Better removal of private keys

kernel.spec

@@ -4,7 +4,7 @@
 %define sublevel	7
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		7
+%define rpmrel		8
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -792,6 +792,21 @@ find . -name '.get_maintainer.ignore' | %kxargs rm -f
 
 %build
 
+# Ensure that build time generated private keys don't get published
+# as e.g. "RPM build root" on ABF!
+# Note that ABF sends SIGKILL to rpm-build.sh when the build is terminated;
+# in this case trap will not work, but RPM build root also will not be
+# saved because rpm-build.sh saves it, but it is SIGKILLed.
+# For best security we could store private keys in RAM (not reachable from
+# filesystem, so not in /tmp!) and override sth like fopen() by LD_PRELOAD
+# to give the content of keys from RAM when a virtual address of a key file
+# is accessed, but currently I don't know how to implement this (TODO: ).
+_cleanup(){
+	rm -fvr "%{certs_dir_rnd}"
+}
+# Make a trap to delete keys even if %%build fails in the middle
+trap "_cleanup" EXIT
+
 rm -rf %{temp_root}
 install -d %{temp_root}
 
@@ -998,6 +1013,7 @@ chmod +x tools/power/cpupower/utils/version-gen.sh
 %make -C tools/power/cpupower CPUFREQ_BENCH=false
 %endif
 
+_cleanup
 ############################################################################
 
 %install
@@ -1087,7 +1103,3 @@ install -m644 %{SOURCE53} %{buildroot}%{_unitdir}/cpupower.path
 install -m644 %{SOURCE51} %{buildroot}%{_sysconfdir}/sysconfig/cpupower
 install -m755 %{SOURCE52} %{buildroot}%{_bindir}/cpupower-start.sh
 %endif
-
-# Ensure that build time generated private keys don't get published
-# as e.g. "RPM build root" on ABF!
-rm -fvr "%{certs_dir_rnd}"