Skip to content

scripts: Allow certificate binary files in networking samples#70817

Closed
jukkar wants to merge 1 commit intozephyrproject-rtos:mainfrom
jukkar:fix/compliance-check-allow-sample-cert-bin-files
Closed

scripts: Allow certificate binary files in networking samples#70817
jukkar wants to merge 1 commit intozephyrproject-rtos:mainfrom
jukkar:fix/compliance-check-allow-sample-cert-bin-files

Conversation

@jukkar
Copy link
Member

@jukkar jukkar commented Mar 28, 2024

The samples could have certificate files (with .der suffix) like for example in networking samples. Allow these binary files in the samples/net directory.
@jukkar
scripts: Allow certificate binary files in networking samples
be6c5a3 
The samples could have certificate files (with .der suffix)
like for example in networking samples. Allow these binary files
in the samples/net directory.

Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
@jukkar
Copy link
Member Author

jukkar commented Mar 28, 2024

This is related to compliance issue in #63531 which adds a new sample with binary certificates.
@jukkar jukkar added the Trivial Changes that can be reviewed by anyone, i.e. doc changes, minor build system tweaks, etc. label Mar 28, 2024
@fabiobaltieri
Copy link
Member

fabiobaltieri commented Mar 30, 2024

Hey @jukkar do you expect these to change often or to need more? I'm wondering if it would not be a better idea to bypass compliance for this one on the specific pull request if you expect it to be a one-off. Been reading about the recent xz backdoor story and I'm thinking it may be a good idea to keep binary files in samples manually vetted, now that I look at it even the current list freaks me out a bit.
@kartben
Copy link
Contributor

kartben commented Mar 30, 2024

Hey @jukkar do you expect these to change often or to need more? I'm wondering if it would not be a better idea to bypass compliance for this one on the specific pull request if you expect it to be a one-off. Been reading about the recent xz backdoor story and I'm thinking it may be a good idea to keep binary files in samples manually vetted, now that I look at it even the current list freaks me out a bit.

Very good point. Another option might be to document and explain to the user how they can generate their own certificate?
@jukkar
Copy link
Member Author

jukkar commented Mar 31, 2024

Hey @jukkar do you expect these to change often or to need more? I'm wondering if it would not be a better idea to bypass compliance for this one on the specific pull request if you expect it to be a one-off

At least for now, this would be one-off and we could handle it case by case. I do not mind if we have to manually override the check in the future. Feel free to close this one if you think it makes more sense that way.
fabiobaltieri
fabiobaltieri requested changes Mar 31, 2024
View reviewed changes
Copy link
Member

@fabiobaltieri fabiobaltieri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At least for now, this would be one-off and we could handle it case by case. I do not mind if we have to manually override the check in the future. Feel free to close this one if you think it makes more sense that way.

I think we may take that way for now, we can always revisit if it gets in the way again. I'll put a block on this while the others take a look as well.
@fabiobaltieri fabiobaltieri mentioned this pull request Mar 31, 2024
Closed
@jukkar
Copy link
Member Author

jukkar commented Apr 17, 2024

Also #64465 will need force merge as it will contain a sample with certificates.
@jfischer-no
Copy link
Contributor

jfischer-no commented Apr 18, 2024

Binary test files are cool, one can hide easter eggs in them.
@jukkar jukkar mentioned this pull request Apr 30, 2024
Merged
@fabiobaltieri
Copy link
Member

fabiobaltieri commented May 2, 2024

Dependent PR has been merged, closing this down, thanks for your understanding Jukka.
@jukkar jukkar mentioned this pull request Sep 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: Coding Guidelines Coding guidelines and style area: Continuous Integration Trivial Changes that can be reviewed by anyone, i.e. doc changes, minor build system tweaks, etc.

7 participants

@jukkar @fabiobaltieri @kartben @jfischer-no @stephanosio @keith-zephyr @zephyrbot