Bug 2231396 - Some RPM packages do not seem to carry IMA file signatures
Summary: Some RPM packages do not seem to carry IMA file signatures
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: distribution
Version: 38
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Aoife Moloney
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-11 13:36 UTC by Stefan Berger
Modified: 2023-08-14 16:17 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-08-14 16:17:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Stefan Berger 2023-08-11 13:36:38 UTC
Some packages in Fedora 38 don't seem to carry IMA file signatures.

With the rpm-plugin-ima installed on my system I get file signatures installed for most files but not all of them. Some packages I found without IMA file signatures are:

jq-1.6-15.fc38.x86_64.rpm
gpgme-1.17.1-3.fc38.x86_64
uresourced-0.5.3-2.fc37.x86_64    ; F37 package that should be rebuilt
guile-2.0.14-30.fc38.x86_64
fcoe-utils-1.0.34-3.gitb233050.fc37.x86_64  ; F37 package ...



Reproducible: Always

Steps to Reproduce:
1. dnf -y install rpm-plugin-ima
2. dnf -y install jq
3. getfattr -m ^sec -e hex --dump /usr/bin/jq

The last command returns nothing for security.ima


Actual Results:  
# getfattr -m ^security -e hex --dump /usr/bin/jq
getfattr: Removing leading '/' from absolute path names
# file: usr/bin/jq
security.selinux=0x73797374656d5f753a6f626a6563745f723a62696e5f743a733000


Expected Results:  
There should be a security.ima xattr.

Other way to find unsigned files:

getfattr -m ^security -e hex --dump /usr/*bin/* | grep -v security.selinux | less

Comment 1 Stefan Berger 2023-08-14 16:17:59 UTC
Upgraded to F39 and it looks better there now.


Note You need to log in before you can comment on or make changes to this bug.