michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
45e748
From 4d243b7e692e3803a764343dfed23feb1c656f0b Mon Sep 17 00:00:00 2001
45e748
From: Jes Sorensen <jsorensen@fb.com>
45e748
Date: Tue, 12 May 2020 13:42:34 -0400
45e748
Subject: [PATCH 31/33] Update man page for rpmsign
45e748
45e748
This documents the new arguments --signverity and --certpath required
45e748
to sign a package with fsverity signatures.
45e748
45e748
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45e748
---
45e748
 doc/rpmsign.8 | 20 ++++++++++++++++++++
45e748
 1 file changed, 20 insertions(+)
45e748
45e748
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
45e748
index f7ceae89b..a212746fe 100644
45e748
--- a/doc/rpmsign.8
45e748
+++ b/doc/rpmsign.8
45e748
@@ -9,6 +9,8 @@ rpmsign \- RPM Package Signing
45e748
 
45e748
 \fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45e748
 
45e748
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45e748
+
45e748
 .SS "rpmsign-options"
45e748
 .PP
45e748
 [\fb--rpmv3\fR]
45e748
@@ -30,6 +32,12 @@ packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
45e748
 .PP
45e748
 Delete all signatures from each package \fIPACKAGE_FILE\fR given.
45e748
 
45e748
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45e748
+
45e748
+.PP
45e748
+Delete all IMA and fsverity file signatures from each package
45e748
+\fIPACKAGE_FILE\fR given.
45e748
+
45e748
 .SS "SIGN OPTIONS"
45e748
 .PP
45e748
 .TP
45e748
@@ -44,12 +52,23 @@ signature verifiable with rpm < 4.14 or other interoperability reasons.
45e748
 \fB--fskpath \fIKEY\fB\fR
45e748
 Used with \fB--signfiles\fR, use file signing key \fIKey\fR.
45e748
 .TP
45e748
+\fB--certpath \fICERT\fB\fR
45e748
+Used with \fB--signverity\fR, use file signing certificate \fICert\fR.
45e748
+.TP
45e748
 \fB--signfiles\fR
45e748
 Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must
45e748
 be set to a supported algorithm before building the package. The
45e748
 supported algorithms are SHA1, SHA256, SHA384, and SHA512, which are
45e748
 represented as 2, 8, 9, and 10 respectively.  The file signing key (RSA
45e748
 private key) must be set before signing the package, it can be configured on the command line with \fB--fskpath\fR or the macro %_file_signing_key.
45e748
+.TP
45e748
+\fB--signverity\fR
45e748
+Sign package files with fsverity signatures. The file signing key (RSA
45e748
+private key) and the signing certificate must be set before signing
45e748
+the package. The key can be configured on the command line with
45e748
+\fB--fskpath\fR or the macro %_file_signing_key, and the cert can be
45e748
+configured on the command line with \fB--certpath\fR or the macro
45e748
+%_file_signing_cert.
45e748
 
45e748
 .SS "USING GPG TO SIGN PACKAGES"
45e748
 .PP
45e748
@@ -110,4 +129,5 @@ Jeff Johnson <jbj@redhat.com>
45e748
 Erik Troan <ewt@redhat.com>
45e748
 Panu Matilainen <pmatilai@redhat.com>
45e748
 Fionnuala Gunter <fin@linux.vnet.ibm.com>
45e748
+Jes Sorensen <jsorensen@fb.com>
45e748
 .fi
45e748
-- 
45e748
2.27.0
45e748