> > == How To Test == > > You can verify that a signature has been put in place by looking at > > the extended attribute by running: `getfattr -d -m security.ima > > /usr/bin/bash` (change `/usr/bin/bash` with the file to check). > > Can one easily query the RPM archive for the signature blob for any > given file it contains? > > > > The signatures can be tested “in vitro” by running `evmctl ima_verify > > --key publiccert.der -v myfile.txt`. > > [...] > > The full system could be tested by enrolling the Fedora IMA key [...] > > How will this key be distributed on the distro filesystem or on the web? The pub keys will be both, I've added a paragraph to the detailed description. > Will it be signed by an already trusted CA? > > > - FChE > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
