[Rpm-maint] [PATCH v3 0/2] Fixes for file signatures

Panu Matilainen pmatilai at laiskiainen.org
Mon Oct 10 12:12:17 UTC 2016


On 09/24/2016 12:11 AM, Stefan Berger wrote:
> The following series of patches addresses some issues with signatures on
> files. In particular:
>
> - some files marked as config files are also executables and therefore
>   need to have the signature applied
>
> - some RPM packages require that the files be signed when the post
>   install scriptlets are run since they may invoke executables that
>   were just installed; so we move the IMA plugin from the psm_post hook
>   to the fsm_file_prepare hook.
>
>    Regards,
>       Stefan
>
> Stefan Berger (2):
>   ima-plugin: Have executable configuration files signed
>   ima-plugin: Move the IMA plugin to the fsm_file_prepare hook
>
>  plugins/ima.c | 38 +++++++++++++++++++++++---------------
>  1 file changed, 23 insertions(+), 15 deletions(-)
>

Series applied, with minor adjustions to the second patch as per my 
suggestions before: slightly expanded commit message and clarify the 
skipped + unowned test to:

         /* Ignore skipped files and unowned directories */
         if (XFA_SKIPPING(action) || (op & FAF_UNOWNED))
             goto exit;

Thanks for the patches!

	- Panu -


More information about the Rpm-maint mailing list