Comment # 23 on bug 1187654 from Antonio Feijoo

(In reply to Alberto Planas Dominguez from comment #22)
> (In reply to Antonio Feijoo from comment #21)
> 
> > No, with this fix if there is not any cert file in /sysroot/etc/keys/ima, no
> > message is shown.
> 
> Uhm, I mean if RD_DEBUG was "yes" it will show "integrity: IMA x509 cert
> file not found: /sysroot/etc/keys/ima/*"

That part of the code is inside the loop content and is never reached if there
is no file. The same structure is used in evm-enable.sh, and you don't see any
"integrity: EVM x509 cert file not found" messages. Try it yourself.

> for PUBKEY in "${NEWROOT}${IMAKEYSDIR}"/*; do
>     # check for public key's existence
>     if [ ! -f "${PUBKEY}" ]; then
>         if [ "${RD_DEBUG}" = "yes" ]; then
>             info "integrity: IMA x509 cert file not found: ${PUBKEY}"
>         fi
>         continue
>     fi
>     ...
> done