On Sun, Jun 13, 2010 at 02:02:39AM -0700, Nelson B Bolyard wrote: > > The root of the problem is that the shared libraries can change > > POST-install, as needed for ELF signing, split-debug and prelinking. The > > ELF signing is a catch-22. Either I have to run shlibsign afterwards, or > > I have to not sign those files, and leave them open to potential > > compromise. > Rerun shlibsign. It's fast and easy. As an intermediate related question, is there a standalone verification tool for the CHK files
shlibsign -V -i .... seems to just sign again, not verify. > > Running shlibsign does remedy the problem. > > > > However, this entire matter could be remedied if some more useful error > > had been returned instead of 'Invalid Arguments'. Something to indicate > > that the library checksums no longer matched. > It's open source. Patches are invited. Ok, I'll take that up. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgptVek32QP0X.pgp
Description: PGP signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto