[Rpm-maint] [PATCH 4/4] Sign package files during installation
Fionnuala Gunter
fin at linux.vnet.ibm.com
Wed Oct 22 18:42:34 UTC 2014
>> @@ -964,12 +993,22 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
>> if (rc)
>> *failedFile = xstrdup(fpath);
>>
>> - /* get file signatures from header */
>> - if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> + /* sign executable files */
>> + if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
>> + digest = rpmtdNextString(&digests);
>> + sig = signFile(algo, digest, diglen, key);
>
> Why do you sign only executables?
>
>> + if (!sig) {
>> + rpmlog(RPMLOG_ERR, _("signFile failed\n"));
>> + goto exit;
>> + }
>> + }
>> + /* or get file signatures from header */
>> + else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> sig = rpmtdNextString(&sigs);
>
> Also here... It only sets signature for executables??
Right, I only set signatures for executables, should I set signatures
for all files?
>
> - Dmitry
Thanks,
Fin
More information about the Rpm-maint
mailing list