pool/pesign-obs-integration
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14512d1906
pesign-obs-integration/pesign-obs-integration.spec
Dirk Mueller 14512d1906 Accepting request 982769 from home:gmbr3:POBSI 
- Update to version 10.2+git20220504.8690743:
  * Don't repackage aarch64_ilp32 *-64bit packages
  * Use pesign for signing on riscv64
  * Add padding to grub signature correctly (jsc#SLE-18271 bsc#1192764).
  * kernel-sign-file: Support appending verbatim PKCS#7 signature.
  * kernel-sign-file: Move x509 parsing into a function.
  * Support ppc grub signing (jsc#SLE-18271 bsc#1192764).
  * Handle packages with epochs as well
  * Turn off rpm fatal warnings for noarch packages
- Upstreamed patches:
  * 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch
  * 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch
  * 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch
  * 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch
- Added patches:
  * order.patch - support OrderWithRequires

OBS-URL: https://build.opensuse.org/request/show/982769
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=111
2022-06-16 07:55:52 +00:00

77 lines
2.6 KiB
RPMSpec
Raw Blame History

#
# spec file for package pesign-obs-integration
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
Name: pesign-obs-integration
Version: 10.2+git20220504.8690743
Release: 0
Summary: Macros and scripts to sign the kernel and bootloader
License: GPL-2.0-only
Group: Development/Tools/Other
URL: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
Source: %{name}-%{version}.tar.gz
Patch: order.patch
BuildRequires: openssl
Requires: fipscheck
Requires: mozilla-nss-tools
Requires: openssl
# suse-module-tools <= 15.0.10 contains modsign-verify
Requires: suse-module-tools >= 15.0.10
%ifarch %{ix86} x86_64 ia64 aarch64 %{arm} riscv64
Requires: pesign
%endif
%description
This package provides scripts and rpm macros to automate signing of the
boot loader, kernel and kernel modules in the openSUSE Buildservice.
%prep
%setup -q -D
%autopatch -p1
%build
%install
mkdir -p %{buildroot}%{_prefix}/lib/rpm/brp-suse.d %{buildroot}%{_prefix}/lib/rpm/pesign
install pesign-gen-repackage-spec kernel-sign-file gen-hmac %{buildroot}%{_prefix}/lib/rpm/pesign
install brp-99-pesign %{buildroot}%{_prefix}/lib/rpm/brp-suse.d
# brp-99-compress-vmlinux has nothing to do with signing. It is packaged in
# pesign-obs-integration because this package is already used by the kernel
# build
install brp-99-compress-vmlinux %{buildroot}%{_prefix}/lib/rpm/brp-suse.d
install -m644 pesign-repackage.spec.in %{buildroot}%{_prefix}/lib/rpm/pesign
mkdir -p %{buildroot}%{_bindir}
install modsign-repackage %{buildroot}%{_bindir}/
install -pm 755 modsign-verify %{buildroot}%{_bindir}/
if test -e _projectcert.crt; then
openssl x509 -inform PEM -in _projectcert.crt \
-outform DER -out %{buildroot}%{_prefix}/lib/rpm/pesign/pesign-cert.x509
else
echo "No buildservice project certificate available"
fi
%files
%license COPYING
%doc README
%{_bindir}/modsign-repackage
%{_bindir}/modsign-verify
%{_prefix}/lib/rpm/*
%changelog
Reference in New Issue View Git Blame Copy Permalink