diff --git a/brp-99-pesign b/brp-99-pesign index 9e0d762..e9c9e86 100644 --- a/brp-99-pesign +++ b/brp-99-pesign @@ -22,7 +22,10 @@ set -e -files=${BRP_PESIGN_FILES} +files="*.ko /lib/firmware" +if test -n "${BRP_PESIGN_FILES+x}"; then + files=${BRP_PESIGN_FILES} +fi output= while test $# -gt 0; do case "$1" in diff --git a/modsign-repackage b/modsign-repackage index e28d6d6..58bb950 100644 --- a/modsign-repackage +++ b/modsign-repackage @@ -20,7 +20,7 @@ USAGE="$0 --key --certificate rpm ..." -options=`getopt -o hk:c: --long help,key:,certificate: -- "$@"` +options=`getopt -o hk:c:s: --long help,key:,certificate:,signatures: -- "$@"` if test $? -ne 0; then echo "$USAGE" >&2 exit 1 @@ -28,6 +28,7 @@ fi eval set -- "$options" key= cert= +sig_dir= while :; do case "$1" in -k|--key) @@ -38,6 +39,10 @@ while :; do cert=$2 shift 2 ;; + -s|--signatures) + sig_dir=$2 + shift 2 + ;; -h|--help) echo "$USAGE" exit @@ -47,13 +52,18 @@ while :; do break esac done -if test -z "$key" -o -z "$cert"; then - echo "$0: The --key and --certificate options are mandatory" >&2 - echo "$USAGE" >&2 - exit 1 +err= +if test -n "$key" -a -n "$sig_dir"; then + err="Cannot use both --key and --signatures" +elif test -z "$key" -a -z "$sig_dir"; then + err="Please specify either --key or --signatures" +elif test -z "$cert"; then + err="Please specify --certificate" +elif test "$#" -eq 0; then + err="No packages specified" fi -if test "$#" -eq 0; then - echo "$0: No packages specified" >&2 +if test -n "$err"; then + echo "$0: $err" >&2 echo "$USAGE" >&2 exit 1 fi @@ -107,9 +117,20 @@ for rpm; do done set -e echo "Signing kernel modules..." -for module in $(find "$buildroot" -type f -name '*.ko'); do - /usr/lib/rpm/pesign/kernel-sign-file \ - sha256 "$key" "$cert" "$module" +for module in $(find "$buildroot" -type f -name '*.ko' -printf '%P\n'); do + if test -n "$key"; then + /usr/lib/rpm/pesign/kernel-sign-file \ + sha256 "$key" "$cert" "$buildroot/$module" + else + raw_sig="$sig_dir/$module.sig" + if test ! -e "$raw_sig"; then + echo "$module.sig not found in $sig_dir" >&2 + exit 1 + fi + /usr/lib/rpm/pesign/kernel-sign-file \ + -s "$raw_sig" sha256 "$cert" "$buildroot/$module" + fi + done # Add the certificate mkdir -p "$buildroot/etc/uefi/certs" diff --git a/pesign-obs-integration.changes b/pesign-obs-integration.changes index 1ca636f..63d3f3d 100644 --- a/pesign-obs-integration.changes +++ b/pesign-obs-integration.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Jan 16 15:12:22 UTC 2014 - mmarek@suse.cz + +- Do not sign any files if BRP_PESIGN_FILES is set not an empty + string (bnc#857599). + +------------------------------------------------------------------- +Tue Jan 7 09:50:58 UTC 2014 - mmarek@suse.cz + +- Fix a typo in the last change. + +------------------------------------------------------------------- +Mon Jan 6 22:08:41 UTC 2014 - mmarek@suse.cz + +- Default to BRP_PESIGN_FILES="*.ko /lib/firmware" (bnc#857599). + +------------------------------------------------------------------- +Mon Jan 6 16:35:30 UTC 2014 - mmarek@suse.cz + +- Add --signatures= option to modsign-repackage + (bnc#841627). + ------------------------------------------------------------------- Fri Jun 14 12:19:47 UTC 2013 - mmarek@suse.cz diff --git a/pesign-obs-integration.spec b/pesign-obs-integration.spec index 0b1a302..19cdc48 100644 --- a/pesign-obs-integration.spec +++ b/pesign-obs-integration.spec @@ -1,7 +1,7 @@ # # spec file for package pesign-obs-integration # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed