[Rpm-ecosystem] [PATCH v6 11/11] Documentation for file signing
Mimi Zohar
zohar at linux.vnet.ibm.com
Thu Jul 16 13:18:33 UTC 2015
On Wed, 2015-07-15 at 19:12 +0200, Florian Festi wrote:
> On 07/06/2015 08:52 PM, Mimi Zohar wrote:
> > From: "fin at linux.vnet.ibm.com" <fin at linux.vnet.ibm.com>
> >
> > This patch adds documentation for signing files.
>
> > @@ -52,7 +71,15 @@ using the executable \fI/usr/bin/gpg\fR you would include
> > in a macro configuration file. Use \fI/etc/rpm/macros\fR
> > for per-system configuration and \fI~/.rpmmacros\fR
> > for per-user configuration. Typically it's sufficient to set just %_gpg_name.
> > -
> > +.PP
> > +In addition, for signing the file digests and installing the file signatures
> > +as "security.ima" extended attributes, define the following macros.
> > +.PP
> > +.nf
> > +%__plugindir /usr/local/lib/rpm-plugins
> > +%_binary_filedigest_algorithm 8
> > +%_file_signing_key < private key pathname (PEM format) >
> > +.fi
>
> I am not a big fan of this section. %__plugindir and
> %_binary_filedigest_algorithm should be defined already anyway and their
> value may differ for all kind of reasons.
We'll remove this section. The plugindir macro is not even needed for
signing files, just for installing the file signatures.
> If %_file_signing_key is
> equivalent to --fskpath you should that it there.
We can remove the --fskpath command line option, leaving just the macro
name.
Mimi
More information about the Rpm-ecosystem
mailing list