@pmatilai commented on this pull request.
> -
- if (flags & RPMSIGN_FLAG_FSVERITY) {
- if (includeVeritySignatures(fd, &sigh, &h))
- goto exit;
+ /* Add file signatures (if requested and not a source rpm) */
+ if (!headerIsSource(h)) {
+ if (flags & RPMSIGN_FLAG_IMA) {
+ if (includeFileSignatures(&sigh, &h))
+ goto exit;
+ }
+ if (flags & RPMSIGN_FLAG_FSVERITY) {
+ if (includeVeritySignatures(fd, &sigh, &h))
+ goto exit;
+ }
+ } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+ rpmlog(RPMLOG_WARNING,
Yup. And in that case, a warning suggests there's something bad in what they
do, but is there? Realizing this use-case, I don't think there is. So if
anything, it should be a RPMLOG_DEBUG item actually, and otherwise just ignore
the file signatures for src.rpms.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3470#discussion_r1858580788
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3470/review/2461603...@github.com>_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
