Gensig

dmnks · Nov 21, 2024 · 7177c4c · 7177c4c
1 parent fe742be
commit 7177c4c
Showing 1 changed file with 13 additions and 8 deletions.
diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc
@@ -702,14 +702,19 @@ static int rpmSign(const char *rpm, int deleting, int flags)
     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
 
-    if (flags & RPMSIGN_FLAG_IMA) {
-	if (includeFileSignatures(&sigh, &h))
-	    goto exit;
-    }
-
-    if (flags & RPMSIGN_FLAG_FSVERITY) {
-	if (includeVeritySignatures(fd, &sigh, &h))
-	    goto exit;
+    if (1 || !headerIsEntry(h, RPMTAG_SOURCEPACKAGE)) {
+	if (flags & RPMSIGN_FLAG_IMA) {
+	    if (includeFileSignatures(&sigh, &h))
+		goto exit;
+	}
+	if (flags & RPMSIGN_FLAG_FSVERITY) {
+	    if (includeVeritySignatures(fd, &sigh, &h))
+		goto exit;
+	}
+    } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+	rpmlog(RPMLOG_WARNING,
+	       _("File signatures not applicable to source packages: %s\n"),
+	       rpm);
     }
 
     if (deleting == 2) {	/* Nuke IMA + fsverity file signature tags. */