This patchset changes to enable fsverity support natively in RPM. It requires 
libfsverity to build, which I have submitted patches for to the fsverity-utils 

I have done my best to not break anything with this patchset, but please let me 
know if I got something wrong. Further details of the design and reasoning for 
it can be found here:


You can view, comment on, or merge this pull request online at:

-- Commit Summary --

  * sign/Makefile respect --includedir
  * rpmfiArchiveRead() use signed return value to handle -1 on error
  * rpmsign: RPMSIGN_FLAG_IMA is already set
  * Add basic autoconf and framework for fsverity support
  * rpmsign: Handle --certpath for signing certificate
  * Implement rpmSignVerity()
  * rpmsignverity: Add verity signature headers to the package
  * rpmsignverity: Move digest and signature generation to helper function
  * rpmSignVerity: Generate signatures for files not present in archive
  * Convert RPMSIGTAG_VERITYfoo to RPMTAG_VERITYfoo tags on package read
  * Process verity tags on package read
  * Delete IMA and fsverity file signatures upon --delsig
  * Generate a zero-length signature for symlinks
  * rpmsignverity.c: Clean up debug logging
  * plugins/fsverity: Install fsverity signatures
  * fsverity - add tags for fsverity algorithm and block size
  * fsverity plugin: Use tags for algorithm and block size
  * Add fsverity tags to

-- File Changes --

    M (1)
    M (16)
    M lib/package.c (12)
    M lib/rpmarchive.h (4)
    M lib/rpmfi.c (41)
    M lib/rpmfi.h (11)
    M lib/rpmfiles.h (11)
    M lib/rpmtag.h (12)
    M (4)
    M plugins/ (6)
    A plugins/fsverity.c (168)
    M rpmsign.c (33)
    M sign/ (8)
    M sign/rpmgensig.c (47)
    M sign/rpmsign.h (1)
    A sign/rpmsignverity.c (234)
    A sign/rpmsignverity.h (29)
    M tests/ (4)

-- Patch Links --

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to