[Rpm-maint] [rpm-software-management/rpm] RPMFI_FLAGS_ONLY_FILENAMES doesn't prevent file signatures (Issue #2425)
Panu Matilainen
notifications at github.com
Fri Mar 10 13:46:28 UTC 2023
RPMFI_NOFILESIGNATURES and RPMFI_NOVERITYSIGNATURES should be included in the RPMFI_FLAGS_ONLY_FILENAMES mask but are not, so eg `rpmfiNew (ts, h, RPMTAG_BASENAMES, RPMFI_FLAGS_ONLY_FILENAMES)` ends up loading both IMA and FSVERITY signatures into the file iterator when it should not.
The signatures aren't relevant for bunch of other operations too, so review the other masks too, at least RPMFI_FLAGS_FILETRIGGER should include both signature disablers and RPMFI_FLAGS_ONLY_FILENAMES would inherit it from there.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2425
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2425 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230310/742635fc/attachment.html>
More information about the Rpm-maint
mailing list