search

keylime / meetings

Keylime meeting notes
0 stars 7 forks source link

Meeting 10/04/19 #5

Closed lukehinds closed 4 years ago

lukehinds commented 5 years ago

Project Board

https://github.com/orgs/keylime/projects/1

Attendees

Topics

Actions

Meeting Log

hi @/all meeting time! Andrew Toth @atothRedHat Apr 10 16:01 o/ Robbie Harwood @frozencemetery Apr 10 16:01 hello Luke Hinds @lukehinds Apr 10 16:01 looks like I have the right time this week! Mark Bestavros @mbestavros Apr 10 16:02 Hello! leonjia0112 @leonjia0112 Apr 10 16:02 Hello! Luke Hinds @lukehinds Apr 10 16:02 ok ,agenda keylime/meetings#5 Charlie @jetwhiz Apr 10 16:02 Hey all! Luke Hinds @lukehinds Apr 10 16:02 apologies, I never sent this out before. will let you all read over quickly, and just say here if you have an addition TPM 2.0 port keylime/rust-keylime#44 @mbestavros @leonjia0112 ** keylime/rust-keylime#54 leonjia0112 @leonjia0112 Apr 10 16:05 keylime/rust-keylime#54 This should be good for a review by this week. Luke Hinds @lukehinds Apr 10 16:05 . that would be good, I would like to help you test this and try it out against an emulator will keep an eye out for the patch landing leonjia0112 @leonjia0112 Apr 10 16:06 I have a question for the vtpm though. Because I asked Charlie about this, he mentioned this is not done yet. Once this is done, would it be another tpm2-tools command? Charlie @jetwhiz Apr 10 16:08 yeah, there will likely be something along the lines of create_deep_quote and check_deep_quote tpm2-tools Luke Hinds @lukehinds Apr 10 16:09 ok @leonjia0112 ? leonjia0112 @leonjia0112 Apr 10 16:09 Got it. Thanks! Luke Hinds @lukehinds Apr 10 16:09 vTPM port keylime/python-keylime#29 @nabilschear @lukehinds no update here, I do plan to get on this and have a doc started with @nabilschear - lets keep it here for tracking though Implement rhboot keylime/python-keylime#63 @lukehinds We now have this working, I will update this with some dressing up I plan to do, will get consensus first in a GH issue. Backport 3.x TPM2-Tools keylime/python-keylime#92 @jetwhiz Charlie @jetwhiz Apr 10 16:11 I worked on that a little bit this week -- I have the attestastion.sh test passing with 3.X tpm2-tools. next step is figuring out how to wire 3.X tools into Keylime (and keep support for master/4.X tpm2-tools) Luke Hinds @lukehinds Apr 10 16:12 awesome, thx @jetwhiz nabilschear @nabilschear Apr 10 16:12 i'm finally here Luke Hinds @lukehinds Apr 10 16:12 hi @nabilschear what percentage would that put you at @jetwhiz ? (work done) Charlie @jetwhiz Apr 10 16:13 the tpm2-tools portion should be complete. wiring it into Keylime hasn't been started yet Luke Hinds @lukehinds Apr 10 16:13 ok, sounds good thanks for the update Python 3 support keylime/python-keylime#32 ok, so plan to priortise this..I just want to land the agent rename patch first to save getting into merge hell Two key things I think require this gets expediated attention: https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal 2nd: I want to get the SPEC work into Fedora. I am an approved maintainer, so can go though the process of getting accepted, but would like to do that work with py3 support in place, in fact I have too. but first need to sink this bad boy: instance/node->agent (python / rust) keylime/python-keylime#97 @lukehinds Charlie @jetwhiz Apr 10 16:17 Do you still need me to push that old py3 branch @lukehinds ? I think I forgot to do that last time ... nabilschear @nabilschear Apr 10 16:17 FYI: i'm out on vacation next week, so i'll try to look at #97 before i go and make some progress on the vtpm plan Luke Hinds @lukehinds Apr 10 16:17 @jetwhiz , you can do - I can use it as a reference, would be intersting to see. thanks @nabilschear Charlie @jetwhiz Apr 10 16:18 ok, some of the biggest changes were to installer.sh etc., since I was trying to support both