On Mon, 2010-02-01 at 14:00 -0500, Toshio Kuratomi wrote:
On Mon, Feb 01, 2010 at 01:38:13PM -0500, Toshio Kuratomi wrote:
- The present packages need to be fixecd. Sounds like fipscheck, hmaccalc,
and openssh. They are violating the FHS which is prohibited by the Guidelines. Ralf, have you opened bugs?
- We need to decide where to place the files. I don't know what uses them,
so I'm not entirely certain about this. Here's some suggestions:
- If each binary checks itself then %{_libdir}/%{name}/$PROGNAME.hmac seems reasonable.
- If there are one of more programs (fipscheck?) that check the integrity of other binaries then we probably want a directory structure that is namespaced by itself and allows that other program to lookup the checksum for the binary. Something like: %{_libdir}/hmac%{_bindir}/$PROGNAME.hmac %{_libdir}/hmac%{_sbindir}/$PROGNAM2.hmac
Caught j-rod and pjones on IRC who had the following insights:
- Each binary is supposed to perform an integrity check of itself when it starts. So each binary needs to be able to find its hmac file.
- hazy recollection is that fipscheck is meant to check the integrity of any binray with checksums. So we do need to use a directory structure that fipscheck can use to find the checksums.
If I could get some input from the people who actually deal with fipscheck and this standard, that this is the way forward, I'll write up the Guidelines.
I am sorry, but I do not see a real need for special guideline for the fipscheck checksums. The policy where these checksums should/will be placed should be decided by the fipscheck package itself. Of course I agree that the files must be moved from the current place to a subdirectory under %{_libdir} especially for the checksums of the binaries in %{_bindir} and %{_sbindir}.
There is still a slight problem with the library checksums especially for the libgcrypt library which currently resides in /%{_lib}. This means that if it looks for the checksum in %{_libdir}/fipscheck the /usr might not be mounted during the checksum verification. The question is whether the checksum in a hidden file in /%{_lib} violates FHS - in my opinion it does not as this is still non-executable arch-dependent file or whether we need to create a fipscheck subdirectory in /%{_lib} as well.