#Supported algorithms: sha512 streebog256 streebog512
HASH_ALGO="sha512"
# A default GOST param-set can be overriden:
#GOST_PARAMSET=paramset:A
LIBDIRS="/lib64 /usr/lib64 /lib /usr/lib"
EXECLIBDIRS="/usr/libexec $LIBDIRS"
LIB_EXT=""
LOG_FILE=/var/log/integrity-sign.log
# Set to '.ima' to use the trusted keyring:
IMA_KEYRING=_ima
CERT_BASENAME=x509
SECONDARY_SUFFIX=_ca
# Uncomment to protect keys from removal:
#PROTECT_KEYS=1
#PROTECT_KEYRINGS=1
# Uncomment to enable EVM:
#WITH_EVM=yes
# Sign with user-defined keys (however, it's better
# to use --cert and --key command-line options):
#CERT=/path/to/cert
# Uncomment to overwrite existing signatures:
#RESIGN=yes
