). The .platform keyring contains keys from third-party platform providers and custom public keys. The keys from the kernel system .blacklist keyring are excluded from verification.
@yselkowitz
Only install mokutil on relevant architectures
a5f2fb3
@dagrayvid
Rewrite architecture check for mokutil installation for ART reconcili…
4622327 
…ation
@dagrayvid
Rearrange architecture check to be POSIX compliant and hopefully work…
8926676 
… with doozer
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 23, 2021
Merged
@openshift-ci openshift-ci bot requested review from dagrayvid and kpouget June 23, 2021 18:52
@openshift-ci
Copy link

openshift-ci bot commented Jun 23, 2021

@openshift-cherrypick-robot: Bugzilla bug 1972676 has been cloned as Bugzilla bug 1975479. Retitling PR to link against new bug.
/retitle [release-4.7] [release-4.8] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys

In response to this:

[release-4.7] [release-4.8] Bug 1972676: Requirements for authenticating kernel modules with X.509 keys

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot changed the title [release-4.7] [release-4.8] Bug 1972676: Requirements for authenticating kernel modules with X.509 keys [release-4.7] [release-4.8] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys Jun 23, 2021
@openshift-ci openshift-ci bot added bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Jun 23, 2021
@openshift-ci
Copy link

openshift-ci bot commented Jun 23, 2021

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1975479, which is invalid:

  • expected dependent Bugzilla bug 1972676 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.7] [release-4.8] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@zvonkok zvonkok changed the title [release-4.7] [release-4.8] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys [release-4.7] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys Jun 23, 2021
@zvonkok
Copy link
Contributor

zvonkok commented Jun 24, 2021

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 24, 2021
@openshift-ci
Copy link

openshift-ci bot commented Jun 24, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: openshift-cherrypick-robot, zvonkok

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 24, 2021
@dagrayvid
Copy link
Contributor

/bugzilla refresh

@openshift-ci openshift-ci bot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jun 24, 2021
@openshift-ci
Copy link

openshift-ci bot commented Jun 24, 2021

@dagrayvid: This pull request references Bugzilla bug 1975479, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.7.z) matches configured target release for branch (4.7.z)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1972676 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
  • dependent Bugzilla bug 1972676 targets the "4.8.0" release, which is one of the valid target releases: 4.8.0
  • bug has dependents

Requesting review from QA contact:
/cc @wabouhamad

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jun 24, 2021
@openshift-ci openshift-ci bot requested a review from wabouhamad June 24, 2021 15:34
@bparees bparees added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jun 25, 2021
@openshift-merge-robot openshift-merge-robot merged commit 1f88ffe into openshift:release-4.7 Jun 25, 2021
@openshift-ci
Copy link

openshift-ci bot commented Jun 25, 2021

@openshift-cherrypick-robot: All pull requests linked via external trackers have merged:

Bugzilla bug 1975479 has been moved to the MODIFIED state.

In response to this:

[release-4.7] Bug 1975479: Requirements for authenticating kernel modules with X.509 keys

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dagrayvid
Copy link
Contributor

/cherry-pick release-4.6

@openshift-cherrypick-robot
Copy link
Author

@dagrayvid: new pull request created: #43

In response to this:

/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 25, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagrayvid dagrayvid Awaiting requested review from dagrayvid

@kpouget kpouget Awaiting requested review from kpouget

@wabouhamad wabouhamad Awaiting requested review from wabouhamad

Assignees

@zvonkok zvonkok

@dagrayvid dagrayvid

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@openshift-cherrypick-robot @zvonkok @dagrayvid @bparees @openshift-merge-robot @yselkowitz