I wonder if we shouldn't just reuse the [compatibility
wrapper](https://github.com/linux-integrity/ima-evm-utils/blob/dc5969360a0439d225a0df386aeb2f4ab9f0661a/src/libimaevm.c#L1443)
`sign_hash()` in libimaevm.c.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-softwa
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3461
-- Commit Summary --
* Rename the rpm format selection macro to %_rpmformat
* Add missing documentation for RPMTAG_RPMFORMAT tag
* Add tag extension for rpm format ve
Closed #3237 as completed via 4806340cb8fcf80de6909dfa9697ed3c454d3e03.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3237#event-15384706858
You are receiving this because you are subscribed to this thread.
Message ID:
__
Closed #3419 as completed via 93f2d30001f16212d33b1c7344318798a785305e.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3419#event-15384706972
You are receiving this because you are subscribed to this thread.
Message ID:
__
Merged #3458 into master.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#event-15384706413
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint mail
Given the above, as well as Stefan's thumbs up, LGTM now, let's merge.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491661316
You are receiving this because you are subscribed to this thread.
Message ID:
Another cmake fallout - we even have the define in config.h.in but the actual
test was missing, causing us to never use the compression aware
dwelf_elf_begin() version.
The only reproducer I'm aware of is a kernel module, and we don't want
to pull in the huge kernel-devel to the test CI for thi
My all operation is in the container
os:CentOS Linux release 7.9.2009 (Core)
rpm version: RPM version 4.11.3
```bash
yum -y install centos-release nss-devel nspr-devel file-devel popt-devel
libarchive-devel lua-devel autoconf automake libtool zstd
wget http://ftp.rpm.org/releases/rpm-4.14.x/rpm-4
The postal address of the FSF in there is no longer valid. Use license files
currently available at
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
https://www.gnu.org/licenses/old-licenses/lgpl-2.0.txt
There are minor formatting changes. The license the code is under is not
changed.
Re
The test needs a bit more tweaking, I'll push a fixup commit in a moment.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2490619770
You are receiving this because you are subscribed to this thread.
Message ID: _
> ./configure --prefix=/usr
This isn't how rpm on Centos is configured, so it's no wonder it doesn't work.
Updating the system rpm beyond what the distro offers, you really need to know
what you're doing. And updating beyond the original major.minor branch is not
recommended even then.
--
R
Hi @stefanberger, could you please have a look at our usage of
`imaevm_signhash()` here? We're not sure if we're using it right since there's
no documentation available. Thanks!
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuec
Meh, forgot tests... I really am not awake today
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3461#issuecomment-2491085892
You are receiving this because you are subscribed to this thread.
Message ID: __
Merged #3460 into master.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3460#event-15379643222
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint mail
@dmnks pushed 2 commits.
776ad98616a67ea05667e87f97eb9f357d1de47a fixup! Add test case for ima file
signatures
f86ae36dd8de4c3df97f2e45dcbfaf3e5bca3f92 fixup! Add test case for ima file
signatures
--
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458/files/c2273603a5
Closed #3456 as completed via #3460.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3456#event-15379643483
You are receiving this because you are subscribed to this thread.
Message ID:
___
R
@pmatilai commented on this pull request.
> @@ -0,0 +1,5 @@
+-BEGIN EC PRIVATE KEY-
+MHQCAQEEIAqhMWlmwcHwa2pXlyxUfPUvKMdrHHxGAkKz0EfHrlZpoAcGBSuBBAAK
+oUQDQgAEhJIpSysqJlsr0+nAwQDYaqk4hkLmU+2Pje5jCpI6QfakJD+bVrXqF+5Z
+xbwEh+e+lrhDLfj9+jJTOda4WD83Ng==
+-END EC PRIVATE KEY-
Please
Oh, we're running on F40 in the CI, right. That's why, it's not deprecated
there yet.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491363527
You are receiving this because you are subscribed to this thread.
Message
@dmnks pushed 1 commit.
9790ec793ebcf5f2cf7ed66681374a2b9917d774 fixup! Use imaevm_signhash if
available
--
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458/files/375a17a1866b4d7c5766af8c44fe1f4d60bef948..9790ec793ebcf5f2cf7ed66681374a2b9917d774
You are receiving thi
Hmm, that's strange, one would expect the build to blow up then...
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491354980
You are receiving this because you are subscribed to this thread.
Message ID:
Pushed a fixup for the symbol detection issue, now it's working fine. The
solution was to use `check_library_exists()` instead of
`check_function_exists()`, with the former being generally
[recommended](https://cmake.org/cmake/help/latest/module/CheckFunctionExists.html)
over the latter.
Note
@ffesti, if you're ok with the test fixups, please squash them.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491092181
You are receiving this because you are subscribed to this thread.
Message ID: ___
Yep, noticed, thanks!
I'm still getting the deprecation warning on cmake configuration, though. I
guess the `HAVE_IMAEVM_SIGNHASH` macro isn't true for some reason (in my setup).
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issue
Yeah the same goes for CI, the log says:
> #19 4.038 -- Looking for imaevm_signhash
> #19 4.131 -- Looking for imaevm_signhash - not found
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491349389
You are receiving this
...and on my F41 locally (so ima-evm-utils-1.6.2-2.fc41.x86_64). So this new
version isn't being used now.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491363565
You are receiving this because you are subscribed to t
I've tried actually verifying an IMA signature made with rpm built from this
branch, using the following steps:
```bash
$ cat x509_evm.genkey
# Begining of the file
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
> Hi @stefanberger, could you please have a look at our usage of
> `imaevm_signhash()` here? We're not sure if we're using it right since
> there's no documentation available. Thanks!
Looks good to me.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-manage
Squashed and command to create key added in commit message.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491321829
You are receiving this because you are subscribed to this thread.
Message ID: ___
Squashed again
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3458#issuecomment-2491545647
You are receiving this because you are subscribed to this thread.
Message ID: ___
Rpm-maint mailing li
Minor issues I've noticed while working on a different IMA-related fix
:smile:
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3462
-- Commit Summary --
* Detect missing file signatures in IMA test
* Skip IMA test when b
30 matches
Mail list logo
