Add support for non-koji signing in macros
Resolves: #1880858 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
parent
bdccb8412c
commit
b201f43f63
@ -0,0 +1,55 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Julian Sikorski <belegdol+github@gmail.com>
|
||||||
|
Date: Wed, 23 Mar 2022 20:54:03 +0100
|
||||||
|
Subject: [PATCH] Fix building signed kernels on setups other than koji
|
||||||
|
|
||||||
|
Thanks to Will Springer for the idea. Details at
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1880858
|
||||||
|
|
||||||
|
Signed-off-by: Julian Sikorski <belegdol+github@gmail.com>
|
||||||
|
Suggested-by: Will Springer <skirmisher@protonmail.com>
|
||||||
|
(cherry picked from commit 9969b1757a1941c9f57081b308026d687f6c0943)
|
||||||
|
---
|
||||||
|
src/pesign-rpmbuild-helper.in | 24 +++++++++++-------------
|
||||||
|
1 file changed, 11 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
||||||
|
index 0a845d2..c9d5570 100644
|
||||||
|
--- a/src/pesign-rpmbuild-helper.in
|
||||||
|
+++ b/src/pesign-rpmbuild-helper.in
|
||||||
|
@@ -172,24 +172,22 @@ main() {
|
||||||
|
USERNAME="${USERNAME:-$(id -un)}"
|
||||||
|
|
||||||
|
local socket="" || :
|
||||||
|
- if grep -q ID=fedora /etc/os-release \
|
||||||
|
+ if [[ -S /run/pesign/socket ]] ; then
|
||||||
|
+ socket=/run/pesign/socket
|
||||||
|
+ elif [[ -S /var/run/pesign/socket ]]; then
|
||||||
|
+ socket=/var/run/pesign/socket
|
||||||
|
+ elif grep -q ID=fedora /etc/os-release \
|
||||||
|
&& [[ "${rhelver}" -lt 7 ]] \
|
||||||
|
&& [[ "${USERNAME}" = "mockbuild" ]] \
|
||||||
|
&& [[ "${vendor}" = "Fedora Project" ]] \
|
||||||
|
&& [[ "${HOSTNAME}" =~ bkernel.* ]]
|
||||||
|
then
|
||||||
|
- if [[ -S /run/pesign/socket ]] ; then
|
||||||
|
- socket=/run/pesign/socket
|
||||||
|
- elif [[ -S /var/run/pesign/socket ]]; then
|
||||||
|
- socket=/var/run/pesign/socket
|
||||||
|
- else
|
||||||
|
- echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
|
||||||
|
- echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
||||||
|
- ls -ld /run/pesign /var/run/pesign 1>&2 ||:
|
||||||
|
- ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
|
||||||
|
- getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||||
|
- getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||||
|
- fi
|
||||||
|
+ echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
|
||||||
|
+ echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
||||||
|
+ ls -ld /run/pesign /var/run/pesign 1>&2 ||:
|
||||||
|
+ ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
|
||||||
|
+ getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||||
|
+ getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${rhelver}" -ge 7 ]] ; then
|
2
pesign.patches
Normal file
2
pesign.patches
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Patch0001: 0001-daemon-remove-always-true-comparison.patch
|
||||||
|
Patch0002: 0002-Fix-building-signed-kernels-on-setups-other-than-koj.patch
|
10
pesign.spec
10
pesign.spec
@ -6,7 +6,7 @@
|
|||||||
Name: pesign
|
Name: pesign
|
||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Version: 115
|
Version: 115
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
URL: https://github.com/rhboot/pesign
|
URL: https://github.com/rhboot/pesign
|
||||||
|
|
||||||
@ -46,8 +46,10 @@ BuildRequires: rh-signing-tools >= 1.20-2
|
|||||||
Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
|
Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
|
||||||
Source1: certs.tar.xz
|
Source1: certs.tar.xz
|
||||||
Source2: pesign.py
|
Source2: pesign.py
|
||||||
|
Source3: pesign.patches
|
||||||
|
|
||||||
Patch0001: 0001-daemon-remove-always-true-comparison.patch
|
# generate with tool
|
||||||
|
%include %{SOURCE3}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
@ -159,6 +161,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
|
|||||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 24 2022 Robbie Harwood <rharwood@redhat.com> - 115-2
|
||||||
|
- Add support for non-koji signing in macros
|
||||||
|
- Resolves: #1880858
|
||||||
|
|
||||||
* Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 115-1
|
* Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 115-1
|
||||||
- New upstream version (115)
|
- New upstream version (115)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user