[Rpm-maint] [PATCH 1/5] Fix indentation and formatting

Fix the indentation and formatting in signature related files. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 12 ++-- sign/rpmgensig.c | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/rpmsignfiles.c b/lib/rpmsignf

[Rpm-maint] [PATCH 3/5] Check range of algo index parameter before accessing array with it

Check the range of the algo index parameter before using it for accessing an array. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c index b7d9ccc..97a5be4

[Rpm-maint] [PATCH 4/5] Extend header size to 64MB due to file signatures

-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/header.c | 2 +- lib/header_internal.h | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/header.c b/lib/header.c index 81f2038..ae292f9 100644 --- a/lib/header.c +++ b/lib/header.c @@ -99,7 +99,7 @@

[Rpm-maint] [PATCH 2/5] Fix various memory leaks in file signature related functions.

Fix various memory leaks in file signature related functions. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 2 ++ rpmsign.c | 4 +++- sign/rpmgensig.c | 24 +--- 3 files changed, 22 insertions(+), 8 deletions(-) diff

[Rpm-maint] [PATCH 5/5] Fix handling of zero-length file digests

write into security.ima xattr. Check for a signature consisting of only zeroes and do not write it into the filesystem. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 4 plugins/ima.c | 36 +++- 2 files chang

Re: [Rpm-maint] [rpm-software-management/rpm] Fix off-by-one error (#68)

> @@ -104,7 +104,7 @@ static int base64_decode_value(unsigned char value_in) > { > static const int decoding[] = >

[Rpm-maint] [PATCH 3/5] Check range of algo index parameter before accessing array with it

From: Stefan Berger <stef...@us.ibm.com> Check the range of the algo index parameter before using it for accessing an array. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/rpmsignf

[Rpm-maint] [PATCH 0/5] Fix issues related to signed files

This series of patches fixes several issues related to signed files produced by rpmsign. Stefan Stefan Berger (5): Fix indentation and formatting Fix various memory leaks in file signature related functions. Check range of algo index parameter before accessing array with it Extend

[Rpm-maint] [PATCH 1/5] Fix indentation and formatting

From: Stefan Berger <stef...@us.ibm.com> Fix the indentation and formatting in signature related files. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 12 ++-- sign/rpmgensig.c | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-)

[Rpm-maint] [PATCH 4/5] Extend header size to 64MB due to file signatures

From: Stefan Berger <stef...@us.ibm.com> Extend the header size to 64MB in case an RPM has a lot of files and the file signatures do not fit within the current limit of 16MB. An example for an RPM with many files is kcbench-data-4.0. It contains more than 52000 files. With each sig

[Rpm-maint] [PATCH 2/5] Fix various memory leaks in file signature related functions.

From: Stefan Berger <stef...@us.ibm.com> Fix various memory leaks in file signature related functions. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/rpmsignfiles.c | 2 ++ rpmsign.c | 4 +++- sign/rpmgensig.c | 24 +--- 3 files

[Rpm-maint] [PATCH 5/5] Fix handling of zero-length file digests

From: Stefan Berger <stef...@us.ibm.com> Do not try to convert a zero-length file digest to a binary representation. Zero-length file digests may stem from directory entries and symbolic links. Return an empty signature in this case. Returning an empty signature results in the ima.so

[Rpm-maint] [PATCH v2 2/2] Fix handling of zero-length file digests

From: Stefan Berger <stef...@us.ibm.com> Do not try to convert a zero-length file digest to a binary representation. Zero-length file digests may stem from directory entries and symbolic links. Return an empty signature in this case. Returning an empty signature results in the ima.so

[Rpm-maint] [PATCH v2 1/2] Extend header size to 256MB due to file signatures

From: Stefan Berger <stef...@us.ibm.com> Extend the header size to 256MB in case an RPM has a lot of files and the file signatures do not fit within the current limit of 16MB. An example for an RPM with many files is kcbench-data-4.0. It contains more than 52000 files. With each sig

Re: [Rpm-maint] [PATCH 4/5] Extend header size to 64MB due to file signatures

ld call this function with this flag always set? Stefan > > Lubos > > - Original Message - > > From: "Florian Festi" <ffe...@redhat.com> > > To: "Stefan Berger" <stef...@us.ibm.com> > > Cc: rpm-maint@lists.rpm.org &g

Re: [Rpm-maint] [PATCH 5/5] Fix handling of zero-length file digests

"Rpm-maint" wrote on 04/27/2016 05:45:56 AM: > > I get the following warning: > > ima.c:23:1: warning: ‘PACKED’ attribute directive ignored [-Wattributes] > } __attribute__((PACKED)); > > May be there is an simpler way to check for the header being zeros

Re: [Rpm-maint] [PATCH v2 1/2] Extend header size to 256MB due to file signatures

"Rpm-maint" <rpm-maint-boun...@lists.rpm.org> wrote on 04/29/2016 01:42:06 PM: > > On Fri, 29 Apr 2016, Stefan Berger wrote: > > > From: Stefan Berger <stef...@us.ibm.com> > > > > Extend the header size to 256MB in case an RPM has a lot of fi

