forked from pool/pesign-obs-integration
Accepting request 901652 from Base:System
OBS-URL: https://build.opensuse.org/request/show/901652 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign-obs-integration?expand=0&rev=44
This commit is contained in:
Git OBS Bridge
commit
44ba55e059
59
pesign-kernel-in-lib.diff
Normal file
59
pesign-kernel-in-lib.diff
Normal file
@ -0,0 +1,59 @@
|
||||
Index: pesign-obs-integration-10.2/brp-99-compress-vmlinux
|
||||
===================================================================
|
||||
--- pesign-obs-integration-10.2.orig/brp-99-compress-vmlinux
|
||||
+++ pesign-obs-integration-10.2/brp-99-compress-vmlinux
|
||||
@@ -11,6 +11,9 @@ kernel-*)
|
||||
exit 0
|
||||
esac
|
||||
for f in $RPM_BUILD_ROOT/boot/vmlinux-*; do
|
||||
+ if [ -L "$f" ]; then
|
||||
+ f=`readlink -f "$f"`
|
||||
+ fi
|
||||
for compression in gz/gzip xz; do
|
||||
if test -e "$f" -a -e "$f.${compression%/*}"; then
|
||||
echo "${compression#*/} $f"
|
||||
Index: pesign-obs-integration-10.2/pesign-repackage.spec.in
|
||||
===================================================================
|
||||
--- pesign-obs-integration-10.2.orig/pesign-repackage.spec.in
|
||||
+++ pesign-obs-integration-10.2/pesign-repackage.spec.in
|
||||
@@ -129,7 +129,7 @@ for sig in "${sigs[@]}"; do
|
||||
*.ko.sig)
|
||||
/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f"
|
||||
;;
|
||||
- /boot/* | *.efi.sig)
|
||||
+ /boot/* | *.efi.sig | */lib/modules/*/vmlinu[xz].sig | */lib/modules/*/[Ii]mage.sig | */lib/modules/*/z[Ii]mage.sig)
|
||||
%ifarch %ix86 x86_64 aarch64 %arm
|
||||
# PE style signature injection
|
||||
infile=${sig%.sig}
|
||||
Index: pesign-obs-integration-10.2/pesign-gen-repackage-spec
|
||||
===================================================================
|
||||
--- pesign-obs-integration-10.2.orig/pesign-gen-repackage-spec
|
||||
+++ pesign-obs-integration-10.2/pesign-gen-repackage-spec
|
||||
@@ -25,6 +25,8 @@ my $USAGE = "Usage: $0 --directory <payl
|
||||
|
||||
use Getopt::Long;
|
||||
use Fcntl qw(:mode :seek);
|
||||
+use File::Basename qw(dirname);
|
||||
+use File::Path qw(make_path);
|
||||
|
||||
my $directory;
|
||||
my $output = ".";
|
||||
@@ -418,6 +420,7 @@ sub print_files {
|
||||
if ($f->{flags} & $filetypes{ghost}) {
|
||||
$attrs .= "%ghost ";
|
||||
if (S_ISREG($f->{mode})) {
|
||||
+ make_path(dirname($path));
|
||||
open(my $fh, '>', $path) or die "$path: $!\n";
|
||||
if ($f->{size} > 0) {
|
||||
sysseek($fh, $f->{size} - 1, SEEK_SET);
|
||||
@@ -425,7 +428,10 @@ sub print_files {
|
||||
}
|
||||
close($fh);
|
||||
utime($f->{mtime}, $f->{mtime}, $path);
|
||||
+ } elsif (S_ISDIR($f->{mode})) {
|
||||
+ make_path($path);
|
||||
} elsif (S_ISLNK($f->{mode})) {
|
||||
+ make_path(dirname($path));
|
||||
symlink($f->{target}, $path);
|
||||
}
|
||||
}
|
||||
93
pesign-obs-integration-support-gzip-zstd-compression.patch
Normal file
93
pesign-obs-integration-support-gzip-zstd-compression.patch
Normal file
@ -0,0 +1,93 @@
|
||||
From b23d9018134eb505961917f165f9e39ff4829576 Mon Sep 17 00:00:00 2001
|
||||
From: Callum Farmer <gmbr3@opensuse.org>
|
||||
Date: Fri, 4 Jun 2021 20:31:00 +0100
|
||||
Subject: [PATCH] Add support for GZIP and ZSTD module compression
|
||||
|
||||
Written based on https://github.com/torvalds/linux/blob/master/scripts/Makefile.modinst
|
||||
---
|
||||
README | 2 +-
|
||||
brp-99-pesign | 4 ++++
|
||||
pesign-gen-repackage-spec | 21 +++++++++++++++++----
|
||||
3 files changed, 22 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/README b/README
|
||||
index 32afb8f..aaa5da0 100644
|
||||
--- a/README
|
||||
+++ b/README
|
||||
@@ -38,7 +38,7 @@ in debian/rules to use the fully automated helper.
