From c581df2ee9b9e5ecfb673612528589d5727ed45b8da1756d7c5b11efc9625f08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Wed, 6 Feb 2013 12:25:06 +0000 Subject: [PATCH] - switch to normal brp hook OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign-obs-integration?expand=0&rev=3 --- README | 6 +++--- pesign-install-post => brp-99-pesign | 11 +++++------ macros.pesign-obs | 5 ----- pesign-obs-integration.changes | 6 ++++++ pesign-obs-integration.spec | 15 ++++++--------- pesign-repackage.spec.in | 10 +++++----- 6 files changed, 25 insertions(+), 28 deletions(-) rename pesign-install-post => brp-99-pesign (89%) delete mode 100644 macros.pesign-obs diff --git a/README b/README index bc0370d..d3bd0f0 100644 --- a/README +++ b/README @@ -8,13 +8,13 @@ Packages that need to sign files during build should add the following lines to the specfile # needssslcertforbuild -%define sign_files pattern... +export BRP_PESIGN_FILES='pattern...' BuildRequires: pesign-obs-integration The "# needssslcertforbuild" comment tells the buildservice to store the signing certificate in %_sourcedir/_projectcert.crt. At the end of the -install phase, the pesign-install-post script computes hashes of all -files matching the patterns in %sign_files. The sha256 hashes are stored +install phase, the brp-99-pesign script computes hashes of all +files matching the patterns in $BRP_PESIGN_FILES. The sha256 hashes are stored in %_topdir/OTHER/%name.cpio.rsasign, plus the script places a pesign-repackage.spec file there. When the first rpmbuild finishes, the buildservice sends the cpio archive to the signing server, which returns diff --git a/pesign-install-post b/brp-99-pesign similarity index 89% rename from pesign-install-post rename to brp-99-pesign index 2f6a5a4..35de650 100644 --- a/pesign-install-post +++ b/brp-99-pesign @@ -1,6 +1,6 @@ #!/bin/bash -# This script is run by rpmbuild at the end of install section. It computes -# hashes of files listed in the %sign_files macro and stores them in +# This script is run by rpmbuild at the end of the brp checks. It computes +# hashes of files listed in the BRP_PESIGN_FILES environment and stores them in # %_topdir/OTHER/%name.cpio.rsasign. It also puts a specfile there, that # is later used to repackage the RPMs. # @@ -22,7 +22,7 @@ set -e -files= +files=${BRP_PESIGN_FILES} output= while test $# -gt 0; do case "$1" in @@ -43,8 +43,7 @@ if test -z "$files"; then exit 0 fi if test -z "$output"; then - echo "$0: --output not specified" >&2 - exit 1 + output=`rpm --eval %_topdir/OTHER` fi if test -z "$RPM_BUILD_ROOT"; then echo "$0: warning: \$RPM_BUILD_ROOT not set, using the root directory" >&2 @@ -65,7 +64,7 @@ sed " r $cert d } -" /usr/lib/rpm/pesign-repackage.spec.in >"$output/pesign-repackage.spec" +" /usr/lib/rpm/pesign/pesign-repackage.spec.in >"$output/pesign-repackage.spec" cd "$RPM_BUILD_ROOT" args=() diff --git a/macros.pesign-obs b/macros.pesign-obs deleted file mode 100644 index b777012..0000000 --- a/macros.pesign-obs +++ /dev/null @@ -1,5 +0,0 @@ -# Macros for pesign / modsign OBS integration - -# The spec file should define %sign_files to a space-separated list of patterns -# of files to be signed, e.g. %define sign_files /lib/firmware *.ko -%__os_install_post /usr/lib/rpm/pesign-install-post --files "%{?sign_files}" --output %_topdir/OTHER diff --git a/pesign-obs-integration.changes b/pesign-obs-integration.changes index 879ce3f..b1881e0 100644 --- a/pesign-obs-integration.changes +++ b/pesign-obs-integration.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Feb 6 13:24:14 CET 2013 - mls@suse.de + +- switch to normal brp hook +- mv stuff in pesign directory instead of cluttering /usr/lib/rpm + ------------------------------------------------------------------- Fri Feb 1 17:18:32 CET 2013 - mls@suse.de diff --git a/pesign-obs-integration.spec b/pesign-obs-integration.spec index 065bf80..8be18bb 100644 --- a/pesign-obs-integration.spec +++ b/pesign-obs-integration.spec @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: pesign-obs-integration Summary: Macros and scripts to sign the kernel and bootloader License: GPL-2.0 @@ -28,10 +27,9 @@ Requires: pesign %endif BuildRequires: openssl Url: http://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools -Source1: macros.pesign-obs Source2: pesign-repackage.spec.in Source3: pesign-gen-repackage-spec -Source4: pesign-install-post +Source4: brp-99-pesign Source5: COPYING Source6: README Source7: kernel-sign-file @@ -49,14 +47,14 @@ cp %_sourcedir/{COPYING,README} . %install -mkdir -p %buildroot/usr/lib/rpm %buildroot/etc/rpm +mkdir -p %buildroot/usr/lib/rpm/brp-suse.de %buildroot/usr/lib/rpm/pesign cd %_sourcedir -install -m644 macros.pesign-obs %buildroot/etc/rpm -install pesign-gen-repackage-spec pesign-install-post kernel-sign-file %buildroot/usr/lib/rpm -install -m644 pesign-repackage.spec.in %buildroot/usr/lib/rpm +install pesign-gen-repackage-spec kernel-sign-file %buildroot/usr/lib/rpm/pesign +install brp-99-pesign %buildroot/usr/lib/rpm/brp-suse.d +install -m644 pesign-repackage.spec.in %buildroot/usr/lib/rpm/pesign if test -e _projectcert.crt; then openssl x509 -inform PEM -in _projectcert.crt \ - -outform DER -out %buildroot/usr/lib/rpm/pesign-cert.x509 + -outform DER -out %buildroot/usr/lib/rpm/pesign/pesign-cert.x509 else echo "No buildservice project certificate available" fi @@ -65,6 +63,5 @@ fi %defattr(-,root,root) %doc COPYING README /usr/lib/rpm/* -/etc/rpm/* %changelog diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in index 4f1b9da..eae28c2 100644 --- a/pesign-repackage.spec.in +++ b/pesign-repackage.spec.in @@ -76,8 +76,8 @@ if test "$(wc -l