py2 and py3 Luke Hinds @lukehinds Apr 10 16:19 so that should be simple, because we plan to drop py2 (i think))? <goes to check|> Charlie @jetwhiz Apr 10 16:19 sorry, not py2. i think the issue was debian vs. fedora Luke Hinds @lukehinds Apr 10 16:19 ahh ok I am happy to take that on as part of the patch nabilschear @nabilschear Apr 10 16:19 i believe we should drop py2 support Charlie @jetwhiz Apr 10 16:19 yeah it would be a nightmare to support both Luke Hinds @lukehinds Apr 10 16:19 that's actually a good point, i need to think of not just the code, but installers and requirements.txt Charlie @jetwhiz Apr 10 16:20 yeah installer.sh was one of the trickier parts if I remember correctly Luke Hinds @lukehinds Apr 10 16:20 one more point on the node > agent rename, I will take that on for the rust code base. I really need to be more active there, so would be a good motivator Charlie @jetwhiz Apr 10 16:20 fedora, red hat and debian all have their own python3 ways of doing things Luke Hinds @lukehinds Apr 10 16:21 @jetwhiz yep, different naming etc.. website keylime/python-keylime#35 @atothRedHat so we have a blog now as mentioned last week, happy to accept content! just clone https://github.com/keylime/keylime.github.io Andrew Toth @atothRedHat Apr 10 16:23 yep thanks to the illustrious @lukehinds Luke Hinds @lukehinds Apr 10 16:23 make an entry into _posts using markdown! @nabilschear / @jetwhiz , if you have any old scribblings hanging around, post them up. it could just be thoughts on the general topic of trust and compute Charlie @jetwhiz Apr 10 16:24 nice, do we want to link the site to the github page, or is it not fully-ready yet? Luke Hinds @lukehinds Apr 10 16:24 we have it at the top here: https://github.com/keylime nabilschear @nabilschear Apr 10 16:24 maybe some walkthrough posts that help get the demos up and running? Luke Hinds @lukehinds Apr 10 16:25 @nabilschear would be great! @jetwhiz done! Charlie @jetwhiz Apr 10 16:25 ah i see, isn't it possible to put links and keywords at the top of the GitHub repos as well? Luke Hinds @lukehinds Apr 10 16:26 just addded the link Charlie @jetwhiz Apr 10 16:26 thanks, looks good! on the website, it looks like the "Full Documentation" link needs to be updated (though the docs aren't ready yet) Luke Hinds @lukehinds Apr 10 16:27 @jetwhiz yep, that will eventually be render of /docs I could disable the button for now. Charlie @jetwhiz Apr 10 16:27 i think the docs button is okay, the link under it dumps people to: "https://keylime.github.io/<read-the-docs-link" Luke Hinds @lukehinds Apr 10 16:28 oh i see! i will fix that nabilschear @nabilschear Apr 10 16:28 i gotta run talk to you all later! Luke Hinds @lukehinds Apr 10 16:28 np @nabilschear I think we are at the end now, unless someone has a burning item? Charlie @jetwhiz Apr 10 16:30 nothing here, i'll check out the node->agent PR this week is the PR the same as the old one, or has more been changed? Luke Hinds @lukehinds Apr 10 16:31 Its pretty much the same, I went through all @nabilschear commits and your review about wrong naming in the javascript functions (parentNode) this time though I did every change manually It took longer, but more reliable. thanks a lot for reviewing again, once we land that patch I will get the py3 patch built on top Charlie @jetwhiz Apr 10 16:32 sounds good, i'll check it out Luke Hinds @lukehinds Apr 10 16:32 thanks! Charlie @jetwhiz Apr 10 16:32 it will definitely be good to have py3, too! Luke Hinds @lukehinds Apr 10 16:32 ok, bye @/all and thanks for attending. yep, I agree @jetwhiz , we can then get it in Fedoras main repository Charlie @jetwhiz Apr 10 16:33 when is code freeze? november? leonjia0112 @leonjia0112 Apr 10 16:34 Thanks! Luke Hinds @lukehinds Apr 10 16:35 I would have to check again Charlie, i did remember hearing that date will be sure I check this week