Check Missing Signature Options

Description

–nodigest, –nosignature, –noverify, –nofiledigest options are flags that can used with the rpm command to alter its behavior during installation.This policy ensures that packages with untrusted or missing signatures are not used by rpm via the –nodigest, –nosignature, –noverify, or –nofiledigest options.

Kyverno policy

Refer to the Nirmata curated policies - check-missing-signature-options.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM centos:7

RUN yum install -y wget

RUN rpm -i vim-enhanced-7.4.629-7.el7.aarch64.rpm

RUN echo "Hello world!"