Rule ID
SV-219997r1016296_rule
Version
V3R5
Digitally signed packages ensure that the source of the package can be identified.
Determine what the signature policy is for pkg publishers: # pkg property | grep signature-policy Check that output produces: signature-policy verify If the output does not confirm that signature-policy verify is active, this is a finding.
The Software Installation Profile is required. Configure the package system to ensure that digital signatures are verified. # pfexec pkg set-property signature-policy verify