Accepting request 155243 from Base:System

->

OBS-URL: https://build.opensuse.org/request/show/155243
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign-obs-integration?expand=0&rev=2

pesign-obs-integration.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Feb 12 15:42:22 CET 2013 - mls@suse.de
+
+- reduce debugging as pesign is now fixed
+
+-------------------------------------------------------------------
+Tue Feb 12 12:33:41 CET 2013 - mls@suse.de
+
+- add a bit of debug output to find out why the kernel signatures
+  are bad
+
 -------------------------------------------------------------------
 Wed Feb  6 13:24:14 CET 2013 - mls@suse.de
 

pesign-obs-integration.spec

@@ -16,6 +16,8 @@
 #
 
 
+# needssslcertforbuild
+
 Name:           pesign-obs-integration
 Summary:        Macros and scripts to sign the kernel and bootloader
 License:        GPL-2.0

pesign-repackage.spec.in

@@ -99,9 +99,15 @@ for sig in "${sigs[@]}"; do
 		infile=${sig%.sig}
 		cpio -i --to-stdout ${infile#./} <%_sourcedir/@NAME@.cpio.rsasign > ${infile}.sattrs
 		test -s ${infile}.sattrs || exit 1
+		ohash=$(pesign -n "$nss_db" -h -i "$f")
 		pesign -n "$nss_db" -c cert -i "$f" -o "$f.tmp" -d sha256 -I "${infile}.sattrs" -R "$sig"
 		rm -f "${infile}.sattrs"
 		mv "$f.tmp" "$f"
+		nhash=$(pesign -n "$nss_db" -h -i "$f")
+		if test "$ohash" != "$nhash" ; then
+		    echo "hash mismatch error: $ohash $nhash"
+		    exit 1
+		fi
 		;;
 	*)
 		echo "Warning: unhandled signature: $sig" >&2