Add support for non-koji signing in macros
Resolves: #1880858 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
parent
bdccb8412c
commit
b201f43f63
@ -0,0 +1,55 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Julian Sikorski <belegdol+github@gmail.com>
|
||||
Date: Wed, 23 Mar 2022 20:54:03 +0100
|
||||
Subject: [PATCH] Fix building signed kernels on setups other than koji
|
||||
|
||||
Thanks to Will Springer for the idea. Details at
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1880858
|
||||
|
||||
Signed-off-by: Julian Sikorski <belegdol+github@gmail.com>
|
||||
Suggested-by: Will Springer <skirmisher@protonmail.com>
|
||||
(cherry picked from commit 9969b1757a1941c9f57081b308026d687f6c0943)
|
||||
---
|
||||
src/pesign-rpmbuild-helper.in | 24 +++++++++++-------------
|
||||
1 file changed, 11 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
||||
index 0a845d2..c9d5570 100644
|
||||
--- a/src/pesign-rpmbuild-helper.in
|
||||
+++ b/src/pesign-rpmbuild-helper.in
|
||||
@@ -172,24 +172,22 @@ main() {
|
||||
USERNAME="${USERNAME:-$(id -un)}"
|
||||
|
||||
local socket="" || :
|
||||
- if grep -q ID=fedora /etc/os-release \
|
||||
+ if [[ -S /run/pesign/socket ]] ; then
|
||||
+ socket=/run/pesign/socket
|
||||
+ elif [[ -S /var/run/pesign/socket ]]; then
|
||||
+ socket=/var/run/pesign/socket
|
||||
+ elif grep -q ID=fedora /etc/os-release \
|
||||
&& [[ "${rhelver}" -lt 7 ]] \
|
||||
&& [[ "${USERNAME}" = "mockbuild" ]] \
|
||||
&& [[ "${vendor}" = "Fedora Project" ]] \
|
||||
&& [[ "${HOSTNAME}" =~ bkernel.* ]]
|
||||
then
|
||||
- if [[ -S /run/pesign/socket ]] ; then
|
||||
- socket=/run/pesign/socket
|
||||
- elif [[ -S /var/run/pesign/socket ]]; then
|
||||
- socket=/var/run/pesign/socket
|
||||
- else
|
||||
- echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
|
||||
- echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
||||
- ls -ld /run/pesign /var/run/pesign 1>&2 ||:
|
||||
- ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
|
||||
- getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||
- getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||
- fi
|
||||
+ echo "Warning: no pesign socket even though user is ${USERNAME}" 1>&2
|
||||
+ echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
||||
+ ls -ld /run/pesign /var/run/pesign 1>&2 ||:
|
||||
+ ls -l /run/pesign/socket /var/run/pesign/socket 1>&2 ||:
|
||||
+ getfacl /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||
+ getfacl -n /run/pesign /run/pesign/socket /var/run/pesign /var/run/pesign/socket 1>&2 ||:
|
||||
fi
|
||||
|
||||
if [[ "${rhelver}" -ge 7 ]] ; then
|
2
pesign.patches
Normal file
2
pesign.patches
Normal file
@ -0,0 +1,2 @@
|
||||
Patch0001: 0001-daemon-remove-always-true-comparison.patch
|
||||
Patch0002: 0002-Fix-building-signed-kernels-on-setups-other-than-koj.patch
|
10
pesign.spec
10
pesign.spec
@ -6,7 +6,7 @@
|
||||
Name: pesign
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Version: 115
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPL-2.0-only
|
||||
URL: https://github.com/rhboot/pesign
|
||||
|
||||
@ -46,8 +46,10 @@ BuildRequires: rh-signing-tools >= 1.20-2
|
||||
Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
|
||||
Source1: certs.tar.xz
|
||||
Source2: pesign.py
|
||||
Source3: pesign.patches
|
||||
|
||||
Patch0001: 0001-daemon-remove-always-true-comparison.patch
|
||||
# generate with tool
|
||||
%include %{SOURCE3}
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
@ -159,6 +161,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
|
||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||
|
||||
%changelog
|
||||
* Thu Mar 24 2022 Robbie Harwood <rharwood@redhat.com> - 115-2
|
||||
- Add support for non-koji signing in macros
|
||||
- Resolves: #1880858
|
||||
|
||||
* Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 115-1
|
||||
- New upstream version (115)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user