[Rpm-maint] Identifying which files need signatures

Florian Festi ffesti at redhat.com
Mon Jan 19 08:36:02 UTC 2015

On 01/16/2015 11:18 PM, Fionnuala Gunter wrote:
> Hi,
> Missing from the RPM patches that add file signatures is a way for
> package maintainers to specify which files need signing. Dmitry
> Kasatkin suggested that we enumerate signed files with a spec tag,
> similar to how we enumerate files, ie.

I wonder if there is a way around all this. Right now we already have
the files divided up into normal files which are supposed to not change
and config files which are expected to change. I wonder if this
distinction is already sufficient.

Also note that prelink will happily alter binary files. The verify code
in rpm undoes the prelinking for checking digests of binary files. I
wonder if this can be done with the signatures, too. Otherwise prelink
needs to be disabled for the whole signing to work (as I guess binaries
are a primary target for signing)



Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters

More information about the Rpm-maint mailing list