Re: Tools for testing Grub / Go OpenPGP compatibility

[Daniel Axtens]

Charles Duffy <charles@dyfis.net> writes:

> On Wed, May 27, 2020 at 11:42 PM Daniel Axtens <dja@axtens.net> wrote:
>
>> My team has been working on the verifier area to support appended
>> signatures (used to sign Linux kernel modules, and on at least powerpc64
>> also used to sign the kernel), so I have some familiarity with the
>> area. Where would I find the original patch?
>>
>
> Thank you!
>
> The most recent version I'm aware of is
> https://lists.gnu.org/archive/html/grub-devel/2016-11/msg00073.html,
> from November 18, 2016. An earlier version can also be found at
> https://lists.gnu.org/archive/html/grub-devel/2016-03/msg00298.html (March
> 30, 2016). The version the test suite uses for its "grub_202_patched" build
> is at
> https://github.com/charles-dyfis-net/grub-openpgp-compat-test/blob/master/pkgs/grub_2.02/openpgp-hashed-keyid-subpacket.patch,
> but since I did some repair to square it against the final grub 2.02
> release it's not Ignat's original work.

Thanks. I have used your one on github and rebased it onto master. It
was painful but not stupendously so, although my experience is doing a
lot of linux kernel backports so I have a very high bar.

I'm posting it to the list now. I will need to see a copy of your patch
with an appropriate Signed-off-by before I can add my Signed-off-by, per
the DCO rules, and I imagine it'll also be in need of some cleanup too.

Regards,
Daniel

> Any guidance you're willing to offer would be welcome -- I'm hoping to find
> a good chunk of time this weekend, but it's been ~20 years since I spent
> the bulk of my time in C, so there's been a bit of skillset atrophy; I'm
> trying to be slow and cautious. The next step I'm planning on taking is
> amending the test framework to automate attaching gdb to its test cases;
> with that done, I expect to be in a place to start walking through the
> existing code and making notes on how existing behavior squares with the
> RFC.