|
|
45e748 |
From 4d243b7e692e3803a764343dfed23feb1c656f0b Mon Sep 17 00:00:00 2001
|
|
|
45e748 |
From: Jes Sorensen <jsorensen@fb.com>
|
|
|
45e748 |
Date: Tue, 12 May 2020 13:42:34 -0400
|
|
|
45e748 |
Subject: [PATCH 31/33] Update man page for rpmsign
|
|
|
45e748 |
|
|
|
45e748 |
This documents the new arguments --signverity and --certpath required
|
|
|
45e748 |
to sign a package with fsverity signatures.
|
|
|
45e748 |
|
|
|
45e748 |
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
|
|
|
45e748 |
---
|
|
|
45e748 |
doc/rpmsign.8 | 20 ++++++++++++++++++++
|
|
|
45e748 |
1 file changed, 20 insertions(+)
|
|
|
45e748 |
|
|
|
45e748 |
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
|
|
|
45e748 |
index f7ceae89b..a212746fe 100644
|
|
|
45e748 |
--- a/doc/rpmsign.8
|
|
|
45e748 |
+++ b/doc/rpmsign.8
|
|
|
45e748 |
@@ -9,6 +9,8 @@ rpmsign \- RPM Package Signing
|
|
|
45e748 |
|
|
|
45e748 |
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
45e748 |
|
|
|
45e748 |
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
45e748 |
+
|
|
|
45e748 |
.SS "rpmsign-options"
|
|
|
45e748 |
.PP
|
|
|
45e748 |
[\fb--rpmv3\fR]
|
|
|
45e748 |
@@ -30,6 +32,12 @@ packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
|
|
|
45e748 |
.PP
|
|
|
45e748 |
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
|
|
|
45e748 |
|
|
|
45e748 |
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
45e748 |
+
|
|
|
45e748 |
+.PP
|
|
|
45e748 |
+Delete all IMA and fsverity file signatures from each package
|
|
|
45e748 |
+\fIPACKAGE_FILE\fR given.
|
|
|
45e748 |
+
|
|
|
45e748 |
.SS "SIGN OPTIONS"
|
|
|
45e748 |
.PP
|
|
|
45e748 |
.TP
|
|
|
45e748 |
@@ -44,12 +52,23 @@ signature verifiable with rpm < 4.14 or other interoperability reasons.
|
|
|
45e748 |
\fB--fskpath \fIKEY\fB\fR
|
|
|
45e748 |
Used with \fB--signfiles\fR, use file signing key \fIKey\fR.
|
|
|
45e748 |
.TP
|
|
|
45e748 |
+\fB--certpath \fICERT\fB\fR
|
|
|
45e748 |
+Used with \fB--signverity\fR, use file signing certificate \fICert\fR.
|
|
|
45e748 |
+.TP
|
|
|
45e748 |
\fB--signfiles\fR
|
|
|
45e748 |
Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must
|
|
|
45e748 |
be set to a supported algorithm before building the package. The
|
|
|
45e748 |
supported algorithms are SHA1, SHA256, SHA384, and SHA512, which are
|
|
|
45e748 |
represented as 2, 8, 9, and 10 respectively. The file signing key (RSA
|
|
|
45e748 |
private key) must be set before signing the package, it can be configured on the command line with \fB--fskpath\fR or the macro %_file_signing_key.
|
|
|
45e748 |
+.TP
|
|
|
45e748 |
+\fB--signverity\fR
|
|
|
45e748 |
+Sign package files with fsverity signatures. The file signing key (RSA
|
|
|
45e748 |
+private key) and the signing certificate must be set before signing
|
|
|
45e748 |
+the package. The key can be configured on the command line with
|
|
|
45e748 |
+\fB--fskpath\fR or the macro %_file_signing_key, and the cert can be
|
|
|
45e748 |
+configured on the command line with \fB--certpath\fR or the macro
|
|
|
45e748 |
+%_file_signing_cert.
|
|
|
45e748 |
|
|
|
45e748 |
.SS "USING GPG TO SIGN PACKAGES"
|
|
|
45e748 |
.PP
|
|
|
45e748 |
@@ -110,4 +129,5 @@ Jeff Johnson <jbj@redhat.com>
|
|
|
45e748 |
Erik Troan <ewt@redhat.com>
|
|
|
45e748 |
Panu Matilainen <pmatilai@redhat.com>
|
|
|
45e748 |
Fionnuala Gunter <fin@linux.vnet.ibm.com>
|
|
|
45e748 |
+Jes Sorensen <jsorensen@fb.com>
|
|
|
45e748 |
.fi
|
|
|
45e748 |
--
|
|
|
45e748 |
2.27.0
|
|
|
45e748 |
|