Hello community,
here is the log from the commit of package pesign-obs-integration for
openSUSE:Factory checked in at 2020-04-04 12:16:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign-obs-integration (Old)
and /work/SRC/openSUSE:Factory/.pesign-obs-integration.new.3248 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign-obs-integration"
Sat Apr 4 12:16:49 2020 rev:38 rq:789640 version:10.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/pesign-obs-integration/pesign-obs-integration.changes
2020-02-25 16:01:44.132005990 +0100
+++
/work/SRC/openSUSE:Factory/.pesign-obs-integration.new.3248/pesign-obs-integration.changes
2020-04-04 12:16:55.099490002 +0200
@@ -1,0 +2,6 @@
+Wed Feb 26 13:35:18 UTC 2020 - Marcus Meissner <[email protected]>
+
+- pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x)
+ kernels with just kernel-sign-file (bsc#1163524)
+
+-------------------------------------------------------------------
New:
----
pesign-sign-s390x-kernel.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign-obs-integration.spec ++++++
--- /var/tmp/diff_new_pack.ZFgotU/_old 2020-04-04 12:16:57.811492762 +0200
+++ /var/tmp/diff_new_pack.ZFgotU/_new 2020-04-04 12:16:57.811492762 +0200
@@ -39,6 +39,8 @@
Patch5: 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
# https://github.com/openSUSE/pesign-obs-integration/pull/17
Patch6: 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
+# https://github.com/openSUSE/pesign-obs-integration/pull/18
+Patch7: pesign-sign-s390x-kernel.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# suse-module-tools <= 15.0.10 contains modsign-verify
Requires: suse-module-tools >= 15.0.10
@@ -55,6 +57,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
++++++ pesign-sign-s390x-kernel.patch ++++++
Index: pesign-obs-integration/pesign-repackage.spec.in
===================================================================
--- pesign-obs-integration.orig/pesign-repackage.spec.in
+++ pesign-obs-integration/pesign-repackage.spec.in
@@ -122,6 +122,8 @@ for sig in "${sigs[@]}"; do
/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256
"$cert" "$f"
;;
/boot/* | *.efi.sig)
+%ifarch %ix86 x86_64 aarch64 %arm
+ # PE style signature injection
infile=${sig%.sig}
cpio -i --to-stdout ${infile#./}
<%_sourcedir/@[email protected] > ${infile}.sattrs
test -s ${infile}.sattrs || exit 1
@@ -134,6 +136,10 @@ for sig in "${sigs[@]}"; do
echo "hash mismatch error: $ohash $nhash"
exit 1
fi
+%else
+ # appending to the file itself, e.g. for s390x.
+ /usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256
"$cert" "$f"
+%endif
# Regenerate the HMAC if it exists
hmac="${f%%/*}/.${f##*/}.hmac"
if test -e "$hmac"; then
Index: pesign-obs-integration/brp-99-pesign
===================================================================
--- pesign-obs-integration.orig/brp-99-pesign
+++ pesign-obs-integration/brp-99-pesign
@@ -109,7 +109,12 @@ for f in "${files[@]}"; do
mkdir -p "${dest%/*}"
case "$f" in
./boot/* | *.efi)
- pesign --certdir="$nss_db" -i "$f" -E $dest
+ if [ -f /usr/bin/pesign ]; then
+ pesign --certdir="$nss_db" -i "$f" -E $dest
+ else
+ # Non PE architectures like s390x
+ cp "$f" "$dest"
+ fi
;;
*)
cp "$f" "$dest"
