[prev in list] [next in list] [prev in thread] [next in thread]
List: centos-devel
Subject: Re: [CentOS-devel] virusscan a RPM file?
From: Brian Reichert <reichert () numachi ! com>
Date: 2019-06-12 19:03:39
Message-ID: 20190612190339.GX49325 () numachi ! com
[Download RAW message or body]
On Wed, Jun 12, 2019 at 02:16:27AM +0000, Young, Gregory wrote:
> I would suggest, after the build is completed, have clamav scan the sources, as \
> part of the build section of the RPM spec. Once the RPM is built, make sure to GPG \
> sign it and also publish your public key so GPG signature checking can be enabled. \
> In this way, you satisfy the AV scan requirement on the package contents before \
> packaging, and you sign the package during build to help ensure it hasn't been \
> tampered with post build.
You can use 'cpio' to extract the payload of an RPM; e.g.:
rpm2cpio commons-lang3-3.3.2-1.x86_64.rpm | cpio -idmv
That won't dump out scriptlets, triggers, etc. That's an additional
set of steps:
rpm -q --scripts -p commons-lang3-3.3.2-1.x86_64.rpm
rpm -q --triggers -p commons-lang3-3.3.2-1.x86_64.rpm
rpm -q --queryformat "%{PRETRANS}" -p commons-lang3-3.3.2-1.x86_64.rpm
rpm -q --queryformat "%{POSTTRANS}" -p commons-lang3-3.3.2-1.x86_64.rpm
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel@centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
--
Brian Reichert <reichert@numachi.com>
BSD admin/developer at large
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
https://lists.centos.org/mailman/listinfo/centos-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic