)]}'
{
  "log": [
    {
      "commit": "631cc66eb9eaa7296e303197ff1eb0f55e32b61d",
      "tree": "631c962060a776a16ec35c477e99d4ef87c8db24",
      "parents": [
        "d441108c6f77541bb66fcd5b3389415b4c232008"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Wed Sep 26 10:09:51 2012 +0100"
      },
      "committer": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Oct 10 20:01:22 2012 +1030"
      },
      "message": "MODSIGN: Provide module signing public keys to the kernel\n\nInclude a PGP keyring containing the public keys required to perform module\nverification in the kernel image during build and create a special keyring\nduring boot which is then populated with keys of crypto type holding the public\nkeys found in the PGP keyring.\n\nThese can be seen by root:\n\n[root@andromeda ~]# cat /proc/keys\n07ad4ee0 I-----     1 perm 3f010000     0     0 crypto    modsign.0: RSA 87b9b3bd []\n15c7f8c3 I-----     1 perm 1f030000     0     0 keyring   .module_sign: 1/4\n...\n\nIt is probably worth permitting root to invalidate these keys, resulting in\ntheir removal and preventing further modules from being loaded with that key.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n"
    },
    {
      "commit": "106a4ee258d14818467829bf0e12aeae14c16cd7",
      "tree": "4a5d002eceff4a028ebc8d88223b1ed735bee224",
      "parents": [
        "c26fd69fa00916a31a47f5f096fd7be924106df8"
      ],
      "author": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Sep 26 10:09:40 2012 +0100"
      },
      "committer": {
        "name": "Rusty Russell",
        "email": "rusty@rustcorp.com.au",
        "time": "Wed Oct 10 20:00:55 2012 +1030"
      },
      "message": "module: signature checking hook\n\nWe do a very simple search for a particular string appended to the module\n(which is cache-hot and about to be SHA\u0027d anyway).  There\u0027s both a config\noption and a boot parameter which control whether we accept or fail with\nunsigned modules and modules that are signed with an unknown key.\n\nIf module signing is enabled, the kernel will be tainted if a module is\nloaded that is unsigned or has a signature for which we don\u0027t have the\nkey.\n\n(Useful feedback and tweaks by David Howells \u003cdhowells@redhat.com\u003e)\n\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n"
    }
  ]
}
