Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package pesign-obs-integration for
openSUSE:Factory checked in at 2025-02-11 21:21:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign-obs-integration (Old)
and /work/SRC/openSUSE:Factory/.pesign-obs-integration.new.19470 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign-obs-integration"
Tue Feb 11 21:21:01 2025 rev:57 rq:1244777 version:10.2+git20250116.e734a3f
Changes:
--------
---
/work/SRC/openSUSE:Factory/pesign-obs-integration/pesign-obs-integration.changes
2025-01-31 16:01:56.905942154 +0100
+++
/work/SRC/openSUSE:Factory/.pesign-obs-integration.new.19470/pesign-obs-integration.changes
2025-02-11 21:21:27.146384873 +0100
@@ -1,0 +2,11 @@
+Mon Feb 10 13:57:06 UTC 2025 - dmuel...@suse.com
+
+- Update to version 10.2+git20250116.e734a3f:
+ * spec: mozilla-nss-tools is for SUSE distros, on Fedora/etc it's nss-tools
+ * spec: fix Fedora builds
+ * Add Fedora-specific workarounds to pesign-repackage.spec
+ * debian: add Provides dh-sequence-signobs
+ * dh_signobs: fix json input for pre-configured template
+ * dh_signobs: fix parsing of pesign hashing output
+
+-------------------------------------------------------------------
Old:
----
pesign-obs-integration-10.2+git20241221.c85eada.obscpio
New:
----
pesign-obs-integration-10.2+git20250116.e734a3f.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign-obs-integration.spec ++++++
--- /var/tmp/diff_new_pack.4Zkk17/_old 2025-02-11 21:21:28.050422167 +0100
+++ /var/tmp/diff_new_pack.4Zkk17/_new 2025-02-11 21:21:28.050422167 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pesign-obs-integration
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,12 @@
# needssslcertforbuild
+%if 0%{?fedora}
+%global debug_package %{nil}
+%endif
+
Name: pesign-obs-integration
-Version: 10.2+git20241221.c85eada
+Version: 10.2+git20250116.e734a3f
Release: 0
Summary: Macros and scripts to sign the kernel and bootloader
License: GPL-2.0-or-later
@@ -27,7 +31,11 @@
Source0: %{name}-%{version}.tar.gz
BuildRequires: openssl
Requires: fipscheck
+%if 0%{?suse_version}
Requires: mozilla-nss-tools
+%else
+Requires: nss-tools
+%endif
Requires: openssl
# suse-module-tools <= 15.0.10 contains modsign-verify
Requires: suse-module-tools >= 15.0.10
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.4Zkk17/_old 2025-02-11 21:21:28.090423817 +0100
+++ /var/tmp/diff_new_pack.4Zkk17/_new 2025-02-11 21:21:28.094423982 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/pesign-obs-integration.git</param>
- <param
name="changesrevision">c85eadad5f197b8f283b154744ab9b63376f0d3b</param></service></servicedata>
+ <param
name="changesrevision">e734a3f19d5e00ad5114b387a28391a8a81b55db</param></service></servicedata>
(No newline at EOF)
++++++ pesign-obs-integration-10.2+git20241221.c85eada.obscpio ->
pesign-obs-integration-10.2+git20250116.e734a3f.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pesign-obs-integration-10.2+git20241221.c85eada/debian/control
new/pesign-obs-integration-10.2+git20250116.e734a3f/debian/control
--- old/pesign-obs-integration-10.2+git20241221.c85eada/debian/control
2024-12-21 14:05:05.000000000 +0100
+++ new/pesign-obs-integration-10.2+git20250116.e734a3f/debian/control
2025-01-16 15:49:29.000000000 +0100
@@ -17,6 +17,7 @@
Enhances: debhelper
Depends: ${misc:Depends}, debhelper, cpio, libnss3-tools, jq, pesign,
pesign-obs-integration, openssl
+Provides: dh-sequence-signobs,
Description: Debian Helper for EFI signing on OBS
Adds a helper sequence to dh to send EFI signatures to OBS and to
re-package them using the templates.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pesign-obs-integration-10.2+git20241221.c85eada/dh_signobs
new/pesign-obs-integration-10.2+git20250116.e734a3f/dh_signobs
--- old/pesign-obs-integration-10.2+git20241221.c85eada/dh_signobs
2024-12-21 14:05:05.000000000 +0100
+++ new/pesign-obs-integration-10.2+git20250116.e734a3f/dh_signobs
2025-01-16 15:49:29.000000000 +0100
@@ -26,12 +26,13 @@
# called "source-template" in the debian/ directory (can be a subdirectory,
and it can be
# static or generated). Also a files.json list of the binaries to sign must be
placed in the
# same PARENT directory with the following format:
+# {"packages": {
# {"unsigned-binary-package": {
# "files": [
# {"sig_type": "efi", "file": "usr/lib/foo/bar.efi"},
# {"sig_type": "linux-module", "file": "lib/modules/1.2.3/baz.ko"}
# ]
-# }}
+# }}}
# The advantage of the templated build is that it can sign only a subset of
files - for
# example, a kernel build with CONFIG_MODULE_SIG_ALL=y does not need to sign
the modules and
# can save a lot of time by just signing the vmlinuz.
@@ -157,9 +158,9 @@
JSON="$(find debian -type f -name files.json)"
if [ -f "$JSON" ]
then
- for PKG in $(jq --raw-output 'to_entries[]? | .key' < "$JSON")
+ for PKG in $(jq --raw-output '.packages | to_entries[]? | .key'
< "$JSON")
do
- for f in $(jq --raw-output ".\"$PKG\".files[]? | .file"
< "$JSON")
+ for f in $(jq --raw-output ".packages.\"$PKG\".files[]?
