On Tue, 2019-01-08 at 06:56 +0530, rishi gupta wrote: > Hi Team, > > Android and android recovery based implementation for Linux, generates > ota package which is a zipped archive. > > I observed that xattr gets dropped when creating zip archive and > therefore after OTA system will not boot if IMA_APPRAISE_SIGNED_INIT > is used. > > This essentially means that IMA may not be used in commercial products > requiring OTA or I missed something or there is a workaround to such > problem. > > https://source.android.com/devices/tech/ota/tools Ok. Some applications support xattrs (eg. RPM, tar); others don't (eg. Debian packages, CPIO/initramfs). We worked with the RPM community to add xattr support. Multiple attempts have been made to add xattr support to Debian packages. Mimi
