FC12: Hidden files in /usr/bin/*

Toshio Kuratomi a.badger at gmail.com
Mon Feb 1 19:00:48 UTC 2010

On Mon, Feb 01, 2010 at 01:38:13PM -0500, Toshio Kuratomi wrote:
> 1) The present packages need to be fixecd.  Sounds like fipscheck, hmaccalc,
> and openssh.  They are violating the FHS which is prohibited by the
> Guidelines.  Ralf, have you opened bugs?
> 2) We need to decide where to place the files.  I don't know what uses them,
> so I'm not entirely certain about this.  Here's some suggestions:
>   * If each binary checks itself then %{_libdir}/%{name}/$PROGNAME.hmac
>     seems reasonable.
>   * If there are one of more programs (fipscheck?) that check the integrity
>     of other binaries then we probably want a directory structure that is
>     namespaced by itself and allows that other program to lookup the
>     checksum for the binary.  Something like:
>     %{_libdir}/hmac%{_bindir}/$PROGNAME.hmac
>     %{_libdir}/hmac%{_sbindir}/$PROGNAM2.hmac

Caught j-rod and pjones on IRC who had the following insights:

* Each binary is supposed to perform an integrity check of itself when it
  starts.  So each binary needs to be able to find its hmac file.
* hazy recollection is that fipscheck is meant to check the integrity of any
  binray with checksums.  So we do need to use a directory structure that
  fipscheck can use to find the checksums.

If I could get some input from the people who actually deal with fipscheck
and this standard, that this is the way forward, I'll write up the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100201/91ac4a09/attachment.bin 

More information about the devel mailing list