> > == How To Test == > > You can verify that a signature has been put in place by looking at > > the extended attribute by running: `getfattr -d -m security.ima > > /usr/bin/bash` (change `/usr/bin/bash` with the file to check). > > Can one easily query the RPM archive for the signature blob for any > given file it contains? > > > > The signatures can be tested “in vitro” by running `evmctl ima_verify > > --key publiccert.der -v myfile.txt`. > > [...] > > The full system could be tested by enrolling the Fedora IMA key [...] > > How will this key be distributed on the distro filesystem or on the web?
The pub keys will be both, I've added a paragraph to the detailed description. > Will it be signed by an already trusted CA? > > > - FChE > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
