From d6ca3fa224c51ced1c511d59cbd85a6f35245748 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Fri, 4 Dec 2020 16:41:35 +0800
Subject: [PATCH] rpm: apply signatures to config files

Since rpm 4.15, the users can control over the installation of
signatures on config files through a variable named
%_ima_sign_config_files. But this is disabled by default. Add a macro
configuration file to enable it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 meta-integrity/recipes-devtools/rpm/rpm-integrity.inc | 9 +++++++++
 meta-integrity/recipes-devtools/rpm/rpm/macros.ima    | 1 +
 2 files changed, 10 insertions(+)
 create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/macros.ima

diff --git a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
index 268af38..8b9c378 100644
--- a/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
+++ b/meta-integrity/recipes-devtools/rpm/rpm-integrity.inc
@@ -9,3 +9,12 @@ EXTRA_OECONF_remove += "\
     --disable-plugins \
 "
 EXTRA_OECONF_append_class-native = " --disable-inhibit-plugin"
+
+SRC_URI_append = " \
+                  file://macros.ima \
+                 "
+
+do_install_append () {
+    install -d ${D}${sysconfdir}/rpm
+    install -m 0644 ${WORKDIR}/macros.ima ${D}${sysconfdir}/rpm/
+}
diff --git a/meta-integrity/recipes-devtools/rpm/rpm/macros.ima b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima
new file mode 100644
index 0000000..31e2b54
--- /dev/null
+++ b/meta-integrity/recipes-devtools/rpm/rpm/macros.ima
@@ -0,0 +1 @@
+%_ima_sign_config_files		1