- switch to normal brp hook

OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=3

README

@@ -8,13 +8,13 @@ Packages that need to sign files during build should add the following lines
 to the specfile
 
 # needssslcertforbuild
-%define sign_files pattern...
+export BRP_PESIGN_FILES='pattern...'
 BuildRequires: pesign-obs-integration
 
 The "# needssslcertforbuild" comment tells the buildservice to store the
 signing certificate in %_sourcedir/_projectcert.crt. At the end of the
-install phase, the pesign-install-post script computes hashes of all
-files matching the patterns in %sign_files. The sha256 hashes are stored
+install phase, the brp-99-pesign script computes hashes of all
+files matching the patterns in $BRP_PESIGN_FILES. The sha256 hashes are stored
 in %_topdir/OTHER/%name.cpio.rsasign, plus the script places a
 pesign-repackage.spec file there. When the first rpmbuild finishes, the
 buildservice sends the cpio archive to the signing server, which returns

brp-99-pesign

@@ -1,6 +1,6 @@
 #!/bin/bash
-# This script is run by rpmbuild at the end of install section. It computes
-# hashes of files listed in the %sign_files macro and stores them in
+# This script is run by rpmbuild at the end of the brp checks. It computes
+# hashes of files listed in the BRP_PESIGN_FILES environment and stores them in
 # %_topdir/OTHER/%name.cpio.rsasign. It also puts a specfile there, that
 # is later used to repackage the RPMs.
 #
@@ -22,7 +22,7 @@
 
 set -e
 
-files=
+files=${BRP_PESIGN_FILES}
 output=
 while test $# -gt 0; do
 	case "$1" in
@@ -43,8 +43,7 @@ if test -z "$files"; then
 	exit 0
 fi
 if test -z "$output"; then
-	echo "$0: --output not specified" >&2
-	exit 1
+	output=`rpm --eval %_topdir/OTHER`
 fi
 if test -z "$RPM_BUILD_ROOT"; then
 	echo "$0: warning: \$RPM_BUILD_ROOT not set, using the root directory" >&2
@@ -65,7 +64,7 @@ sed "
 		r $cert
 		d
 	}
-" /usr/lib/rpm/pesign-repackage.spec.in >"$output/pesign-repackage.spec"
+" /usr/lib/rpm/pesign/pesign-repackage.spec.in >"$output/pesign-repackage.spec"
 
 cd "$RPM_BUILD_ROOT"
 args=()

macros.pesign-obs

@@ -1,5 +0,0 @@
-# Macros for pesign / modsign OBS integration
-
-# The spec file should define %sign_files to a space-separated list of patterns
-# of files to be signed, e.g. %define sign_files /lib/firmware *.ko
-%__os_install_post /usr/lib/rpm/pesign-install-post --files "%{?sign_files}" --output %_topdir/OTHER

pesign-obs-integration.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb  6 13:24:14 CET 2013 - mls@suse.de
+
+- switch to normal brp hook
+- mv stuff in pesign directory instead of cluttering /usr/lib/rpm
+
 -------------------------------------------------------------------
 Fri Feb  1 17:18:32 CET 2013 - mls@suse.de
 

pesign-obs-integration.spec

@@ -15,7 +15,6 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
 Name:           pesign-obs-integration
 Summary:        Macros and scripts to sign the kernel and bootloader
 License:        GPL-2.0
@@ -28,10 +27,9 @@ Requires:       pesign
 %endif
 BuildRequires:  openssl
 Url:            http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
-Source1:        macros.pesign-obs
 Source2:        pesign-repackage.spec.in
 Source3:        pesign-gen-repackage-spec
-Source4:        pesign-install-post
+Source4:        brp-99-pesign
 Source5:        COPYING
 Source6:        README
 Source7:        kernel-sign-file
@@ -49,14 +47,14 @@ cp %_sourcedir/{COPYING,README} .
 
 %install
 
-mkdir -p %buildroot/usr/lib/rpm %buildroot/etc/rpm
+mkdir -p %buildroot/usr/lib/rpm/brp-suse.de %buildroot/usr/lib/rpm/pesign
 cd %_sourcedir
-install -m644 macros.pesign-obs %buildroot/etc/rpm
-install  pesign-gen-repackage-spec pesign-install-post kernel-sign-file %buildroot/usr/lib/rpm
-install -m644 pesign-repackage.spec.in %buildroot/usr/lib/rpm
+install  pesign-gen-repackage-spec kernel-sign-file %buildroot/usr/lib/rpm/pesign
+install  brp-99-pesign %buildroot/usr/lib/rpm/brp-suse.d
+install -m644 pesign-repackage.spec.in %buildroot/usr/lib/rpm/pesign
 if test -e _projectcert.crt; then
 	openssl x509 -inform PEM -in _projectcert.crt \
-		-outform DER -out %buildroot/usr/lib/rpm/pesign-cert.x509
+		-outform DER -out %buildroot/usr/lib/rpm/pesign/pesign-cert.x509
 else
 	echo "No buildservice project certificate available"
 fi
@@ -65,6 +63,5 @@ fi
 %defattr(-,root,root)
 %doc COPYING README
 /usr/lib/rpm/*
-/etc/rpm/*
 
 %changelog

pesign-repackage.spec.in

@@ -76,8 +76,8 @@ if test "$(wc -l <cert.crt)" -gt 1; then
 else
 	echo "warning: No buildservice project certificate found, add"
 	echo "warning: # needssslcertforbuild to the specfile"
-	echo "warning: Using /usr/lib/rpm/pesign-cert.x509 as fallback"
-	cert=/usr/lib/rpm/pesign-cert.x509
+	echo "warning: Using /usr/lib/rpm/pesign/pesign-cert.x509 as fallback"
+	cert=/usr/lib/rpm/pesign/pesign-cert.x509
 fi
 mkdir nss-db
 nss_db=$PWD/nss-db
@@ -90,10 +90,10 @@ for sig in "${sigs[@]}"; do
 	f=%buildroot/${sig%.sig}
 	case "$sig" in
 	*.ko.sig)
-		/usr/lib/rpm/kernel-sign-file -s "$sig" sha256 "$cert" "$f"
+		/usr/lib/rpm/pesign/kernel-sign-file -s "$sig" sha256 "$cert" "$f"
 		;;
 	./lib/firmware/*.sig)
-		/usr/lib/rpm/kernel-sign-file -f -s "$sig" sha256 "$cert" "$f"
+		/usr/lib/rpm/pesign/kernel-sign-file -f -s "$sig" sha256 "$cert" "$f"
 		;;
 	./boot/* | *.efi.sig)
 		infile=${sig%.sig}
@@ -108,7 +108,7 @@ for sig in "${sigs[@]}"; do
 	esac
 done
 popd
-/usr/lib/rpm/pesign-gen-repackage-spec --directory=%buildroot "${rpms[@]}"
+/usr/lib/rpm/pesign/pesign-gen-repackage-spec --directory=%buildroot "${rpms[@]}"
 rpmbuild --define "%%buildroot %buildroot" --define "%%disturl $disturl" \
 	 --define "%%_builddir $PWD" \
 	 --define "%_suse_insert_debug_package %%{nil}" -bb repackage.spec