Hello community,
here is the log from the commit of package pesign-obs-integration for
openSUSE:Factory checked in at 2014-07-10 14:54:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign-obs-integration (Old)
and /work/SRC/openSUSE:Factory/.pesign-obs-integration.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign-obs-integration"
Changes:
--------
---
/work/SRC/openSUSE:Factory/pesign-obs-integration/pesign-obs-integration.changes
2014-05-02 09:51:46.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.pesign-obs-integration.new/pesign-obs-integration.changes
2014-07-10 14:54:58.000000000 +0200
@@ -1,0 +2,5 @@
+Thu Jul 3 14:01:24 UTC 2014 - [email protected]
+
+- Drop support for signing firmware files (bnc#867199)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ README ++++++
--- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200
+++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200
@@ -22,7 +22,6 @@
pesign-gen-repackage-spec script to generate another specfile, which
builds new RPMs with signed files. The supported file types are:
-/lib/firmware/* - Detached signature in $file.sig
*.ko - Signature appended to the module
efi binaries - Signature embedded in a header. If a HMAC checksum named
.$file.hmac exists, it is regenerated
++++++ brp-99-pesign ++++++
--- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200
+++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200
@@ -22,7 +22,7 @@
set -e
-files="*.ko /lib/firmware"
+files="*.ko"
if test -n "${BRP_PESIGN_FILES+x}"; then
files=${BRP_PESIGN_FILES}
fi
++++++ kernel-sign-file ++++++
--- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200
+++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200
@@ -4,11 +4,8 @@
#
my $USAGE =
-"Usage: scripts/sign-file [-v] [-f] <hash algo> <key> <x509> <module>
[<dest>]\n" .
-" scripts/sign-file [-v] [-f] -s <raw sig> <hash algo> <x509> <module>
[<dest>]\n" .
-" -v verbose output\n" .
-" -f create a firmware signature file\n";
-
+"Usage: scripts/sign-file [-v] <hash algo> <key> <x509> <module> [<dest>]\n" .
+" scripts/sign-file [-v] -s <raw sig> <hash algo> <x509> <module>
[<dest>]\n";
use strict;
use FileHandle;
@@ -16,10 +13,9 @@
use Getopt::Std;
my %opts;
-getopts('vfs:', \%opts) or die $USAGE;
+getopts('vs:', \%opts) or die $USAGE;
my $verbose = $opts{'v'};
my $signature_file = $opts{'s'};
-my $sign_fw = $opts{'f'};
die $USAGE if ($#ARGV > 4);
die $USAGE if (!$signature_file && $#ARGV < 3 || $signature_file && $#ARGV <
2);
@@ -35,18 +31,14 @@
if (@ARGV) {
$dest = $ARGV[0];
$keep_orig = 1;
-} elsif ($sign_fw) {
- $dest = $module . ".sig";
- $keep_orig = 1;
} else {
$dest = $module . "~";
}
-my $mode_name = $sign_fw ? "firmware" : "module";
die "Can't read private key\n" if (!$signature_file && !-r $private_key);
die "Can't read signature file\n" if ($signature_file && !-r $signature_file);
die "Can't read X.509 certificate\n" unless (-r $x509);
-die "Can't read $mode_name\n" unless (-r $module);
+die "Can't read module\n" unless (-r $module);
#
# Function to read the contents of a file into a variable.
@@ -377,14 +369,12 @@
my $unsigned_module = read_file($module);
-my $magic_number = $sign_fw ?
- "~Linux firmware signature~\n" :
- "~Module signature appended~\n";
+my $magic_number = "~Module signature appended~\n";
my $magic_len = length($magic_number);
my $info_len = 12;
# Truncate existing signarure, if any
-if (!$sign_fw && substr($unsigned_module, -$magic_len) eq $magic_number) {
+if (substr($unsigned_module, -$magic_len) eq $magic_number) {
my $info = substr($unsigned_module, -$magic_len - $info_len, $info_len);
my ($name_len, $key_len, $sig_len) = unpack("xxxCCxxxN", $info);
my $subtract = $name_len + $key_len + $sig_len + $info_len + $magic_len;
@@ -428,7 +418,7 @@
}
if ($verbose) {
- print "Size of unsigned $mode_name: ", length($unsigned_module), "\n";
+ print "Size of unsigned module: ", length($unsigned_module), "\n";
print "Size of signer's name : ", length($signers_name), "\n";
print "Size of key identifier : ", length($key_identifier), "\n";
print "Size of signature : ", length($signature), "\n";
@@ -440,16 +430,7 @@
open(FD, ">$dest") || die $dest;
binmode FD;
-if ($sign_fw) {
- print FD
- $magic_number,
- $info,
- $signers_name,
- $key_identifier,
- $signature
- ;
-} else {
- print FD
+print FD
$unsigned_module,
$signers_name,
$key_identifier,
@@ -457,7 +438,6 @@
$info,
$magic_number
;
-}
close FD || die $dest;
if (!$keep_orig) {
++++++ pesign-repackage.spec.in ++++++
--- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200
+++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200
@@ -109,9 +109,6 @@
*.ko.sig)
/usr/lib/rpm/pesign/kernel-sign-file -s "$sig" sha256 "$cert"
"$f"
;;
- /lib/firmware/*.sig)
- /usr/lib/rpm/pesign/kernel-sign-file -f -s "$sig" sha256
"$cert" "$f"
- ;;
/boot/* | *.efi.sig)
infile=${sig%.sig}
cpio -i --to-stdout ${infile#./}
<%_sourcedir/@[email protected] > ${infile}.sattrs
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
