diff options
author | Jes Sorensen <jsorensen@fb.com> | 2020-04-03 16:26:06 -0400 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2020-09-04 13:22:38 +0300 |
commit | 3ceb507e1da52b738665daafaa7da4b469eb75ae (patch) | |
tree | 4280db8f987a5259b96f630de77e279f52dfd9bb | |
parent | 307d9e23245e47c47a73f882d062ee6db8d40bf8 (diff) | |
download | rpm-3ceb507e1da52b738665daafaa7da4b469eb75ae.tar.gz |
rpmsign: Handle --certpath for signing certificate
fsverirty needs a certificate for signing, in addition to the signing key.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
-rw-r--r-- | rpmsign.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -22,6 +22,9 @@ static int mode = MODE_NONE; static int fskpass = 0; static char * fileSigningKey = NULL; #endif +#ifdef WITH_FSVERITY +static char * fileSigningCert = NULL; +#endif static struct rpmSignArgs sargs = {NULL, 0, 0}; @@ -44,6 +47,9 @@ static struct poptOption signOptsTable[] = { { "signverity", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &sargs.signflags, RPMSIGN_FLAG_FSVERITY, N_("generate fsverity signatures for package(s) files"), NULL}, + { "certpath", '\0', POPT_ARG_STRING, &fileSigningCert, 0, + N_("use file signing cert <cert>"), + N_("<cert>") }, #endif #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY) { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0, @@ -123,6 +129,12 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL); } +#ifdef WITH_FSVERITY + if (fileSigningCert) { + rpmPushMacro(NULL, "_file_signing_cert", NULL, fileSigningCert, RMIL_GLOBAL); + } +#endif + if (flags_sign_files(sargs->signflags)) { char *fileSigningKeyPassword = NULL; char *key = rpmExpand("%{?_file_signing_key}", NULL); |