- fix pesign calls
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=2
This commit is contained in:
parent
184dbd8a83
commit
6a8d32d403
@ -74,6 +74,9 @@ sub query_single {
|
||||
$res = <$fh>;
|
||||
}
|
||||
chomp $res;
|
||||
if ($res eq "(none)") {
|
||||
$res = "";
|
||||
}
|
||||
close($fh);
|
||||
return $res;
|
||||
|
||||
@ -196,6 +199,7 @@ sub print_package {
|
||||
print SPEC "\%package -n $p->{name}\n";
|
||||
}
|
||||
for my $tag (@simple_tags) {
|
||||
next if $p->{$tag} eq "";
|
||||
print SPEC "$tag: " . quote($p->{$tag}) . "\n";
|
||||
}
|
||||
print SPEC "BuildArch: noarch\n" if $p->{arch} eq "noarch";
|
||||
|
@ -88,8 +88,8 @@ mkdir -p "$archive_dir"
|
||||
# create an empty nss database to make pesign happy
|
||||
nss_db=$(mktemp -d)
|
||||
trap 'rm -rf "$nss_db"' EXIT
|
||||
echo >"$nss_db/password"
|
||||
certutil -N -f "$nss_db/password" -d "$nss_db"
|
||||
echo foofoofoo > "$nss_db/passwd"
|
||||
certutil -N -d "$nss_db" -f "$nss_db/passwd"
|
||||
|
||||
echo "Creating $archive"
|
||||
files=($(find . -type f \( "${args[@]}" \)))
|
||||
@ -98,7 +98,7 @@ for f in "${files[@]}"; do
|
||||
mkdir -p "${dest%/*}"
|
||||
case "$f" in
|
||||
./boot/* | *.efi)
|
||||
pesign --certdir="$nss_db" -i "$f" --digestdata "$dest"
|
||||
pesign --certdir="$nss_db" -i "$f" -E $dest
|
||||
;;
|
||||
*)
|
||||
cp "$f" "$dest"
|
||||
|
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 1 17:18:32 CET 2013 - mls@suse.de
|
||||
|
||||
- fix pesign calls
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 1 10:19:52 UTC 2013 - mmarek@suse.cz
|
||||
|
||||
- Add some preliminary code to sign EFI binaries, marked with
|
||||
FIXMEs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 30 09:47:25 UTC 2013 - mmarek@suse.cz
|
||||
|
||||
|
@ -1,40 +1,33 @@
|
||||
#
|
||||
# spec file for package pesign-obs-integration (Version 1.0)
|
||||
# spec file for package pesign-obs-integration
|
||||
#
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
# needssslcertforbuild
|
||||
|
||||
Name: pesign-obs-integration
|
||||
Summary: Macros and scripts to sign the kernel and bootloader
|
||||
License: GPL-2.0
|
||||
Group: Development/Tools/Other
|
||||
Version: 6.0
|
||||
Release: 1
|
||||
Release: 0
|
||||
Requires: openssl mozilla-nss-tools
|
||||
%ifarch %ix86 x86_64 ia64
|
||||
Requires: pesign
|
||||
%endif
|
||||
BuildRequires: openssl
|
||||
License: GPL v2 only
|
||||
Group: Development/Tools/Other
|
||||
URL: http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
|
||||
Url: http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
|
||||
Source1: macros.pesign-obs
|
||||
Source2: pesign-repackage.spec.in
|
||||
Source3: pesign-gen-repackage-spec
|
||||
@ -43,6 +36,7 @@ Source5: COPYING
|
||||
Source6: README
|
||||
Source7: kernel-sign-file
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
This package provides scripts and rpm macros to automate signing of the
|
||||
boot loader, kernel and kernel modules in the openSUSE Buildservice.
|
||||
@ -74,4 +68,3 @@ fi
|
||||
/etc/rpm/*
|
||||
|
||||
%changelog
|
||||
|
||||
|
@ -79,6 +79,12 @@ else
|
||||
echo "warning: Using /usr/lib/rpm/pesign-cert.x509 as fallback"
|
||||
cert=/usr/lib/rpm/pesign-cert.x509
|
||||
fi
|
||||
mkdir nss-db
|
||||
nss_db=$PWD/nss-db
|
||||
echo foofoofoo > "$nss_db/passwd"
|
||||
certutil -N -d "$nss_db" -f "$nss_db/passwd"
|
||||
certutil -A -d "$nss_db" -n cert -t CT,CT,CT -i "$cert"
|
||||
|
||||
sigs=($(find -type f -name '*.sig'))
|
||||
for sig in "${sigs[@]}"; do
|
||||
f=%buildroot/${sig%.sig}
|
||||
@ -89,6 +95,14 @@ for sig in "${sigs[@]}"; do
|
||||
./lib/firmware/*.sig)
|
||||
/usr/lib/rpm/kernel-sign-file -f -s "$sig" sha256 "$cert" "$f"
|
||||
;;
|
||||
./boot/* | *.efi.sig)
|
||||
infile=${sig%.sig}
|
||||
cpio -i --to-stdout ${infile#./} <%_sourcedir/@NAME@.cpio.rsasign > ${infile}.sattrs
|
||||
test -s ${infile}.sattrs || exit 1
|
||||
pesign -n "$nss_db" -c cert -i "$f" -o "$f.tmp" -d sha256 -I "${infile}.sattrs" -R "$sig"
|
||||
rm -f "${infile}.sattrs"
|
||||
mv "$f.tmp" "$f"
|
||||
;;
|
||||
*)
|
||||
echo "Warning: unhandled signature: $sig" >&2
|
||||
esac
|
||||
|
Loading…
Reference in New Issue
Block a user