From e30d42e1054b7424273bd57861f2ddf78a07b7b0 Mon Sep 17 00:00:00 2001
From: Qi Feng Huo <huoqif@cn.ibm.com>
Date: Fri, 9 Aug 2024 09:56:38 +0800
Subject: [PATCH] ibmse: SKIP_CERTS_VERIFICATION for all image Enable release
 image to have SE_SKIP_CERTS_VERIFICATION also

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
---
 deps/verifier/src/se/README.md |  1 -
 deps/verifier/src/se/ibmse.rs  | 27 +++++++--------------------
 2 files changed, 7 insertions(+), 21 deletions(-)

diff --git a/deps/verifier/src/se/README.md b/deps/verifier/src/se/README.md
index eca3d93f1..11cde22f2 100644
--- a/deps/verifier/src/se/README.md
+++ b/deps/verifier/src/se/README.md
@@ -130,7 +130,6 @@ export SE_SKIP_CERTS_VERIFICATION=true
 ```
 DOCKER_BUILDKIT=1 docker build --build-arg HTTPS_CRYPTO="openssl" --build-arg ARCH="s390x" -t ghcr.io/confidential-containers/staged-images/kbs:latest . -f kbs/docker/Dockerfile
 ```
->Note: Please add `--debug` in statement like `cargo install` in file `kbs/docker/Dockerfile` if you're using a development host key document to skip HKD's signature verification.
 
 - Prepare a docker compose file, similar as:
 ```
diff --git a/deps/verifier/src/se/ibmse.rs b/deps/verifier/src/se/ibmse.rs
index ab6334652..ae5761ef2 100644
--- a/deps/verifier/src/se/ibmse.rs
+++ b/deps/verifier/src/se/ibmse.rs
@@ -277,26 +277,13 @@ impl SeVerifierImpl {
             let c = certs
                 .first()
                 .ok_or(anyhow!("File does not contain a X509 certificate"))?;
-            #[cfg(debug_assertions)]
-            {
-                const DEFAULT_SE_SKIP_CERTS_VERIFICATION: &str = "false";
-                let skip_certs_env = env_or_default!(
-                    "SE_SKIP_CERTS_VERIFICATION",
-                    DEFAULT_SE_SKIP_CERTS_VERIFICATION
-                );
-                let skip_certs: bool = skip_certs_env.parse::<bool>().unwrap_or(false);
-                if !skip_certs {
-                    let verifier = CertVerifier::new(
-                        ca_certs.as_slice(),
-                        crls.as_slice(),
-                        ca_option.clone(),
-                        offline_certs_verify,
-                    )?;
-                    verifier.verify(c)?;
-                }
-            }
-            #[cfg(not(debug_assertions))]
-            {
+            const DEFAULT_SE_SKIP_CERTS_VERIFICATION: &str = "false";
+            let skip_certs_env = env_or_default!(
+                "SE_SKIP_CERTS_VERIFICATION",
+                DEFAULT_SE_SKIP_CERTS_VERIFICATION
+            );
+            let skip_certs: bool = skip_certs_env.parse::<bool>().unwrap_or(false);
+            if !skip_certs {
                 let verifier = CertVerifier::new(
                     ca_certs.as_slice(),
                     crls.as_slice(),