[Rpm-maint] [PATCH 4/4] Sign package files during installation

Fionnuala Gunter fin at linux.vnet.ibm.com
Wed Oct 22 18:42:34 UTC 2014


>> @@ -964,12 +993,22 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
>>  	if (rc)
>>  	    *failedFile = xstrdup(fpath);
>>  
>> -	/* get file signatures from header */
>> -	if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> +	/* sign executable files */
>> +	if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
>> +	    digest = rpmtdNextString(&digests);
>> +	    sig = signFile(algo, digest, diglen, key);
> 
> Why do you sign only executables?
> 
>> +	    if (!sig) {
>> +		rpmlog(RPMLOG_ERR, _("signFile failed\n"));
>> +		goto exit;
>> +	    }
>> +	}
>> +	/* or get file signatures from header */
>> +	else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>>  	    sig = rpmtdNextString(&sigs);
> 
> Also here...  It only sets signature for executables??
Right, I only set signatures for executables, should I set signatures
for all files?
> 
> - Dmitry

Thanks,
Fin



More information about the Rpm-maint mailing list