|
||||
Consult the dh_signobs manpage for more information.
|
||||
|
||||
When BRP_PESIGN_COMPRESS_MODULE is passed, the script tries to compress the
|
||||
-kernel modules at the repackaging phase. Currently only xz format is supported.
|
||||
+kernel modules at the repackaging phase. Currently xz, gzip and zstd format is supported.
|
||||
For enable the compression feature, put the following along with
|
||||
BRP_PESIGN_FILES setup:
|
||||
|
||||
diff --git a/brp-99-pesign b/brp-99-pesign
|
||||
index c2492b3..4408f6d 100644
|
||||
--- a/brp-99-pesign
|
||||
+++ b/brp-99-pesign
|
||||
@@ -60,6 +60,10 @@ fi
|
||||
|
||||
if test "${BRP_PESIGN_COMPRESS_MODULE}" = "xz"; then
|
||||
pesign_repackage_compress="--compress xz"
|
||||
+elif test "${BRP_PESIGN_COMPRESS_MODULE}" = "gzip"; then
|
||||
+ pesign_repackage_compress="--compress gzip"
|
||||
+elif test "${BRP_PESIGN_COMPRESS_MODULE}" = "zstd"; then
|
||||
+ pesign_repackage_compress="--compress zstd"
|
||||
else
|
||||
pesign_repackage_compress=""
|
||||
fi
|
||||
diff --git a/pesign-gen-repackage-spec b/pesign-gen-repackage-spec
|
||||
index 8a1fe39..c01fa2d 100755
|
||||
--- a/pesign-gen-repackage-spec
|
||||
+++ b/pesign-gen-repackage-spec
|
||||
@@ -392,7 +392,20 @@ my %verifyflags = (
|
||||
sub print_files {
|
||||
my $files = shift;
|
||||
my @tocompress;
|
||||
-
|
||||
+ my $compress_ext = "";
|
||||
+ my $compress_cmd = "";
|
||||
+
|
||||
+ if ($compress eq "xz") {
|
||||
+ $compress_ext = ".xz";
|
||||
+ $compress_cmd = "xz --lzma2=dict=2MiB -f";
|
||||
+ } elsif ($compress eq "gzip") {
|
||||
+ $compress_ext = ".gz";
|
||||
+ $compress_cmd = "gzip -n -f";
|
||||
+ } elsif ($compress eq "zstd") {
|
||||
+ $compress_ext = ".zst";
|
||||
+ $compress_cmd = "zstd -T0 --rm -f -q";
|
||||
+ }
|
||||
+
|
||||
for my $f (@$files) {
|
||||
my $path = "$directory/$f->{name}";
|
||||
my $attrs = "";
|
||||
@@ -444,12 +457,12 @@ sub print_files {
|
||||
$attrs .= "%verify(not $verify_attrs) ";
|
||||
}
|
||||
|
||||
- if ($compress eq "xz" &&
|
||||
+ if ($compress ne "" &&
|
||||
$f->{name} =~ /\.ko$/ && S_ISREG($f->{mode})) {
|
||||
chmod($f->{mode}, $path);
|
||||
utime($f->{mtime}, $f->{mtime}, $path);
|
||||
push(@tocompress, $path);
|
||||
- print SPEC "$attrs " . quote($f->{name}) . ".xz\n";
|
||||
+ print SPEC "$attrs " . quote($f->{name}) . "$compress_ext\n";
|
||||
} else {
|
||||
print SPEC "$attrs " . quote($f->{name}) . "\n";
|
||||
}
|
||||
@@ -464,7 +477,7 @@ sub print_files {
|
||||
open(M, '>', $m) or die "$m: $!\n";
|
||||
print M join("\n", @tocompress);
|
||||
close(M);
|
||||
- system("xargs -a $m -t -P 4 -n 1 xz -f");
|
||||
+ system("xargs -a $m -t -P 4 -n 1 $compress_cmd");
|
||||
unlink($m);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 21 03:23:54 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Add pesign-obs-integration-support-gzip-zstd-compression.patch
|
||||
to support gzip and zstd module compression
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 23 09:34:17 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
|
||||
|
||||
- find kernel also in /lib (boo#1184804, pesign-kernel-in-lib.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 19 03:45:11 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
|
||||
@ -26,6 +26,8 @@ Group: Development/Tools/Other
|
||||
URL: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
Patch1: pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
|
||||
Patch2: pesign-obs-integration-support-gzip-zstd-compression.patch
|
||||
Patch3: pesign-kernel-in-lib.diff
|
||||
BuildRequires: openssl
|
||||
Requires: fipscheck
|
||||
Requires: mozilla-nss-tools
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user