[Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

jessorensen notifications at github.com
Thu Apr 30 17:24:40 UTC 2020


This patchset changes to enable fsverity support natively in RPM. It requires libfsverity to build, which I have submitted patches for to the fsverity-utils maintainer.

I have done my best to not break anything with this patchset, but please let me know if I got something wrong. Further details of the design and reasoning for it can be found here:
https://github.com/rpm-software-management/rpm/issues/1121#issuecomment-621421288

Thanks,
Jes

You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1203

-- Commit Summary --

  * sign/Makefile respect --includedir
  * rpmfiArchiveRead() use signed return value to handle -1 on error
  * rpmsign: RPMSIGN_FLAG_IMA is already set
  * Add basic autoconf and framework for fsverity support
  * rpmsign: Handle --certpath for signing certificate
  * Implement rpmSignVerity()
  * rpmsignverity: Add verity signature headers to the package
  * rpmsignverity: Move digest and signature generation to helper function
  * rpmSignVerity: Generate signatures for files not present in archive
  * Convert RPMSIGTAG_VERITYfoo to RPMTAG_VERITYfoo tags on package read
  * Process verity tags on package read
  * Delete IMA and fsverity file signatures upon --delsig
  * Generate a zero-length signature for symlinks
  * rpmsignverity.c: Clean up debug logging
  * plugins/fsverity: Install fsverity signatures
  * fsverity - add tags for fsverity algorithm and block size
  * fsverity plugin: Use tags for algorithm and block size
  * Add fsverity tags to rpmgeneral.at

-- File Changes --

    M Makefile.am (1)
    M configure.ac (16)
    M lib/package.c (12)
    M lib/rpmarchive.h (4)
    M lib/rpmfi.c (41)
    M lib/rpmfi.h (11)
    M lib/rpmfiles.h (11)
    M lib/rpmtag.h (12)
    M macros.in (4)
    M plugins/Makefile.am (6)
    A plugins/fsverity.c (168)
    M rpmsign.c (33)
    M sign/Makefile.am (8)
    M sign/rpmgensig.c (47)
    M sign/rpmsign.h (1)
    A sign/rpmsignverity.c (234)
    A sign/rpmsignverity.h (29)
    M tests/rpmgeneral.at (4)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1203.patch
https://github.com/rpm-software-management/rpm/pull/1203.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200430/cd9d16a1/attachment.html>


More information about the Rpm-maint mailing list