Skip to content

Update hubtools for fixed verify function #9437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update hubtools for fixed verify function #9437

wants to merge 1 commit into from

Conversation

@labbott
Copy link
Contributor

@labbott labbott commented Nov 21, 2025

Some refactoring in a dependent lpc55 crate accidentally dropped a check against the root key table hash on the RoT. This resulted in archive.verify incorrectly passing in places like wicketd and selecting incorrect RoT images for installation.

plotnick
plotnick reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

@plotnick plotnick left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this is downgrading a bunch of packages, which doesn't seem right. I've had trouble of this form in the past trying to use cargo update; maybe it would be better to just pin the rev of hubtools we intend to use in Cargo.toml?

@labbott
Copy link
Contributor Author

labbott commented Nov 21, 2025

It looks like this is downgrading a bunch of packages, which doesn't seem right. I've had trouble of this form in the past trying to use cargo update; maybe it would be better to just pin the rev of hubtools we intend to use in Cargo.toml?

bleh good catch. I tried just updating the branch for testing and it didn't work until I did cargo update -p. I'll change this to a pin because that's what we do elsewhere.

@labbott
Update hubtools for fixed verify function
bac62c2 
Some refactoring in a dependent lpc55 crate accidentally dropped a check
against the root key table hash on the RoT. This resulted in
`archive.verify` incorrectly passing in places like wicketd and selecting
incorrect RoT images for installation.
@labbott
Copy link
Contributor Author

labbott commented Nov 21, 2025

I think the issue is that the actual fix was in the lpc55_sign crate which is a dependency of hubtools so I did need an update to force the pickup of the new rev.

plotnick
plotnick approved these changes Nov 21, 2025
View reviewed changes
Copy link
Contributor

@plotnick plotnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks! We are now pulling in two versions of hubtools because gateway-sp-comms (from m-g-s) hasn't been updated yet, but I don't think that should affect the issue we're trying to solve here, nor do I think it's a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@plotnick plotnick plotnick approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@labbott @plotnick