Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not add webhook server certificate to system CA trust store #662

Merged
merged 4 commits into from
Oct 7, 2024
Merged

Do not add webhook server certificate to system CA trust store #662

merged 4 commits into from
Oct 7, 2024

Conversation

kkaarreell
Copy link
Collaborator

Adding the CA certificate to 'trusted_server_ca' configuration should be sufficient.

ansasaki and others added 2 commits October 7, 2024 16:19
@ansasaki @kkaarreell
Do not add webhook server certificate to system CA trust store
6b368e9 
Adding the CA certificate to 'trusted_server_ca' configuration should be
sufficient.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
@kkaarreell
Ignore if rpm-plugin-ima cannot be uninstalled
3132cad
@kkaarreell kkaarreell self-assigned this Oct 7, 2024
@ansasaki @kkaarreell
Use current code with old version on API bump test
e5526f5 
Instead of using an old version of the agent, use the current code, but
replacing the API version with an older supported version.

This will reduce the chaces of compilation issues due to updated rust
compiler or changes in the availability of dependencies.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
@ansasaki @kkaarreell
Use the latest old supported version that is not the current version
7b94811 
This change is to cover a corner case when the python components API
version is bumped before the agent API version is bumped.

In such a case, the latest old supported API version for the verifier
would be the current agent API version. Then it is necessary to use the
second to last to cause a difference in the API version.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
@kkaarreell
Copy link
Collaborator Author

No point waiting, current keylime is broken.

@kkaarreell kkaarreell merged commit 7687470 into fedora-rawhide Oct 7, 2024
2 of 3 checks passed
@kkaarreell kkaarreell deleted the ks_backport_602 branch October 7, 2024 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kkaarreell kkaarreell

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kkaarreell @ansasaki