This patchset changes to enable fsverity support natively in RPM. It requires
libfsverity to build, which I have submitted patches for to the fsverity-utils
maintainer.
I have done my best to not break anything with this patchset, but please let me
know if I got something wrong. Further details of the design and reasoning for
it can be found here:
https://github.com/rpm-software-management/rpm/issues/1121#issuecomment-621421288
Thanks,
Jes
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1203
-- Commit Summary --
* sign/Makefile respect --includedir
* rpmfiArchiveRead() use signed return value to handle -1 on error
* rpmsign: RPMSIGN_FLAG_IMA is already set
* Add basic autoconf and framework for fsverity support
* rpmsign: Handle --certpath for signing certificate
* Implement rpmSignVerity()
* rpmsignverity: Add verity signature headers to the package
* rpmsignverity: Move digest and signature generation to helper function
* rpmSignVerity: Generate signatures for files not present in archive
* Convert RPMSIGTAG_VERITYfoo to RPMTAG_VERITYfoo tags on package read
* Process verity tags on package read
* Delete IMA and fsverity file signatures upon --delsig
* Generate a zero-length signature for symlinks
* rpmsignverity.c: Clean up debug logging
* plugins/fsverity: Install fsverity signatures
* fsverity - add tags for fsverity algorithm and block size
* fsverity plugin: Use tags for algorithm and block size
* Add fsverity tags to rpmgeneral.at
-- File Changes --
M Makefile.am (1)
M configure.ac (16)
M lib/package.c (12)
M lib/rpmarchive.h (4)
M lib/rpmfi.c (41)
M lib/rpmfi.h (11)
M lib/rpmfiles.h (11)
M lib/rpmtag.h (12)
M macros.in (4)
M plugins/Makefile.am (6)
A plugins/fsverity.c (168)
M rpmsign.c (33)
M sign/Makefile.am (8)
M sign/rpmgensig.c (47)
M sign/rpmsign.h (1)
A sign/rpmsignverity.c (234)
A sign/rpmsignverity.h (29)
M tests/rpmgeneral.at (4)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/1203.patch
https://github.com/rpm-software-management/rpm/pull/1203.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint