[Rpm-ecosystem] [PATCH v6 11/11] Documentation for file signing
Florian Festi
ffesti at redhat.com
Wed Jul 15 17:12:09 UTC 2015
On 07/06/2015 08:52 PM, Mimi Zohar wrote:
> From: "fin at linux.vnet.ibm.com" <fin at linux.vnet.ibm.com>
>
> This patch adds documentation for signing files.
> @@ -52,7 +71,15 @@ using the executable \fI/usr/bin/gpg\fR you would include
> in a macro configuration file. Use \fI/etc/rpm/macros\fR
> for per-system configuration and \fI~/.rpmmacros\fR
> for per-user configuration. Typically it's sufficient to set just %_gpg_name.
> -
> +.PP
> +In addition, for signing the file digests and installing the file signatures
> +as "security.ima" extended attributes, define the following macros.
> +.PP
> +.nf
> +%__plugindir /usr/local/lib/rpm-plugins
> +%_binary_filedigest_algorithm 8
> +%_file_signing_key < private key pathname (PEM format) >
> +.fi
I am not a big fan of this section. %__plugindir and
%_binary_filedigest_algorithm should be defined already anyway and their
value may differ for all kind of reasons. If %_file_signing_key is
equivalent to --fskpath you should that it there.
Florian
--
Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters
More information about the Rpm-ecosystem
mailing list