Accepting request 789612 from home:msmeissn:branches:Base:System
- pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x) kernels with just kernel-sign-file (bsc#1163524) OBS-URL: https://build.opensuse.org/request/show/789612 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=88
This commit is contained in:
parent
b14ebb7b0a
commit
eee6f816df
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 26 13:35:18 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x)
|
||||
kernels with just kernel-sign-file (bsc#1163524)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 19 14:25:32 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
|
@ -39,6 +39,8 @@ Patch4: 0001-Keep-the-files-in-the-OTHER-directory.patch
|
||||
Patch5: 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
|
||||
# https://github.com/openSUSE/pesign-obs-integration/pull/17
|
||||
Patch6: 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
|
||||
# https://github.com/openSUSE/pesign-obs-integration/pull/18
|
||||
Patch7: pesign-sign-s390x-kernel.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
# suse-module-tools <= 15.0.10 contains modsign-verify
|
||||
Requires: suse-module-tools >= 15.0.10
|
||||
@ -55,6 +57,7 @@ boot loader, kernel and kernel modules in the openSUSE Buildservice.
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
|
||||
|
42
pesign-sign-s390x-kernel.patch
Normal file
42
pesign-sign-s390x-kernel.patch
Normal file
@ -0,0 +1,42 @@
|
||||
Index: pesign-obs-integration/pesign-repackage.spec.in
|
||||
===================================================================
|
||||
--- pesign-obs-integration.orig/pesign-repackage.spec.in
|
||||
+++ pesign-obs-integration/pesign-repackage.spec.in
|
||||
@@ -122,6 +122,8 @@ for sig in "${sigs[@]}"; do
|
||||
/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f"
|
||||
;;
|
||||
/boot/* | *.efi.sig)
|
||||
+%ifarch %ix86 x86_64 aarch64 %arm
|
||||
+ # PE style signature injection
|
||||
infile=${sig%.sig}
|
||||
cpio -i --to-stdout ${infile#./} <%_sourcedir/@NAME@.cpio.rsasign > ${infile}.sattrs
|
||||
test -s ${infile}.sattrs || exit 1
|
||||
@@ -134,6 +136,10 @@ for sig in "${sigs[@]}"; do
|
||||
echo "hash mismatch error: $ohash $nhash"
|
||||
exit 1
|
||||
fi
|
||||
+%else
|
||||
+ # appending to the file itself, e.g. for s390x.
|
||||
+ /usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f"
|
||||
+%endif
|
||||
# Regenerate the HMAC if it exists
|
||||
hmac="${f%%/*}/.${f##*/}.hmac"
|
||||
if test -e "$hmac"; then
|
||||
Index: pesign-obs-integration/brp-99-pesign
|
||||
===================================================================
|
||||
--- pesign-obs-integration.orig/brp-99-pesign
|
||||
+++ pesign-obs-integration/brp-99-pesign
|
||||
@@ -109,7 +109,12 @@ for f in "${files[@]}"; do
|
||||
mkdir -p "${dest%/*}"
|
||||
case "$f" in
|
||||
./boot/* | *.efi)
|
||||
- pesign --certdir="$nss_db" -i "$f" -E $dest
|
||||
+ if [ -f /usr/bin/pesign ]; then
|
||||
+ pesign --certdir="$nss_db" -i "$f" -E $dest
|
||||
+ else
|
||||
+ # Non PE architectures like s390x
|
||||
+ cp "$f" "$dest"
|
||||
+ fi
|
||||
;;
|
||||
*)
|
||||
cp "$f" "$dest"
|
Loading…
Reference in New Issue
Block a user