From b3f5792b51212a98378938eb889cf92a1596e0e83274dea6287d6b405beca9dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Wed, 6 Feb 2013 12:45:18 +0000 Subject: [PATCH 1/2] ... OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=5 --- pesign-obs-integration.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pesign-obs-integration.spec b/pesign-obs-integration.spec index 1829d39..6050119 100644 --- a/pesign-obs-integration.spec +++ b/pesign-obs-integration.spec @@ -16,6 +16,8 @@ # +# needssslcertforbuild + Name: pesign-obs-integration Summary: Macros and scripts to sign the kernel and bootloader License: GPL-2.0 From 3c6fd95a1ef92190a5b94ffadad947f2e7c35571c67f916750236added0143da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Tue, 12 Feb 2013 16:04:58 +0000 Subject: [PATCH 2/2] ... OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=7 --- pesign-obs-integration.changes | 11 +++++++++++ pesign-repackage.spec.in | 6 ++++++ 2 files changed, 17 insertions(+) diff --git a/pesign-obs-integration.changes b/pesign-obs-integration.changes index b1881e0..e658b12 100644 --- a/pesign-obs-integration.changes +++ b/pesign-obs-integration.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Feb 12 15:42:22 CET 2013 - mls@suse.de + +- reduce debugging as pesign is now fixed + +------------------------------------------------------------------- +Tue Feb 12 12:33:41 CET 2013 - mls@suse.de + +- add a bit of debug output to find out why the kernel signatures + are bad + ------------------------------------------------------------------- Wed Feb 6 13:24:14 CET 2013 - mls@suse.de diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in index eae28c2..ee5a692 100644 --- a/pesign-repackage.spec.in +++ b/pesign-repackage.spec.in @@ -99,9 +99,15 @@ for sig in "${sigs[@]}"; do infile=${sig%.sig} cpio -i --to-stdout ${infile#./} <%_sourcedir/@NAME@.cpio.rsasign > ${infile}.sattrs test -s ${infile}.sattrs || exit 1 + ohash=$(pesign -n "$nss_db" -h -i "$f") pesign -n "$nss_db" -c cert -i "$f" -o "$f.tmp" -d sha256 -I "${infile}.sattrs" -R "$sig" rm -f "${infile}.sattrs" mv "$f.tmp" "$f" + nhash=$(pesign -n "$nss_db" -h -i "$f") + if test "$ohash" != "$nhash" ; then + echo "hash mismatch error: $ohash $nhash" + exit 1 + fi ;; *) echo "Warning: unhandled signature: $sig" >&2