[Rpm-maint] [rpm-software-management/rpm] Exempt src.rpm packages from file signature business (PR #3470)

Panu Matilainen notifications at github.com
Tue Nov 26 13:29:56 UTC 2024


@pmatilai commented on this pull request.



> -
-    if (flags & RPMSIGN_FLAG_FSVERITY) {
-	if (includeVeritySignatures(fd, &sigh, &h))
-	    goto exit;
+    /* Add file signatures (if requested and not a source rpm) */
+    if (!headerIsSource(h)) {
+	if (flags & RPMSIGN_FLAG_IMA) {
+	    if (includeFileSignatures(&sigh, &h))
+		goto exit;
+	}
+	if (flags & RPMSIGN_FLAG_FSVERITY) {
+	    if (includeVeritySignatures(fd, &sigh, &h))
+		goto exit;
+	}
+    } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+	rpmlog(RPMLOG_WARNING,

Hmm, even if we left this as a warning it'd make sense to test for source first, then you can warn and just disable the relevant flags, without needing to add more nested ifs.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3470#discussion_r1858546333
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3470/review/2461547015 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241126/e1b03bcc/attachment.htm>


More information about the Rpm-maint mailing list