Re: [Linux-ima-user] [RFC PATCH v3 0/4] Include and install file signatures

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Fin,

I will get some time now so I will review patches by Tuesday...

Thanks,
Dmitry

On 7 October 2014 23:19,  <fi...@li...> wrote:
> From: Fionnuala Gunter <fi...@li...>
>
> The Linux kernel's ima-appraisal module verifies file signatures. The problem
> with verifying digital signatures of files is how the files are signed in the
> first place. In our current prototype, we sign all files after system
> installation, but this doesn't handle ongoing updates. We propose that Linux
> distributors sign all files as part of the normal package signing. RPM already
> maintains hashes of all files in the rpm package, and this can be extended to
> add file signatures.
>
> This patch set extends the rpm signing tool to include file signatures in
> packages, and extends the rpm install tool to install file signatures.
>
> Changelog v2:
> -support for inline signing of files
> -command line option for file signing key
> -included missing file
> -fixed type in rpmDigestAlgo
>
> Changelog v3:
> -split up patch
>
> Fionnuala Gunter (4):
>   Add file signature to fsm_file_post parameter list
>   Sign package files and include signatures in package header
>   Label ima xattr when signed files are installed
>   Sign package files during installation
>
>  configure.ac         |   8 ++
>  doc/rpm.8            |  28 +++--
>  doc/rpmsign.8        |  22 +++-
>  lib/Makefile.am      |   3 +-
>  lib/fsm.c            |  68 ++++++++++-
>  lib/poptI.c          |   7 ++
>  lib/rpmcli.h         |   2 +
>  lib/rpminstall.c     |  10 +-
>  lib/rpmplugin.h      |   3 +-
>  lib/rpmplugins.c     |   5 +-
>  lib/rpmplugins.h     |   4 +-
>  lib/rpmsignfiles.c   | 130 +++++++++++++++++++++
>  lib/rpmsignfiles.h   |  45 ++++++++
>  lib/rpmtag.h         |   1 +
>  lib/rpmts.c          |  15 +++
>  lib/rpmts.h          |  15 +++
>  lib/rpmts_internal.h |   2 +
>  macros.in            |   1 +
>  plugins/Makefile.am  |   4 +
>  plugins/ima.c        |  83 ++++++++++++++
>  rpmpopt.in           |   1 +
>  rpmsign.c            |  14 ++-
>  sign/rpmgensig.c     | 319 +++++++++++++++++++++++++++++++++++++++++++++++----
>  sign/rpmsign.h       |   7 +-
>  24 files changed, 750 insertions(+), 47 deletions(-)
>  create mode 100644 lib/rpmsignfiles.c
>  create mode 100644 lib/rpmsignfiles.h
>  create mode 100644 plugins/ima.c
>
> --
> 1.9.3
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Linux-ima-user mailing list
> Lin...@li...
> https://lists.sourceforge.net/lists/listinfo/linux-ima-user

-- 
Thanks,
Dmitry