rpm: apply signatures to config files

Since rpm 4.15, the users can control over the installation of signatures on config files through a variable named %_ima_sign_config_files. But this is disabled by default. Add a macro configuration file to enable it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2020-12-04 16:41:35 +0800
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2020-12-08 22:03:59 +0800
commit: d6ca3fa224c51ced1c511d59cbd85a6f35245748 (patch)
tree: effe038e1ddb47295c1149ab0855ec69741cb586
parent: 628949305cdffff6798330d58e3d8c2bcf5c89f3 (diff)
download: meta-secure-core-d6ca3fa224c51ced1c511d59cbd85a6f35245748.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
index 268af38..8b9c378 100644
--- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
+++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
@@ -9,3 +9,12 @@ EXTRA_OECONF_remove += "\
    --disable-plugins \
 "
 EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin"
+SRC_URI_append = " \
+                  file://macros.ima \
+                 "
+do_install_append () {
+    install -d ${D}${sysconfdir}/rpm
+    install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/
+}
diff --git a/meta-integrity/recipes-devtools/rpm/rpm/macros.ima b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima
new file mode 100644
index 0000000..31e2b54
--- /dev/null
+++ b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima
@@ -0,0 +1 @@
+%_ima_sign_config_files         1
author	Yi Zhao <yi.zhao@windriver.com>	2020-12-04 16:41:35 +0800
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2020-12-08 22:03:59 +0800
commit	d6ca3fa224c51ced1c511d59cbd85a6f35245748 (patch)
tree	effe038e1ddb47295c1149ab0855ec69741cb586
parent	628949305cdffff6798330d58e3d8c2bcf5c89f3 (diff)
download	meta-secure-core-d6ca3fa224c51ced1c511d59cbd85a6f35245748.tar.gz

diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc index 268af38..8b9c378 100644 --- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc +++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
@@ -9,3 +9,12 @@ EXTRA_OECONF_remove += "\
9	--disable-plugins \	9	--disable-plugins \
10	"	10	"
11	EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin"	11	EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin"
		12
		13	SRC_URI_append = " \
		14	file://macros.ima \
		15	"
		16
		17	do_install_append () {
		18	install -d ${D}${sysconfdir}/rpm
		19	install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/
		20	}


diff --git a/meta-integrity/recipes-devtools/rpm/rpm/macros.ima b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima new file mode 100644 index 0000000..31e2b54 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima
@@ -0,0 +1 @@
			%_ima_sign_config_files 1