On Thu, Jan 21, 2021 at 11:25:30AM +0100, Roberto Ragusa wrote: > On 1/21/21 12:29 AM, Patrick マルタインアンドレアス Uiterwijk wrote: > > > https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents > > > > > > > I'd like to point out that after many requests, I have updated the change page for this significantly, with more details as to the goals (and non-goals) of this feature, and answers to many other questions asked. > > > > Please have another look if you are interested in this. > > > > On installation of two different VMs, one with the resigned RPMs, and > > one with the resigned+ima RPMs, the /usr directory size does not change > > at all (both are exactly 1417064 bytes). > > How is this physically possible? > (and one million bytes for a directory makes no sense, I wonder what measurement this is) I defer to Patrick, but I think what he was trying to say is that if you do not have the rpm-plugin-ima installed, nothing changes in the files you are installing from rpm. They are exactly the same as they would be if they were not ima signed. It's only after you install the rpm-plugin-ima and install a rpm that it puts the signatures down in the files extended attributes. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
