This is a tracking bug for Change: Signed RPM Contents For more details, see: https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents We want to add signatures to individual files that are part of shipped RPMs. If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
The proposal for this Change indicated a contingency deadline of "mass rebuild", which is scheduled to begin tomorrow. Is this Change ready or does it need to be deferred to F38?
This is in place
F37 was released today, so I am closing this tracker. If this Change was not completed, please notify me ASAP.
This change isn't complete. After installing rpm-plugin-ima and reinstalling bash on Fedora-Cloud-Base-37-1.7.x86_64.qcow2, I don't see a security.ima extended attribute. ``` [root@ibm-p8-kvm-03-guest-02 ~]# dnf install attr rpm-plugin-ima -y [root@ibm-p8-kvm-03-guest-02 ~]# getfattr -m - -d /bin/bash getfattr: Removing leading '/' from absolute path names # file: bin/bash security.selinux="system_u:object_r:shell_exec_t:s0" [root@ibm-p8-kvm-03-guest-02 ~]# dnf reinstall bash -y [root@ibm-p8-kvm-03-guest-02 ~]# getfattr -m - -d /bin/bash getfattr: Removing leading '/' from absolute path names # file: bin/bash security.selinux="system_u:object_r:shell_exec_t:s0" ```
(In reply to Coiby from comment #4) > This change isn't complete. After installing rpm-plugin-ima and reinstalling > bash on Fedora-Cloud-Base-37-1.7.x86_64.qcow2, I don't see a security.ima > extended attribute. We had a bug in F-37 where it wrote it to the wrong location, that is fixed in F-38.