chantra / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
45afda
From 4d243b7e692e3803a764343dfed23feb1c656f0b Mon Sep 17 00:00:00 2001
45afda
From: Jes Sorensen <jsorensen@fb.com>
45afda
Date: Tue, 12 May 2020 13:42:34 -0400
45afda
Subject: [PATCH 31/33] Update man page for rpmsign
45afda
45afda
This documents the new arguments --signverity and --certpath required
45afda
to sign a package with fsverity signatures.
45afda
45afda
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45afda
---
45afda
 doc/rpmsign.8 | 20 ++++++++++++++++++++
45afda
 1 file changed, 20 insertions(+)
45afda
45afda
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
45afda
index f7ceae89b..a212746fe 100644
45afda
--- a/doc/rpmsign.8
45afda
+++ b/doc/rpmsign.8
45afda
@@ -9,6 +9,8 @@ rpmsign \- RPM Package Signing
45afda
 
45afda
 \fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45afda
 
45afda
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45afda
+
45afda
 .SS "rpmsign-options"
45afda
 .PP
45afda
 [\fb--rpmv3\fR]
45afda
@@ -30,6 +32,12 @@ packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
45afda
 .PP
45afda
 Delete all signatures from each package \fIPACKAGE_FILE\fR given.
45afda
 
45afda
+\fBrpm\fR \fB--delfilesign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
45afda
+
45afda
+.PP
45afda
+Delete all IMA and fsverity file signatures from each package
45afda
+\fIPACKAGE_FILE\fR given.
45afda
+
45afda
 .SS "SIGN OPTIONS"
45afda
 .PP
45afda
 .TP
45afda
@@ -44,12 +52,23 @@ signature verifiable with rpm < 4.14 or other interoperability reasons.
45afda
 \fB--fskpath \fIKEY\fB\fR
45afda
 Used with \fB--signfiles\fR, use file signing key \fIKey\fR.
45afda
 .TP
45afda
+\fB--certpath \fICERT\fB\fR
45afda
+Used with \fB--signverity\fR, use file signing certificate \fICert\fR.
45afda
+.TP
45afda
 \fB--signfiles\fR
45afda
 Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must
45afda
 be set to a supported algorithm before building the package. The
45afda
 supported algorithms are SHA1, SHA256, SHA384, and SHA512, which are
45afda
 represented as 2, 8, 9, and 10 respectively.  The file signing key (RSA
45afda
 private key) must be set before signing the package, it can be configured on the command line with \fB--fskpath\fR or the macro %_file_signing_key.
45afda
+.TP
45afda
+\fB--signverity\fR
45afda
+Sign package files with fsverity signatures. The file signing key (RSA
45afda
+private key) and the signing certificate must be set before signing
45afda
+the package. The key can be configured on the command line with
45afda
+\fB--fskpath\fR or the macro %_file_signing_key, and the cert can be
45afda
+configured on the command line with \fB--certpath\fR or the macro
45afda
+%_file_signing_cert.
45afda
 
45afda
 .SS "USING GPG TO SIGN PACKAGES"
45afda
 .PP
45afda
@@ -110,4 +129,5 @@ Jeff Johnson <jbj@redhat.com>
45afda
 Erik Troan <ewt@redhat.com>
45afda
 Panu Matilainen <pmatilai@redhat.com>
45afda
 Fionnuala Gunter <fin@linux.vnet.ibm.com>
45afda
+Jes Sorensen <jsorensen@fb.com>
45afda
 .fi
45afda
-- 
45afda
2.27.0
45afda