> [...] > == How To Test == > You can verify that a signature has been put in place by looking at > the extended attribute by running: `getfattr -d -m security.ima > /usr/bin/bash` (change `/usr/bin/bash` with the file to check). Can one easily query the RPM archive for the signature blob for any given file it contains? > The signatures can be tested “in vitro” by running `evmctl ima_verify > --key publiccert.der -v myfile.txt`. > [...] > The full system could be tested by enrolling the Fedora IMA key [...] How will this key be distributed on the distro filesystem or on the web? Will it be signed by an already trusted CA? - FChE _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
