prelink and yum conflict
Stephen Smalley
sds at epoch.ncsc.mil
Tue Oct 12 16:37:57 UTC 2004
On Tue, 2004-10-12 at 11:01, Jeff Johnson wrote:
> Do you want just result or do you want {plaintext,signature,pubkey} triple?
>
> I suppose a simple container struct with both could be arranged,
> something like
>
> struct {
> int verifiedreturncode; /* 0 == OK, 1 == notfound(unused), 2 ==
> verifyfail, 3 == nottrusted 4 == nokey */
> byte * plaintext;
> size_t plaintextlen;
> enum pktencodingtype /* OpenPGP, X.509, whatever */
> byte * signature;
> size_t signaturelen
> byte * pubkey;
> size_t pubkeylen;
> };
>
> starts to permit reasonably paranoid libselinux extensions into the land
> of signature verification.
>
> Yes, there are a slew of issues involving algorithms and parsing and
> more that selinux perhaps
> does not want to bite into quite yet.
I'd say just pass the verify return code for now. And any flags passed
by the caller that are relevant, e.g. explicit ignore of signature
verification by sysadmin.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list