> If I enable FS-verity and later find that I need to patch a file to fix > some problem, how do I as the sysadmin tell Linux that this change is > authorized? Do I disable FS-verity for that specific file? Disable > FS-verity globally? Add my own key to the kernel's keyring? Build and > sign my own RPM package? > > What prevents an attacker from doing the same?
I think this is a good, fair point and is a serious tradeoff in authenticating distributed files. However, I believe it should be possible for the user to securely configure a keypair and load the certificate in the fs-verity keyring s.t. they can sign the files they craft themselves, without allowing an attacker to, just like they would to normally sign things. So you could copy the file, modify it to your liking, (or just rebuild the rpm locally) then enable verity with your own signature. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
