@dmnks commented on this pull request.
> -
- if (flags & RPMSIGN_FLAG_FSVERITY) {
- if (includeVeritySignatures(fd, &sigh, &h))
- goto exit;
+ /* Add file signatures (if requested and not a source rpm) */
+ if (!headerIsSource(h)) {
+ if (flags & RPMSIGN_FLAG_IMA) {
+ if (includeFileSignatures(&sigh, &h))
+ goto exit;
+ }
+ if (flags & RPMSIGN_FLAG_FSVERITY) {
+ if (includeVeritySignatures(fd, &sigh, &h))
+ goto exit;
+ }
+ } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+ rpmlog(RPMLOG_WARNING,
Yep, that was kinda my thinking here, too... If there's such a single command
running somewhere regularly in the infra (which, as we know, uses all sorts of
ways to sign packages, cough cough), it would start failing with this patch (if
it were an error).
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3470#discussion_r1858568523
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3470/review/2461582...@github.com>_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
