[Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

Stefan Berger notifications at github.com
Sat Feb 10 15:48:43 UTC 2018


@n3npq: Re 'Adding the ability to change the ima signature in the xattr after installation, so that the modified, not the original %config template, would (at least) change my opinion, similarly for %ghost. But that isn't what is being proposed.': How would that work without including the private key in the RPM file? I would say any post-installation fixes to these %config files need to be done locally either through signing the file with a local key once it is deemed immutable after all editing is done, or adjust the IMA policy in such a way that this file will not be appraised.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/374#issuecomment-364664430
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180210/92ed54e0/attachment-0001.html>


More information about the Rpm-maint mailing list