| .file" < "$JSON")
do
UNSIGNED+=("$PKG/$f")
done
@@ -289,11 +290,11 @@
mkdir -p "../tmp/$(dirname "${DEST}")"
# ensure the EFI hash matches before and after attaching the
signature
- old_hash=$(pesign -n sql:"$nss_db" -h -P -i "${SIG%.sig}")
+ old_hash=$(pesign -n sql:"$nss_db" -h -P -i "${SIG%.sig}" | cut
-d ' ' -f1)
pesign -n sql:"$nss_db" -c cert -i "${SIG%.sig}" -o "$DEST" -d
sha256 -I "$(basename "${infile}").sattrs" -R "$SIG"
- new_hash=$(pesign -n sql:"$nss_db" -h -i "$DEST")
+ new_hash=$(pesign -n sql:"$nss_db" -h -i "$DEST" | cut -d ' '
-f1)
if [ "$old_hash" != "$new_hash" ]
then
echo "Pesign hash mismatch error: $old_hash $new_hash"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pesign-obs-integration-10.2+git20241221.c85eada/pesign-obs-integration.spec
new/pesign-obs-integration-10.2+git20250116.e734a3f/pesign-obs-integration.spec
---
old/pesign-obs-integration-10.2+git20241221.c85eada/pesign-obs-integration.spec
2024-12-21 14:05:05.000000000 +0100
+++
new/pesign-obs-integration-10.2+git20250116.e734a3f/pesign-obs-integration.spec
2025-01-16 15:49:29.000000000 +0100
@@ -17,6 +17,10 @@
# needssslcertforbuild
+%if 0%{?fedora}
+%global debug_package %{nil}
+%endif
+
Name: pesign-obs-integration
Version: 10.2
Release: 0
@@ -27,7 +31,11 @@
Source0: %{name}-%{version}.tar.gz
BuildRequires: openssl
Requires: fipscheck
+%if 0%{?suse_version}
Requires: mozilla-nss-tools
+%else
+Requires: nss-tools
+%endif
Requires: openssl
# suse-module-tools <= 15.0.10 contains modsign-verify
Requires: suse-module-tools >= 15.0.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pesign-obs-integration-10.2+git20241221.c85eada/pesign-repackage.spec.in
new/pesign-obs-integration-10.2+git20250116.e734a3f/pesign-repackage.spec.in
---
old/pesign-obs-integration-10.2+git20241221.c85eada/pesign-repackage.spec.in
2024-12-21 14:05:05.000000000 +0100
+++
new/pesign-obs-integration-10.2+git20250116.e734a3f/pesign-repackage.spec.in
2025-01-16 15:49:29.000000000 +0100
@@ -217,6 +217,17 @@
popd
/usr/lib/rpm/pesign/pesign-gen-repackage-spec @PESIGN_REPACKAGE_COMPRESS@
@PESIGN_LOAD_SPEC_MACROS@ \
--directory=%buildroot "${rpms[@]}"
+
+# For some reason in Fedora builds the directory structure is different from
SUSE,
+# which breaks repacking. Copy the package content to the buildroot that is
actually used.
+# Also all the usual tricks to disable the debug package fail, and the build
fails due to
+# the 'Empty files file <...>/debugsourcefiles.list' error. Delete the
specpart to bypass it.
+%if 0%{?fedora}
+ echo "%%install" >>repackage.spec
+ echo "cp -r %buildroot/* %%buildroot" >>repackage.spec
+ echo "rm -f %buildroot/../SPECPARTS/rpm-debuginfo.specpart"
>>repackage.spec
+%endif
+
rpmbuild --define "%%buildroot %buildroot" --define "%%disturl $disturl" \
--define "%%_builddir $PWD" \
--define "%%_binaries_in_noarch_packages_terminate_build 0" \
++++++ pesign-obs-integration.obsinfo ++++++
--- /var/tmp/diff_new_pack.4Zkk17/_old 2025-02-11 21:21:28.238429921 +0100
+++ /var/tmp/diff_new_pack.4Zkk17/_new 2025-02-11 21:21:28.242430086 +0100
@@ -1,5 +1,5 @@
name: pesign-obs-integration
-version: 10.2+git20241221.c85eada
-mtime: 1734786305
-commit: c85eadad5f197b8f283b154744ab9b63376f0d3b
+version: 10.2+git20250116.e734a3f
+mtime: 1737038969
+commit: e734a3f19d5e00ad5114b387a28391a8a81b55db
