[Rpm-maint] [rpm-software-management/rpm] Exempt src.rpm packages from file signature business (PR #3470)

Michal Domonkos notifications at github.com
Tue Nov 26 13:43:38 UTC 2024


@dmnks commented on this pull request.



> -
-    if (flags & RPMSIGN_FLAG_FSVERITY) {
-	if (includeVeritySignatures(fd, &sigh, &h))
-	    goto exit;
+    /* Add file signatures (if requested and not a source rpm) */
+    if (!headerIsSource(h)) {
+	if (flags & RPMSIGN_FLAG_IMA) {
+	    if (includeFileSignatures(&sigh, &h))
+		goto exit;
+	}
+	if (flags & RPMSIGN_FLAG_FSVERITY) {
+	    if (includeVeritySignatures(fd, &sigh, &h))
+		goto exit;
+	}
+    } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+	rpmlog(RPMLOG_WARNING,

Yep, that was kinda my thinking here, too... If there's such a single command running somewhere regularly in the infra (which, as we know, uses all sorts of ways to sign packages, cough cough), it would start failing with this patch (if it were an error).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3470#discussion_r1858568523
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3470/review/2461582571 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241126/80055165/attachment.htm>


More information about the Rpm-maint mailing list