[Rpm-maint] [rpm-software-management/rpm] Document fs-verity integration and plugin usage (Issue #1849)
Eric Biggers
notifications at github.com
Tue Jan 10 08:15:57 UTC 2023
RPM's support for fsverity seems to be based around the idea that fsverity builtin signatures are being used. (RPM calls them simply "fsverity signatures", which is a bit misleading as it's not the only way to have signatures for fsverity files.) The builtin signatures have some problems and are difficult to use; I've been guiding people to use other solutions instead. What ended up being the actual use case here? If there is one, it needs to be clearly documented. I found [a Fedora change proposal](https://fedoraproject.org/wiki/Changes/FsVerityRPM), but it is missing some essential information, and apparently it was rejected.
Another way to have signatures for fsverity files is through IMA. I'm not sure whether anyone has thought about doing that instead, in the context of RPM.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1849#issuecomment-1376882585
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/1849/1376882585 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230110/cb34840b/attachment.html>
More information about the Rpm-maint
mailing list