[Rpm-maint] [PATCH] rpmsign: Use default hash algo if RPMTAG_FILEDIGESTALGO missing

Use the default hash algorithm md5 on RPMs that do not contain the RPMTAG_FILEDIGESTALGO. This may be the case if the default hash algorithm used on files is md5 and thus no RPMTAG_FILEDIGESTALGO is being written (see build/files.c:genCpioListAndHeader()). Signed-off-by: Stefan Berger <s

[Rpm-maint] [PATCH v3 0/2] Fixes for file signatures

are run since they may invoke executables that were just installed; so we move the IMA plugin from the psm_post hook to the fsm_file_prepare hook. Regards, Stefan Stefan Berger (2): ima-plugin: Have executable configuration files signed ima-plugin: Move the IMA plugin

[Rpm-maint] [PATCH v3 2/2] ima-plugin: Move the IMA plugin to the fsm_file_prepare hook

Since newly installed files may be invoked by post install scriptlets, we need to have them signed before the scriptlets are executed. Therefore, we now move the IMA plugin to the fsm_file_prepare hook. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- plugins/ima.

[Rpm-maint] [PATCH 1/3] ima-plugin: Have executable configuration files signed

Some configuration files are executables and so they require the signature in the extended attribute. If they are not executable, they can be skipped. Examples for configuration files that are also executables are the grub files in /etc/grub.d. Signed-off-by: Stefan Berger <s

[Rpm-maint] [PATCH 2/3] ima-plugin: Only run the IMA plugin on package installation

We want to prevent that the IMA plugin applies signatures of the older version of files. So we have to check whether we are in the install (TR_ADDED) or remove (TR_REMOVED) cycle of a package. We only apply signatures in the install cycle. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.

Re: [Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook

Stefan Berger <stef...@linux.vnet.ibm.com> wrote on 09/21/2016 02:04:08 PM: > From: Stefan Berger <stef...@linux.vnet.ibm.com> > To: rpm-maint@lists.rpm.org > Cc: fionnuala.gun...@gmail.com, stef...@linux.vnet.ibm.com, > zo...@linux.vnet.ibm.com, Stefan Berger/Watson

[Rpm-maint] [PATCH 0/3] Fixes for file signatures

to extend that hook with the rpmte parameter type Regards, Stefan Stefan Berger (3): ima-plugin: Have executable configuration files signed ima-plugin: Only run the IMA plugin on package installation plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook lib

Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures

Panu Matilainen <pmati...@laiskiainen.org> wrote on 09/23/2016 04:15:22 AM: > From: Panu Matilainen <pmati...@laiskiainen.org> > To: Stefan Berger <stef...@linux.vnet.ibm.com>, rpm-maint@lists.rpm.org > Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com

Re: [Rpm-maint] [PATCH v2 1/4] ima-plugin: Have executable configuration files signed

Panu Matilainen <pmati...@laiskiainen.org> wrote on 09/23/2016 02:44:48 AM: > From: Panu Matilainen <pmati...@laiskiainen.org> > To: Stefan Berger <stef...@linux.vnet.ibm.com>, rpm-maint@lists.rpm.org > Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com

Re: [Rpm-maint] [PATCH v2 3/4] rpmplugins: Introduce new fsm_pre and fsm_post hooks

Panu Matilainen <pmati...@laiskiainen.org> wrote on 09/23/2016 03:03:48 AM: > From: Panu Matilainen <pmati...@laiskiainen.org> > To: Stefan Berger <stef...@linux.vnet.ibm.com>, rpm-maint@lists.rpm.org > Cc: Stefan Berger/Watson/IBM@IBMUS, fionnuala.gun...@gmail.com

Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures

Panu Matilainen wrote on 09/23/2016 07:50:15 AM: > >> > >> So... to achieve all this and actually behave correct in the face of > >> skipped files - whether due to color, netshared path or other file > >> policies - the IMA plugin should really just do what the

Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures

Panu Matilainen <pmati...@laiskiainen.org> wrote on 09/23/2016 03:30:54 PM: > From: Panu Matilainen <pmati...@laiskiainen.org> > To: Stefan Berger/Watson/IBM@IBMUS > Cc: fionnuala.gun...@gmail.com, rpm-maint@lists.rpm.org, Stefan > Berger <stef...@linux.vnet.ibm.com&g

[Rpm-maint] [PATCH v2 4/4] IMA: Move the IMA plugin to the fsm_post hook

Move the IMA plugin to the fsm_post hook. Check whether the given return code indicates and error, and do nothing in case it does show an error. There is nothing to clean up, so we can do that. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- plugins/ima.c | 6 +++--- 1 file c

[Rpm-maint] [PATCH v2 1/4] ima-plugin: Have executable configuration files signed

Some configuration files are executables and so they require the signature in the extended attribute. If they are not executable, they can be skipped. Examples for configuration files that are also executables are the grub files in /etc/grub.d. Signed-off-by: Stefan Berger <s

