On 2010-06-13 13:02 PDT, Robin H. Johnson wrote: > On Sun, Jun 13, 2010 at 02:02:39AM -0700, Nelson B Bolyard wrote: >>> The root of the problem is that the shared libraries can change >>> POST-install, as needed for ELF signing, split-debug and prelinking. The >>> ELF signing is a catch-22. Either I have to run shlibsign afterwards, or >>> I have to not sign those files, and leave them open to potential >>> compromise. >> Rerun shlibsign. It's fast and easy. > As an intermediate related question, is there a standalone verification > tool for the CHK files > > shlibsign -V -i .... seems to just sign again, not verify.
Yes. modutil is that test tool. You already know how to use it. Just drop the -force argument. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
