Accepting request 880006 from home:gary_lin:branches:Base:System
fix the potential hash mismatching (bsc#1183747) OBS-URL: https://build.opensuse.org/request/show/880006 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=100
This commit is contained in:
parent
53cd34b3d6
commit
949cc7fa93
@ -0,0 +1,28 @@
|
||||
From 8177d2b826f848dd3feb4be28ed3c024d6cb7f43 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Lin <glin@suse.com>
|
||||
Date: Fri, 19 Mar 2021 11:41:49 +0800
|
||||
Subject: [PATCH] Always pad the EFI image when calculating the hash
|
||||
|
||||
Fix bsc#1183747
|
||||
|
||||
Signed-off-by: Gary Lin <glin@suse.com>
|
||||
---
|
||||
pesign-repackage.spec.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in
|
||||
index 76732b5..ccb35af 100644
|
||||
--- a/pesign-repackage.spec.in
|
||||
+++ b/pesign-repackage.spec.in
|
||||
@@ -139,7 +139,7 @@ for sig in "${sigs[@]}"; do
|
||||
pesign -n "$nss_db" -c cert -i "$f" -o "$f.tmp" -d sha256 -I "${infile}.sattrs" -R "$sig"
|
||||
rm -f "${infile}.sattrs"
|
||||
mv "$f.tmp" "$f"
|
||||
- nhash=$(pesign -n "$nss_db" -h -i "$f")
|
||||
+ nhash=$(pesign -n "$nss_db" -h -P -i "$f")
|
||||
if test "$ohash" != "$nhash" ; then
|
||||
echo "hash mismatch error: $ohash $nhash"
|
||||
exit 1
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 19 03:45:11 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Add pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
|
||||
to fix the potential hash mismatching (bsc#1183747)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 21 03:50:35 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package pesign-obs-integration
|
||||
#
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -25,6 +25,7 @@ License: GPL-2.0-only
|
||||
Group: Development/Tools/Other
|
||||
URL: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
Patch1: pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
|
||||
BuildRequires: openssl
|
||||
Requires: fipscheck
|
||||
Requires: mozilla-nss-tools
|
||||
|
Loading…
Reference in New Issue
Block a user