[Rpm-maint] [PATCH v2 3/4] rpmplugins: Introduce new fsm_pre and fsm_post hooks

Introduce fsm_pre and fsm_post hooks, which are invoked before and after the package files are installed. Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> --- lib/psm.c| 6 +- lib/rpmplugin.h | 6 ++ lib/rpmplugins.c | 35 ++

Re: [Rpm-maint] [rpm-software-management/rpm] Problem with --signfiles for files that are hardlinked together (#333)

@pmatilai Would it be possible to have these 4 patches applied to the latest rpm built for Fedora 26 and later? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Request to apply IMA signatures to files even if deemed a configuration file (#364)

A potential side-effect of having signatures applied to configuration files is that the configuration files may be modified by the user or programs / post-installation scripts and the signature on these files may become invalid or be removed as part of the modification of the configuration

Re: [Rpm-maint] [rpm-software-management/rpm] Problem with --signfiles for files that are hardlinked together (#333)

@pmatilai Is the problem limited to the fsmMkfile() function? I suppose this is where the hard links are created. Would the solution be to do things in a different order in that function ? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view

Re: [Rpm-maint] [rpm-software-management/rpm] Problem with --signfiles for files that are hardlinked together (#333)

@patrickc25000 I will have to patch the rpm package you are using with these patches and have you test it... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

Odd, the symlink test case works on my system... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/342#issuecomment-339842010___

Re: [Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

@stefanberger pushed 3 commits. 01a97c6 Create first hard link file and keep open, write it at end f05ea9c remove redundant 'nocontent' parameter from expandRegular c07b93d Remove redundant 'exclusive' parameter from expandRegular -- You are receiving this because you are subscribed to this

Re: [Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

Closed #342. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/342#event-1313091691___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

Reopened #342. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/342#event-1313092365___ Rpm-maint mailing list

[Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

This series of patches attempts to address the errors we are seeing when installing RPMs that contain hard links and an IMA policy that measures on reading and writing of files. The problem has been explained in issue #333. The solution is to open the first file that is created empty but now

Re: [Rpm-maint] [rpm-software-management/rpm] Write the content of a file with hard links into the first file (#342)

@stefanberger pushed 1 commit. b2fa119 split off function wfd_open() to open a file -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Problem with --signfiles for files that are hardlinked together (#333)

@pmatilai Is there a reason that in case of hard links the file gets written only after all the hard links have been created? It looks a bit complicated ... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Problem with --signfiles for files that are hardlinked together (#333)

The problem seems to be that only the last entry has the file content... so the empty file that's created first cannot be written since the RPM entry currently being processed doesn't have the data. Then a couple of hard links may get created and only the last entry (hardlink) found there has

Re: [Rpm-maint] [rpm-software-management/rpm] Request to apply IMA signatures to files even if deemed a configuration file (#364)

This PR https://github.com/rpm-software-management/rpm/pull/374 now addresses the issue. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

I'll try to look at it this week. I suppose we can introduce a new command line option and an option for the macros file? Any suggestion? Is there another option that already works like this with a command line option and an option in the macros file ? -- You are receiving this because you

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

I just pushed an update but I haven't tested it, yet. Any comments on it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@pmatilai So, tested it now. It works for me. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/374#issuecomment-363114593___

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

I am using the variable `_write_signatures_on_config_files`. Maybe it should be `_write_ima_signatures_on_config_files`? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@n3npq With this patch we would basically allow everything to be signed for which we have signatures since we previously only filtered out %config files that were not executable. If a %ghost file has a signature stored in the rpm, it would at least now have it written out as well. If %ghost

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

So from the documentation at http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html I take that the file is neither packaged nor installed. Since it's not packaged, the RPM also doesn't carry a signature and we cannot write a signature out. If someone wants to write signatures out

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

The --replacefiles option seems to work on an equivalent of a regex matching all files (`.*`). You are saying 'What rpm lacks is an ability to apply --replacefiles to only some of the %config files in the packages being installed in a single transaction'. What other choice do we have then than

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

Please see https://github.com/rpm-software-management/rpm/issues/364 for the request. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@n3npq All I can say that I have a user who wants to have signatures written on %config files. This is what is driving this patch. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

Good point. Using .init now. :-) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/374#issuecomment-364449325___ Rpm-maint mailing

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@pmatilai I updated the patch to use `%_ima_sign_config_files`. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@n3npq: Re 'Adding the ability to change the ima signature in the xattr after installation, so that the modified, not the original %config template, would (at least) change my opinion, similarly for %ghost. But that isn't what is being proposed.': How would that work without including the

Re: [Rpm-maint] [rpm-software-management/rpm] Also apply signatures to config files (#374)

@n3npq: I am not sure how your suggestion of 'a per-file override of an inherited per-transaction AND mask would provide the ability to disable RPMFILE_CONFIG on a per-file basis' would translate into an implementation. Would we want this to be IMA specific? Maybe a list of regular expressions