Deserialize plain DI certs as raw DER #1953
Triggered via pull request
September 7, 2023 14:30
Status
Failure
Total duration
12m 26s
Artifacts
–
ci.yml
on: pull_request
Test docs building
29s
Build containers
12m 15s
Check spelling
15s
Rustfmt
15s
Gofmt
4s
Clippy
5m 5s
build_and_test
5m 22s
commitlint
32s
Test man page generation
1m 3s
Test Devcontainer Creation
7m 59s
Annotations
1 error and 1 warning
commitlint
You have commit messages with errors
⧗ input: Deserialize plain DI certs as raw DER
Because of the deserialize implementation that's automatically
generated, at this moment the expected value for the public_key_store
in the manufacturing server is a CBOR array of the DER certificate.
This commit adds a new type PlainBytes which (de)serializes
transparently, and makes the manufacturing server use it for the public
key store.
NOTE: this means that with this patch, the store format on disk changes.
This store is a ReadOnly (the server will never write to it), but if
anyone would've put a CBOR file in place, that will now fail to open.
Raw DER was always the intention (and documented) format, but it still
is a risk.
Signed-off-by: Patrick Uiterwijk <[email protected]>
Fixes: #477
✖ subject may not be empty [subject-empty]
✖ type may not be empty [type-empty]
⚠ footer must have leading blank line [footer-leading-blank]
✖ found 2 problems, 1 warnings
ⓘ Get help: https://github.com/conventional-changelog/commitlint/#what-is-commitlint
|
Test docs building
github-pages can't satisfy your Gemfile's dependencies.
|