On Thu, 2021-12-02 at 15:08 -0500, Frank Ch. Eigler wrote: > > > === Relationship with IMA === > > > > [https://sourceforge.net/p/linux-ima/wiki/Home/ IMA] is another > > technology meant to provide detection of file alterations. IMA and > > fsverity operate very differently, and are somewhat complementary. > > [...] > > Do these two systems use the same per-file signature metadata in the > RPMs? Both fs-verity and IMA use file signatures, but they each have their own dedicated flags and signing flows in RPM (e.g. see https://github.com/rpm-software-management/rpm/blob/4afe2d14d33db82ccb41c0a8d5eb1a4db90762fc/rpmsign.c for the signing implementation). The signatures themselves are not interchangeable -- fs-verity's signature is based off the Merkle tree (which itself is block-based), while IMA measures the file as a whole. Cheers Davide _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
