Ehm, maybe we have a terminology problem here. When I talk about signature
header immutable region, I mean HEADER_SIGNATURES region. That's not used for
digests or signatures and when adding/removing signatures the signature header
changes more fundamentally than just padding adjustments. So
@pmatlai: you are claiming "might well be a bug" in rpm5 at bz#1514190 without
supplying details.
Either supply sufficient details (or a patch preferred) or stop claiming FUD,
entirely your call.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly
The signature padding tag cannot be part of an immutable region because its
size/value can/will change. There is also little reason to include padding
within plaintext used for digests/signatures
As for ordering: you chose a different value for the padding tag than what is
implemented in rpm5.
While using the relatively new "--signfiles" rpm option (i.e. rpm --addsign
[--signfiles] PACKAGE), I found that IMA signatures for non-executable
configuration files, as indicated by the RPM packager, were not applied as part
of an RPM upgrade (and I assume installation) even though the
Doh... Well it's there now:
https://github.com/rpm-software-management/rpm-web/commit/87e2b6ffa451593a4077570f26182c2bb3dbe440
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@khardix It's not in the website, but it's in the documentation generated by
rpm itself:
https://github.com/rpm-software-management/rpm/blob/master/doc/manual/macros#L91
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
...to continue on the padding tag placement, this is what I see in the capsule
package signature header:
```
Index entries: 7 (112 bytes)
Data size: 792
Header size: 904
Tag #0
tagno:62 (Headersignatures)
type: 7 (blob)
offset: 152
count:16
[...]
Tag
@n3npq @Conan-Kudo Thanks a lot for pointing that out – I kind-of feel like I
should RTFM more .
> Have you thought about using the %{load: in the spec to load extra macros?
@Conan-Kudo: This might again be just search issue, but could you point me to
the documentation of the `%{load:...}`
