[Rpm-maint] Identifying which files need signatures
Fionnuala Gunter
fin at linux.vnet.ibm.com
Fri Jan 16 22:18:05 UTC 2015
Hi,
Missing from the RPM patches that add file signatures is a way for
package maintainers to specify which files need signing. Dmitry
Kasatkin suggested that we enumerate signed files with a spec tag,
similar to how we enumerate files, ie.
%files
%defattr(-,root,root,-)
%{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
%sign
%{_bindir}/*
Another option for identifying signed files is with a new file-related
directive, ie.
%files
%defattr(-,root,root,-)
%sign %{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
The third option is modifying %verify directive to include signature, ie.
%files
%defattr(-,root,root,-)
%verify(md5 signature size user group) %{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
The first option looks straightforward, and mostly entails writing
another parser. However, the files needing signatures would be listed
under both %files and %sign tags. I prefer the second option since
file-related directives are already used to mark special files in the
%files list. The third option might be better if the %verify directive
was updated for other file digest algorithms. Please let me know if any
of these options sound appealing, or if you have other ideas.
Thanks,
Fin
More information about the Rpm-maint
mailing list