Hello community,
here is the log from the commit of package pesign-obs-integration for
openSUSE:Leap:15.2 checked in at 2020-03-02 17:21:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/pesign-obs-integration (Old)
and /work/SRC/openSUSE:Leap:15.2/.pesign-obs-integration.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign-obs-integration"
Mon Mar 2 17:21:35 2020 rev:35 rq:780327 version:10.1
Changes:
--------
---
/work/SRC/openSUSE:Leap:15.2/pesign-obs-integration/pesign-obs-integration.changes
2020-02-25 12:17:02.464414802 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.pesign-obs-integration.new.26092/pesign-obs-integration.changes
2020-03-02 17:21:38.666097724 +0100
@@ -1,0 +2,6 @@
+Wed Feb 26 16:14:00 UTC 2020 - Marcus Meissner <[email protected]>
+
+- pesign-sign-s390x-kernel.patch: allow the s390x kernel with
+ kernel-sign-files and not pesign (bsc#1163524)
+
+-------------------------------------------------------------------
New:
----
pesign-sign-s390x-kernel.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign-obs-integration.spec ++++++
--- /var/tmp/diff_new_pack.eZfExg/_old 2020-03-02 17:21:39.046098456 +0100
+++ /var/tmp/diff_new_pack.eZfExg/_new 2020-03-02 17:21:39.054098471 +0100
@@ -34,6 +34,7 @@
Source: %{name}_%{version}.tar.gz
#
https://github.com/openSUSE/pesign-obs-integration/commit/028e04a32e619a15c3d66ad57576c6235323f042
Patch0:
0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
+Patch1: pesign-sign-s390x-kernel.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# suse-module-tools <= 15.0.10 contains modsign-verify
Requires: suse-module-tools >= 15.0.10
@@ -45,6 +46,7 @@
%prep
%setup -D -n %{name}
%patch0 -p1
+%patch1 -p1
%build
++++++ pesign-sign-s390x-kernel.patch ++++++
Index: pesign-obs-integration/pesign-repackage.spec.in
===================================================================
--- pesign-obs-integration.orig/pesign-repackage.spec.in
+++ pesign-obs-integration/pesign-repackage.spec.in
@@ -122,6 +122,8 @@ for sig in "${sigs[@]}"; do
/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256
"$cert" "$f"
;;
/boot/* | *.efi.sig)
+%ifarch %ix86 x86_64 aarch64 %arm
+ # PE style signature injection
infile=${sig%.sig}
cpio -i --to-stdout ${infile#./}
<%_sourcedir/@[email protected] > ${infile}.sattrs
test -s ${infile}.sattrs || exit 1
@@ -134,6 +136,10 @@ for sig in "${sigs[@]}"; do
echo "hash mismatch error: $ohash $nhash"
exit 1
fi
+%else
+ # appending to the file itself, e.g. for s390x.
+ /usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256
"$cert" "$f"
+%endif
# Regenerate the HMAC if it exists
hmac="${f%%/*}/.${f##*/}.hmac"
if test -e "$hmac"; then
Index: pesign-obs-integration/brp-99-pesign
===================================================================
--- pesign-obs-integration.orig/brp-99-pesign
+++ pesign-obs-integration/brp-99-pesign
@@ -109,7 +109,12 @@ for f in "${files[@]}"; do
mkdir -p "${dest%/*}"
case "$f" in
./boot/* | *.efi)
- pesign --certdir="$nss_db" -i "$f" -E $dest
+ if [ -f /usr/bin/pesign ]; then
+ pesign --certdir="$nss_db" -i "$f" -E $dest
+ else
+ # Non PE architectures like s390x
+ cp "$f" "$dest"
+ fi
;;
*)
cp "$f" "$dest"
