Andras Slemmer

Again would like to point out that the eif images may be built without the involvement of Docker at all. Similar to @sphw we use Nix as well, and have...

You can just unpack the layers into the rootfs folder if you *really* want to start from a docker image. That's basically what the aws tooling does as well, but...

Yeah, reproducibility was precisely why we ended up not using Docker at all and creating the initrd directly. Dockerfiles in particular almost encourage users to create non-reproducible images by downloading...

Just noting: there are other x509 certificates that don't actually have anything to do with webPKI. In our case we're looking for a generic way to verify certificate chains, with...

@woodruffw @vEpiphyte sure I can expand. We're working with Intel SGX remote attestation, which requires a client of a remotely executing code to verify certain cryptographic evidence (it's essentially Intel...

> If you look at the PyOpenSSL X509Store / X509StoreContext APIs ( https://www.pyopenssl.org/en/latest/api/crypto.html#x509store-objects ) those are probably the most **flexible** examples of asking "Does this certificate validate with this CA/CRL...

It's very similar to that code. ```python root_x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, spec_dcap.dcapRootCaDer) trust_store = OpenSSL.crypto.X509Store() trust_store.add_cert(root_x509) pck_x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pck_certs[0].as_bytes()) intermediate_certs = map(lambda cert: OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert.as_bytes()), pck_certs[1:]) context = OpenSSL.crypto.X509StoreContext(trust_store, pck_x509,...

> The next person could now easily stand here and put in an emotional speech for why they think the item style is much more readable. As requested. The item...

> My goals when looking at import statements are almost invariably broader than "find out where a symbol is coming from". What is the value to me of finding out...

Confirm, `config.networking.privateIPv4` does not work. Tried with both the passed in `config` and `nodes..config`