[Rpm-ecosystem] [PATCH v6 11/11] Documentation for file signing

Florian Festi ffesti at redhat.com
Fri Jul 17 12:25:17 UTC 2015


On 07/17/2015 02:16 PM, Mimi Zohar wrote:
> On Fri, 2015-07-17 at 11:11 +0200, Florian Festi wrote:
>> On 07/16/2015 03:18 PM, Mimi Zohar wrote:
>>> On Wed, 2015-07-15 at 19:12 +0200, Florian Festi wrote:
>>>> On 07/06/2015 08:52 PM, Mimi Zohar wrote:
>>>>> From: "fin at linux.vnet.ibm.com" <fin at linux.vnet.ibm.com>
>>>>>
>>>>> This patch adds documentation for signing files.
>>>>
>>>>> @@ -52,7 +71,15 @@ using the executable \fI/usr/bin/gpg\fR you would include
>>>>>  in a macro configuration file. Use \fI/etc/rpm/macros\fR
>>>>>  for per-system configuration and \fI~/.rpmmacros\fR
>>>>>  for per-user configuration. Typically it's sufficient to set just %_gpg_name.
>>>>> -
>>>>> +.PP
>>>>> +In addition, for signing the file digests and installing the file signatures
>>>>> +as "security.ima" extended attributes, define the following macros.
>>>>> +.PP
>>>>> +.nf
>>>>> +%__plugindir /usr/local/lib/rpm-plugins
>>>>> +%_binary_filedigest_algorithm 8
>>>>> +%_file_signing_key  < private key pathname (PEM format) >
>>>>> +.fi
>>>>
>>>> I am not a big fan of this section. %__plugindir and
>>>> %_binary_filedigest_algorithm should be defined already anyway and their
>>>> value may differ for all kind of reasons. 
>>>
>>> We'll remove this section.  The plugindir macro is not even needed for
>>> signing files, just for installing the file signatures.
>>>
>>>> If %_file_signing_key is
>>>> equivalent to --fskpath you should that it there.
>>>
>>> We can remove the --fskpath command line option, leaving just the macro
>>> name.
>>
>> Sorry, should have been more clear. The --fskpath option is fine. The
>> equivalence to %_file_signing_key is already explained in the
>> --signfiles section.
>>
>> So just dropping this last section from the man page should be sufficient.
> 
> As we've already made this change, either way is fine.  Do you have a
> preference?

I'd rather keep the command line parameter. It looks handy.

Florian


-- 

Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters


More information about the Rpm-ecosystem mailing list