http://bugzilla.opensuse.org/show_bug.cgi?id=1187654 http://bugzilla.opensuse.org/show_bug.cgi?id=1187654#c25 --- Comment #25 from Antonio Feijoo <antonio.feijoo@suse.com> --- (In reply to Alberto Planas Dominguez from comment #24)
(In reply to Antonio Feijoo from comment #23)
(In reply to Alberto Planas Dominguez from comment #22)
(In reply to Antonio Feijoo from comment #21)
No, with this fix if there is not any cert file in /sysroot/etc/keys/ima, no message is shown.
Uhm, I mean if RD_DEBUG was "yes" it will show "integrity: IMA x509 cert file not found: /sysroot/etc/keys/ima/*"
That part of the code is inside the loop content and is never reached if there is no file.
But that is the issue, isn't? As I commented before, if there is not file the PUBKEY variable will not be empty, it will have a value, and this value is the string "/sysroot/etc/keys/ima/*"
Check this here, for example:
for PUBKEY in "/non/existent/"*; do echo "Inside loop: ${PUBKEY}" done
This produce this output:
Inside loop: /non/existent/*
Are we using different shells?
Yes, you're right, you're not seeing anything because rd.debug is not set on the kernel command line. Sorry for my mistake, I'm multitasking right now... -- You are receiving this mail because: You are on the CC list for the bug.