[Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

Jeff Johnson notifications at github.com
Mon Feb 12 02:17:40 UTC 2018


Yes --replacefiles just sets a transaction flag bit (equivalent to ".*" but there are no patterns involved).

By "disable", I mean build all packages without %config or %ghost, avoiding the need for special handling, and simplifying ima appraisals on embedded devices (the example given in #364).

Truly, the %config path renaming in rpm makes little sense on vendor managed embedded devices using ima signatures. Just don't use %config, treat all files the same, and write your ima appraisal policies to avoid mutable files (which you will have to do anyways to handle the RFE in #364).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/374#issuecomment-364814623
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180212/67ce0fa2/attachment-0001.html>


More information about the Rpm-maint mailing list