)]}'
{
  "log": [
    {
      "commit": "12e130b04580532aa099893158aa2776b321ae7f",
      "tree": "b7a6ed562d7293aa1e5b584e109a9669db253f49",
      "parents": [
        "df2fc246c8ee8b6067af1fa55d3bc23107457f61"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Mon Oct 22 15:05:48 2012 +0100"
      },
      "committer": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Dec 05 11:27:24 2012 +1030"
      },
      "message": "MODSIGN: Don\u0027t use enum-type bitfields in module signature info block\n\nDon\u0027t use enum-type bitfields in the module signature info block as we can\u0027t be\ncertain how the compiler will handle them.  As I understand it, it is arch\ndependent, and it is possible for the compiler to rearrange them based on\nendianness and to insert a byte of padding to pad the three enums out to four\nbytes.\n\nInstead use u8 fields for these, which the compiler should emit in the right\norder without padding.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n"
    },
    {
      "commit": "0390c8835690506802fd5d54ea5444f0b9b1708b",
      "tree": "189107b966d635ff78a652a860bacde25a3f8503",
      "parents": [
        "4fe7e866a7d43479ac8d8a610023a9c9275f488f"
      ],
      "author": {
        "name": "Randy Dunlap",
        "email": "rdunlap@xenotime.net",
        "time": "Sat Oct 20 18:59:31 2012 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Mon Oct 22 08:56:34 2012 +0300"
      },
      "message": "module_signing: fix printk format warning\n\nFix the warning:\n\n  kernel/module_signing.c:195:2: warning: format \u0027%lu\u0027 expects type \u0027long unsigned int\u0027, but argument 3 has type \u0027size_t\u0027\n\nby using the proper \u0027z\u0027 modifier for printing a size_t.\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "caabe240574aec05b2f5667414ce80f9075c2ba1",
      "tree": "d92bf96b009bd0b0caec44c21348812b06805909",
      "parents": [
        "b6bb324dbddd704b4b9a85971e1f7ae79abb2e1d"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Sat Oct 20 01:19:29 2012 +0100"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Oct 19 17:30:40 2012 -0700"
      },
      "message": "MODSIGN: Move the magic string to the end of a module and eliminate the search\n\nEmit the magic string that indicates a module has a signature after the\nsignature data instead of before it.  This allows module_sig_check() to\nbe made simpler and faster by the elimination of the search for the\nmagic string.  Instead we just need to do a single memcmp().\n\nThis works because at the end of the signature data there is the\nfixed-length signature information block.  This block then falls\nimmediately prior to the magic number.\n\nFrom the contents of the information block, it is trivial to calculate\nthe size of the signature data and thus the size of the actual module\ndata.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "48ba2462ace6072741fd8d0058207d630ce93bf1",
      "tree": "3cea7661a3bd5d03631e01171c19f2123346cf01",
      "parents": [
        "631cc66eb9eaa7296e303197ff1eb0f55e32b61d"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Wed Sep 26 10:11:03 2012 +0100"
      },
      "committer": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Oct 10 20:06:10 2012 +1030"
      },
      "message": "MODSIGN: Implement module signature checking\n\nCheck the signature on the module against the keys compiled into the kernel or\navailable in a hardware key store.\n\nCurrently, only RSA keys are supported - though that\u0027s easy enough to change,\nand the signature is expected to contain raw components (so not a PGP or\nPKCS#7 formatted blob).\n\nThe signature blob is expected to consist of the following pieces in order:\n\n (1) The binary identifier for the key.  This is expected to match the\n     SubjectKeyIdentifier from an X.509 certificate.  Only X.509 type\n     identifiers are currently supported.\n\n (2) The signature data, consisting of a series of MPIs in which each is in\n     the format of a 2-byte BE word sizes followed by the content data.\n\n (3) A 12 byte information block of the form:\n\n\tstruct module_signature {\n\t\tenum pkey_algo\t\talgo : 8;\n\t\tenum pkey_hash_algo\thash : 8;\n\t\tenum pkey_id_type\tid_type : 8;\n\t\tu8\t\t\t__pad;\n\t\t__be32\t\t\tid_length;\n\t\t__be32\t\t\tsig_length;\n\t};\n\n     The three enums are defined in crypto/public_key.h.\n\n     \u0027algo\u0027 contains the public-key algorithm identifier (0-\u003eDSA, 1-\u003eRSA).\n\n     \u0027hash\u0027 contains the digest algorithm identifier (0-\u003eMD4, 1-\u003eMD5, 2-\u003eSHA1,\n      etc.).\n\n     \u0027id_type\u0027 contains the public-key identifier type (0-\u003ePGP, 1-\u003eX.509).\n\n     \u0027__pad\u0027 should be 0.\n\n     \u0027id_length\u0027 should contain in the binary identifier length in BE form.\n\n     \u0027sig_length\u0027 should contain in the signature data length in BE form.\n\n     The lengths are in BE order rather than CPU order to make dealing with\n     cross-compilation easier.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e (minor Kconfig fix)\n"
    },
    {
      "commit": "106a4ee258d14818467829bf0e12aeae14c16cd7",
      "tree": "4a5d002eceff4a028ebc8d88223b1ed735bee224",
      "parents": [
        "c26fd69fa00916a31a47f5f096fd7be924106df8"
      ],
      "author": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Sep 26 10:09:40 2012 +0100"
      },
      "committer": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Oct 10 20:00:55 2012 +1030"
      },
      "message": "module: signature checking hook\n\nWe do a very simple search for a particular string appended to the module\n(which is cache-hot and about to be SHA\u0027d anyway).  There\u0027s both a config\noption and a boot parameter which control whether we accept or fail with\nunsigned modules and modules that are signed with an unknown key.\n\nIf module signing is enabled, the kernel will be tainted if a module is\nloaded that is unsigned or has a signature for which we don\u0027t have the\nkey.\n\n(Useful feedback and tweaks by David Howells \u003cdhowells@redhat.com\u003e)\n\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n"
    }
  ]
}