Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

more software signatures #1301

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

more software signatures #1301

wants to merge 2 commits into from

Conversation

jstucke
Copy link
Collaborator

@jstucke jstucke commented Nov 18, 2024

  • added some software signatures (mbed TLS, file, opkg)

@jstucke jstucke self-assigned this Nov 18, 2024
@codecov-commenter
Copy link

codecov-commenter commented Nov 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 7 lines in your changes missing coverage. Please review.

Project coverage is 92.07%. Comparing base (bd5bdb0) to head (08eb5b6).
Report is 16 commits behind head on master.

Files with missing lines Patch % Lines
...is/software_components/code/software_components.py 61.11% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1301      +/-   ##
==========================================
- Coverage   92.21%   92.07%   -0.15%     
==========================================
  Files         377      378       +1     
  Lines       23068    21429    -1639     
==========================================
- Hits        21273    19730    -1543     
+ Misses       1795     1699      -96

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@maringuu
Copy link
Collaborator

Can you document somewhere (commit message/code comments), why these signatures are correct?
I think it is important to not only have signatures, but also be able to verify why they are correct.
The most preferable proof would we permalinks to source code, but I'm happy with anything that allows me to understand why the signatures are as they are.

@jstucke jstucke force-pushed the software-signatures branch from 7696794 to 4e854ef Compare December 4, 2024 16:36
@jstucke
Copy link
Collaborator Author

jstucke commented Dec 4, 2024
edited
Loading

Can you document somewhere (commit message/code comments), why these signatures are correct? I think it is important to not only have signatures, but also be able to verify why they are correct. The most preferable proof would we permalinks to source code, but I'm happy with anything that allows me to understand why the signatures are as they are.

I tried to find the corresponding places in the source code but I also found that in libmagic the version is stored as an integer instead of a string. The FSR currently does not have the capability to extract integers, so I added it.

@jstucke
feat: added the capability to extract version constants to the FSR
08eb5b6 
and also added a substitution option for software signatures to change the format (e.g. add dots)
@jstucke jstucke force-pushed the software-signatures branch from 4e854ef to 08eb5b6 Compare December 5, 2024 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jstucke jstucke

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jstucke @codecov-commenter @maringuu