Hello and apologies for resurrecting an old thread.

I was looking for information regarding IMA in F37 and found it was asked but I could not see any replies.

My question is exactly the same as the OP, I do not see security.ima attributes on files after upgrading to F37.

(https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents)

```

$ getfattr --absolute-names -d -m - /usr/bin/cp
# file: /usr/bin/cp
security.selinux="system_u:object_r:bin_t:s0"

```

This output is after reinstalling coreutils. I have rpm-plugin-ima installed.

Also, where could one find the publiccert.der certificate to perform manual validation?

It is not published at https://getfedora.org/security/

I do not have any custom policy defined for IMA, but that should not matter:

```

$ sudo cat /sys/kernel/security/ima/policy
measure func=KEXEC_KERNEL_CHECK
measure func=MODULE_CHECK

```

Thanks.

On Tue, Sep 13, 2022 at 9:28 PM Frank Ch. Eigler <fche@redhat.com> wrote:

bcotton wrote:

> [...]
> ## Beta Release Highlights
> [...]
> # RPM content is now signed with IMA signatures

How can one observe this? Even with rpm-plugin-ima installed, steps in:

https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents#How_To_Test

produce no output for any of the files I tried in a f37-beta install.
The appropriate "publiccert.der" file does not seem to be available
either.

- FChE
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue