On Tue, 8 Sep 2020, Leon Fauster via CentOS-devel wrote:
I remember asking somewhere, if the integrity in generall gets checked (anaconda or kickstart list) but got no feedback.
To what end other than exercising electrons without adding certainty of more security ?
Just for the record, how do you propose to solve the MitM attack by Dr Evil substituting in a fraudulent set of signing key and 'gimmicked' rpm binary, which will cheerfully report 'all is well', post install [1]
The only way I know of is taking a couple of sums, and human sight checking them against an authoritative signed set from upstream, at install time, and every time tehreafter, rather than relying on a stored key .... but as the recent grub2 chain vulnerability indicates, a later update can compromise even seemingly cryptographiceally secured boot chains, and sneak exploited execulables in
-- Russ herrold
[1] trap doored binaries RPM signed and released to distribution https://access.redhat.com/errata/RHSA-2008:0855