picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src
History
Lennart Poettering c9c7206541 resolved: when validating, first strip revoked trust anchor keys from validated keys list 
When validating a transaction we initially collect DNSKEY, DS, SOA RRs
in the "validated_keys" list, that we need for the proofs. This includes
DNSKEY and DS data from our trust anchor database. Quite possibly we
learn that some of these DNSKEY/DS RRs have been revoked between the
time we request and collect those additional RRs and we begin the
validation step. In this case we need to make sure that the respective
DS/DNSKEY RRs are removed again from our list. This patch adds that, and
strips known revoked trust anchor RRs from the validated list before we
begin the actual validation proof, and each time we add more DNSKEY
material to it while we are doing the proof.
 		2016-01-11 19:39:59 +01:00
..
ac-power
activate util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
analyze analyze: verify verifies templates too 2015-12-14 07:11:03 +00:00
ask-password strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_ 2015-10-19 23:13:07 +02:00
backlight tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
basic basic: introduce generic ascii_strlower_n() call and make use of it everywhere 2016-01-11 19:39:59 +01:00
binfmt defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
boot tree-wide: sort includes 2015-11-16 22:09:36 +01:00
bootchart tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
bus-proxyd tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgls tests: turn check if manager cannot be intialized into macro 2015-12-02 09:50:00 -05:00
cgroups-agent tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgtop tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
compat-libs
core Merge pull request #2262 from pohly/smack-network 2016-01-11 17:30:15 +01:00
cryptsetup tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
dbus1-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
debug-generator debug-generator: respect kernel parameters for default unit setting 2015-11-03 14:47:39 +03:00
delta treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
detect-virt detect-virt: add new --chroot switch to detect chroot() environments 2015-10-27 13:25:57 +01:00
escape util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
firstboot firstboot: log on take_etc_passwd_lock error too 2015-11-15 18:30:26 +00:00
fsck tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
fstab-generator fstab-gen: post can't be NULL 2015-11-25 21:21:44 +01:00
getty-generator util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
gpt-auto-generator tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
hibernate-resume tree-wide: sort includes 2015-11-16 22:09:36 +01:00
hostname treewide: fix typos and indentation 2015-12-14 15:53:11 +01:00
hwdb tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
import importd: drop dkr support 2015-12-10 16:54:41 +01:00
initctl tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
journal Merge pull request #2158 from keszybz/journal-decompression 2015-12-23 21:31:07 +01:00
journal-remote Merge pull request #2287 from dandedrick/journal-gatewayd-timeout-fix 2016-01-08 09:25:21 +01:00
kernel-install 90-loaderentry.install: fixup BOOT_OPTIONS 2015-06-02 16:10:06 +02:00
libsystemd sd-netlink: fix assert 2016-01-10 15:36:03 +01:00
libsystemd-network Merge pull request #2223 from ssahani/lldp 2015-12-25 00:40:07 -05:00
libudev libudev: simplify udev_device_ensure_usec_initialized a bit 2015-12-07 00:44:14 -05:00
locale tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
login Fix typo on logind-dbus.c 2015-12-19 12:46:09 +01:00
machine machine: fix typo: MS_MOUNT does not exist 2016-01-05 16:14:42 +01:00
machine-id-setup tree-wide: sort includes 2015-11-16 22:09:36 +01:00
modules-load defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
network tree-wide: unify argument lists of IN_SET() 2016-01-10 18:10:08 +01:00
notify util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nspawn nspawn: fix two typos in error messages 2016-01-06 14:57:29 +01:00
nss-myhostname util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nss-mymachines tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
nss-resolve tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
path util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
quotacheck tree-wide: sort includes 2015-11-16 22:09:36 +01:00
random-seed util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
rc-local-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
remount-fs remount-fs: modernize coding style a bit 2015-11-17 00:52:10 +01:00
reply-password util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
resolve resolved: when validating, first strip revoked trust anchor keys from validated keys list 2016-01-11 19:39:59 +01:00
resolve-host resolve: add RFC4501 URI support to systemd-resolve-host 2016-01-03 12:59:26 +01:00
rfkill tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
run tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
shared shared: simplify dns_name_hash_func() end of name detection 2016-01-11 19:39:59 +01:00
sleep util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
socket-proxy util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
sysctl defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
system-update-generator util-lib: move a number of fs operations into fs-util.[ch] 2015-10-27 13:25:56 +01:00
systemctl tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
systemd resolved: introduce support for per-interface negative trust anchors 2016-01-06 18:36:32 +01:00
sysusers defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
sysv-generator install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data 2015-11-12 17:57:04 +01:00
test tests: don't change hard limit in test-rlimit-util 2016-01-04 07:56:48 +00:00
timedate tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
timesync tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
tmpfiles tmpfiles: create subvolumes for "v", "q", and "Q" only if / is a subvolume 2015-11-16 15:25:42 +01:00
tty-ask-password-agent tty-ask-password-agent: fix typo in error message 2015-11-05 13:44:01 +01:00
udev udev: Fix touch screen detection 2016-01-01 13:35:36 +01:00
update-done util-lib: split out IO related calls to io-util.[ch] 2015-10-26 01:24:38 +01:00
update-utmp tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
user-sessions user-sessions: make sure /run/nologin has correct SELinux label 2015-12-04 22:01:17 +01:00
vconsole treewide: use the negative error codes returned by our functions 2015-11-05 13:44:06 +01:00
.gitignore
Makefile