On Thu, Jan 21, 2021 at 11:25:30AM +0100, Roberto Ragusa wrote:
On 1/21/21 12:29 AM, Patrick マルタインアンドレアス Uiterwijk wrote:
> >
https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents
> >
>
> I'd like to point out that after many requests, I have updated the change page
for this significantly, with more details as to the goals (and non-goals) of this feature,
and answers to many other questions asked.
>
> Please have another look if you are interested in this.
> On installation of two different VMs, one with the resigned RPMs, and
> one with the resigned+ima RPMs, the /usr directory size does not change
> at all (both are exactly 1417064 bytes).
How is this physically possible?
(and one million bytes for a directory makes no sense, I wonder what measurement this is)
I defer to Patrick, but I think what he was trying to say is that if you
do not have the rpm-plugin-ima installed, nothing changes in the files
you are installing from rpm. They are exactly the same as they would be
if they were not ima signed. It's only after you install the
rpm-plugin-ima and install a rpm that it puts the signatures down in the
files extended attributes.
kevin