mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-12 09:58:36 +00:00
f616d61ab6
By default only report unverified files at severity VE_WANT and above. This inlcudes *.conf but not *.hints, *.cookie or *.tgz which get VE_TRY as their severity. If Verbose is set to 0, then VerifyFlags should default to 0 too. Thus the combination of module_verbose=0 VE_VEBOSE=0 is sufficient to make the loader almost totally silent. When verify_prep has to find_manifest and it is verified ok return VE_NOT_CHECKED to verify_file so that it can skip repeating verify_fd Also add better debugging output for is_verified and add_verify_status. vectx handle compressed modules When verifying a compressed module (.ko.gz or .ko.bz2) stat() reports the size as -1 (unknown). vectx_lseek needs to spot this during closing - and just read until EOF is hit. Note: because of the way libsa's open() works, verify_prep will see the path to be verified as module.ko not module.ko.bz2 etc. This is actually ok, because we need a separate module.ko.bz2 entry so that the package can be verified, and the hash for module.ko is of the uncompressed file which is what vectx will see. Re-work local.trust.mk so site.trust.mk need only set VE_SIGN_URL_LIST (if using the mentioned signing server) interp.c: restrict interactive input Apply the same restrictions to interactive input as for unverified conf and hints files. Use version.veriexec when LOADER_VERIEXEC is yes Reviewed by: kevans Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D43810 |
||
|---|---|---|
| .. | ||
| bcache.c | ||
| boot.c | ||
| bootstrap.h | ||
| commands.c | ||
| console.c | ||
| dev_net.c | ||
| dev_net.h | ||
| devopen.c | ||
| disk.c | ||
| disk.h | ||
| gfx_fb_stub.c | ||
| gfx_fb.c | ||
| gfx_fb.h | ||
| help.common | ||
| install.c | ||
| interp_backslash.c | ||
| interp_forth.c | ||
| interp_lua.c | ||
| interp_parse.c | ||
| interp_simple.c | ||
| interp.c | ||
| isapnp.c | ||
| isapnp.h | ||
| load_elf32_obj.c | ||
| load_elf32.c | ||
| load_elf64_obj.c | ||
| load_elf64.c | ||
| load_elf_obj.c | ||
| load_elf.c | ||
| ls.c | ||
| Makefile.depend | ||
| md.c | ||
| merge_help.awk | ||
| metadata.c | ||
| misc.c | ||
| modinfo.c | ||
| modinfo.h | ||
| module.c | ||
| newvers.sh | ||
| nvstore.c | ||
| part.c | ||
| part.h | ||
| paths.h | ||
| pnp.c | ||
| rbx.h | ||
| readin.h | ||
| reloc_elf32.c | ||
| reloc_elf64.c | ||
| reloc_elf.c | ||
| self_reloc.c | ||
| tslog.c | ||
| vdisk.c | ||
| zfs_cmd.c | ||