[Rpm-maint] [PATCH v2 0/4] Fixes for file signatures

Stefan Berger stefanb at linux.vnet.ibm.com
Thu Sep 22 17:30:54 UTC 2016

The following series of patches addresses some issues with signatures on
files. In particular:

- some files marked as config files are also executables and therefore
  need to have a signature applied
- the IMA plugin may only run on package install cycle rather than the
  remove cycle, which would apply the previous versions' signatures on
  the files
- some RPM packages require that the files be signed when the post
  install scriptlets are run since they may invoke executables that
  were just installed; so we introduce two new hooks, fsm_pre and
  fsm_post. We move the IMA plugin from the psm_post hook to the
  fsm_post hook.


Stefan Berger (4):
  ima-plugin: Have executable configuration files signed
  ima-plugin: Only run the IMA plugin on package installation
  rpmplugins: Introduce new fsm_pre and fsm_post hooks
  IMA: Move the IMA plugin to the fsm_post hook

 lib/psm.c        |  6 +++++-
 lib/rpmplugin.h  |  6 ++++++
 lib/rpmplugins.c | 35 +++++++++++++++++++++++++++++++++++
 lib/rpmplugins.h | 19 +++++++++++++++++++
 plugins/ima.c    | 32 ++++++++++++++++++++++----------
 5 files changed, 87 insertions(+), 11 deletions(-)


More information about the Rpm-maint mailing list