[Rpm-ecosystem] [PATCH v6 11/11] Documentation for file signing
Florian Festi
ffesti at redhat.com
Fri Jul 17 09:11:00 UTC 2015
On 07/16/2015 03:18 PM, Mimi Zohar wrote:
> On Wed, 2015-07-15 at 19:12 +0200, Florian Festi wrote:
>> On 07/06/2015 08:52 PM, Mimi Zohar wrote:
>>> From: "fin at linux.vnet.ibm.com" <fin at linux.vnet.ibm.com>
>>>
>>> This patch adds documentation for signing files.
>>
>>> @@ -52,7 +71,15 @@ using the executable \fI/usr/bin/gpg\fR you would include
>>> in a macro configuration file. Use \fI/etc/rpm/macros\fR
>>> for per-system configuration and \fI~/.rpmmacros\fR
>>> for per-user configuration. Typically it's sufficient to set just %_gpg_name.
>>> -
>>> +.PP
>>> +In addition, for signing the file digests and installing the file signatures
>>> +as "security.ima" extended attributes, define the following macros.
>>> +.PP
>>> +.nf
>>> +%__plugindir /usr/local/lib/rpm-plugins
>>> +%_binary_filedigest_algorithm 8
>>> +%_file_signing_key < private key pathname (PEM format) >
>>> +.fi
>>
>> I am not a big fan of this section. %__plugindir and
>> %_binary_filedigest_algorithm should be defined already anyway and their
>> value may differ for all kind of reasons.
>
> We'll remove this section. The plugindir macro is not even needed for
> signing files, just for installing the file signatures.
>
>> If %_file_signing_key is
>> equivalent to --fskpath you should that it there.
>
> We can remove the --fskpath command line option, leaving just the macro
> name.
Sorry, should have been more clear. The --fskpath option is fine. The
equivalence to %_file_signing_key is already explained in the
--signfiles section.
So just dropping this last section from the man page should be sufficient.
Florian
--
Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters
More information about the Rpm-ecosystem
mailing list