pool/pesign-obs-integration
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 880006 from home:gary_lin:branches:Base:System

Browse Source 
fix the potential hash mismatching (bsc#1183747)

OBS-URL: https://build.opensuse.org/request/show/880006
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=100
This commit is contained in:
Gary Ching-Pang Lin 2021-03-23 01:21:04 +00:00 committed by Git OBS Bridge
parent 53cd34b3d6
commit 949cc7fa93
3 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pesign-obs-integration-bsc1183747-always-pad-efi-images.patch Normal file
View File

@ -0,0 +1,28 @@
From 8177d2b826f848dd3feb4be28ed3c024d6cb7f43 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Fri, 19 Mar 2021 11:41:49 +0800
Subject: [PATCH] Always pad the EFI image when calculating the hash
Fix bsc#1183747
Signed-off-by: Gary Lin <glin@suse.com>
---
pesign-repackage.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in
index 76732b5..ccb35af 100644
--- a/pesign-repackage.spec.in
+++ b/pesign-repackage.spec.in
@@ -139,7 +139,7 @@ for sig in "${sigs[@]}"; do
pesign -n "$nss_db" -c cert -i "$f" -o "$f.tmp" -d sha256 -I "${infile}.sattrs" -R "$sig"
rm -f "${infile}.sattrs"
mv "$f.tmp" "$f"
- nhash=$(pesign -n "$nss_db" -h -i "$f")
+ nhash=$(pesign -n "$nss_db" -h -P -i "$f")
if test "$ohash" != "$nhash" ; then
echo "hash mismatch error: $ohash $nhash"
exit 1
--
2.29.2

6
pesign-obs-integration.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Mar 19 03:45:11 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
- Add pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
to fix the potential hash mismatching (bsc#1183747)
-------------------------------------------------------------------
Mon Dec 21 03:50:35 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>

3
pesign-obs-integration.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package pesign-obs-integration
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -25,6 +25,7 @@ License: GPL-2.0-only
Group: Development/Tools/Other
URL: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
Source: %{name}-%{version}.tar.gz
Patch1: pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
BuildRequires: openssl
Requires: fipscheck
Requires: mozilla-nss-tools