Hi,
Missing from the RPM patches that add file signatures is a way for
package maintainers to specify which files need signing. Dmitry
Kasatkin suggested that we enumerate signed files with a spec tag,
similar to how we enumerate files, ie.
%files
%defattr(-,root,root,-)
%{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
%sign
%{_bindir}/*
Another option for identifying signed files is with a new file-related
directive, ie.
%files
%defattr(-,root,root,-)
%sign %{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
The third option is modifying %verify directive to include signature, ie.
%files
%defattr(-,root,root,-)
%verify(md5 signature size user group) %{_bindir}/*
%{_libdir}/libimaevm.*
%{_includedir}/*
The first option looks straightforward, and mostly entails writing
another parser. However, the files needing signatures would be listed
under both %files and %sign tags. I prefer the second option since
file-related directives are already used to mark special files in the
%files list. The third option might be better if the %verify directive
was updated for other file digest algorithms. Please let me know if any
of these options sound appealing, or if you have other ideas.
Thanks,
Fin
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
