With Fedora 36 working its way towards release later this month, more developer attention and planning is turning to Fedora 37 that will be released this autumn. One of the changes being talked about this week is for signing RPM contents for a means of trusting the files that are executed.
The Fedora 37 change proposal is for adding IMA-based signatures to the individual files that are part of shipped RPM packages. This will allow for enforcing run-time policies by system administrators to ensure the execution of only trusted files or similar policies.
This is a good idea, and it’s important to underline that this is entirely optional – nothing will change for regular end users who are not interested in such policies. This won’t limit your ability to install whatever rpm you want, nor does it lock down anything any further than it is today – it just gives administrators more options.
Which is what Windows has been doing for decades (but Linuxeros were screaming about it for allegedly being some evil scheme to control developers and users).
Anyway, the real issue with app installation on Windows and Desktop Linux is that you have to give the package sudo/UAC admin access, including access to run arbitrary script. I can put anything in postinstall scriptlets, and it will be run as sudo. I know because, over at work, were are putting “systemctl –no-reload enable xxx.service” commands in the postinstall scriptlets so the package enables itself after install).
Meanwhile, more advanced operating systems such as MacOS (.dmg) and Android (.apk) don’t have that: The package manager mounts or copies the files somewhere and that’s it. No arbitrary scripts. Everything else has to be requested via the APIs, which allows for yes/no prompts after install. It’s one of those hidden features of MacOS that justifies the price you pay for a Mac compared to similarly-spec’ed PC (back in the times we could compare specs).