39 changed files with 24 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 SOURCES/certs.tar.xz
 SOURCES/pesign-0.112.tar.bz2
+/certs.tar.xz
+/pesign-0.112.tar.bz2
--- a/.pesign.metadata
+++ b/.pesign.metadata
@ -1,2 +0,0 @@
-53d9b43ef6eadb4512ce9738b5a6efbb40477983 SOURCES/certs.tar.xz
-7cba5cfddabc425d0a927edfdd6865cc92f00c7b SOURCES/pesign-0.112.tar.bz2
--- a/SOURCES/0001-cms-kill-generate_integer-it-doesn-t-build-on-i686-a.patch
+++ b/SOURCES/0001-cms-kill-generate_integer-it-doesn-t-build-on-i686-a.patch
--- a/SOURCES/0002-Fix-command-line-parsing.patch
+++ b/SOURCES/0002-Fix-command-line-parsing.patch
--- a/SOURCES/0003-gcc-don-t-error-on-stuff-in-includes.patch
+++ b/SOURCES/0003-gcc-don-t-error-on-stuff-in-includes.patch
--- a/SOURCES/0004-Fix-certficate-argument-name.patch
+++ b/SOURCES/0004-Fix-certficate-argument-name.patch
--- a/SOURCES/0005-Fix-description-of-ascii-armor-option-in-manpage.patch
+++ b/SOURCES/0005-Fix-description-of-ascii-armor-option-in-manpage.patch
--- a/SOURCES/0006-Make-ascii-work-since-we-documented-it.patch
+++ b/SOURCES/0006-Make-ascii-work-since-we-documented-it.patch
--- a/SOURCES/0007-Switch-pesign-client-to-also-accept-token-cert-macro.patch
+++ b/SOURCES/0007-Switch-pesign-client-to-also-accept-token-cert-macro.patch
--- a/SOURCES/0008-pesigcheck-Verify-with-the-cert-as-an-object-signer.patch
+++ b/SOURCES/0008-pesigcheck-Verify-with-the-cert-as-an-object-signer.patch
--- a/SOURCES/0009-pesigcheck-make-certfile-actually-work.patch
+++ b/SOURCES/0009-pesigcheck-make-certfile-actually-work.patch
--- a/SOURCES/0010-signerInfos-make-sure-err-is-always-initialized.patch
+++ b/SOURCES/0010-signerInfos-make-sure-err-is-always-initialized.patch
--- a/SOURCES/0011-pesign-make-pesign-h-tell-you-the-file-name.patch
+++ b/SOURCES/0011-pesign-make-pesign-h-tell-you-the-file-name.patch
--- a/SOURCES/0012-Add-coverity-build-scripts.patch
+++ b/SOURCES/0012-Add-coverity-build-scripts.patch
--- a/SOURCES/0013-Document-implicit-fallthrough.patch
+++ b/SOURCES/0013-Document-implicit-fallthrough.patch
--- a/SOURCES/0014-Actually-setfacl-each-directory-of-our-key-storage.patch
+++ b/SOURCES/0014-Actually-setfacl-each-directory-of-our-key-storage.patch
--- a/SOURCES/0015-oid-add-SHIM_EKU_MODULE_SIGNING_ONLY-and-fix-our-arr.patch
+++ b/SOURCES/0015-oid-add-SHIM_EKU_MODULE_SIGNING_ONLY-and-fix-our-arr.patch
--- a/SOURCES/0016-efikeygen-add-modsign.patch
+++ b/SOURCES/0016-efikeygen-add-modsign.patch
--- a/SOURCES/0017-check_cert_db-try-even-harder-to-pick-a-reasonable-v.patch
+++ b/SOURCES/0017-check_cert_db-try-even-harder-to-pick-a-reasonable-v.patch
--- a/SOURCES/0018-show-which-db-we-re-checking.patch
+++ b/SOURCES/0018-show-which-db-we-re-checking.patch
--- a/SOURCES/0019-more-about-the-time.patch
+++ b/SOURCES/0019-more-about-the-time.patch
--- a/SOURCES/0020-try-to-say-why-something-fails.patch
+++ b/SOURCES/0020-try-to-say-why-something-fails.patch
--- a/SOURCES/0021-Fix-race-condition-in-SEC_GetPassword.patch
+++ b/SOURCES/0021-Fix-race-condition-in-SEC_GetPassword.patch
--- a/SOURCES/0022-sysvinit-Create-the-socket-directory-at-runtime.patch
+++ b/SOURCES/0022-sysvinit-Create-the-socket-directory-at-runtime.patch
--- a/SOURCES/0023-Better-authorization-scripts.-Again.patch
+++ b/SOURCES/0023-Better-authorization-scripts.-Again.patch
--- a/SOURCES/0024-Make-the-daemon-also-try-to-give-better-errors-on-EP.patch
+++ b/SOURCES/0024-Make-the-daemon-also-try-to-give-better-errors-on-EP.patch
--- a/SOURCES/0025-certdb-fix-PRTime-printfs-for-i686.patch
+++ b/SOURCES/0025-certdb-fix-PRTime-printfs-for-i686.patch
--- a/SOURCES/0026-Clean-up-gcc-command-lines-a-little.patch
+++ b/SOURCES/0026-Clean-up-gcc-command-lines-a-little.patch
--- a/SOURCES/0027-Make-pesign-users-groups-static-in-the-repo.patch
+++ b/SOURCES/0027-Make-pesign-users-groups-static-in-the-repo.patch
--- a/SOURCES/0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
+++ b/SOURCES/0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
--- a/SOURCES/0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
+++ b/SOURCES/0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
--- a/SOURCES/0030-Replace-var-run-with-run.patch
+++ b/SOURCES/0030-Replace-var-run-with-run.patch
--- a/SOURCES/0031-efikeygen-Fix-the-build-with-nss-3.44.patch
+++ b/SOURCES/0031-efikeygen-Fix-the-build-with-nss-3.44.patch
--- a/SOURCES/0032-fix-the-build-with-nss-3.44.patch
+++ b/SOURCES/0032-fix-the-build-with-nss-3.44.patch
@ -1,45 +0,0 @@
-From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 14 May 2019 11:28:38 -0400
-Subject: [PATCH] efikeygen: Fix the build with nss 3.44
-
-NSS 3.44 adds some certificate types, which changes a type and makes
-some encoding stuff weird.  As a result, we get:
-
-gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe  -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing  -g -O0 -g -O0  -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/  -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr  -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o
-In file included from /usr/local/include/nss/nss/cert.h:22,
-                 from efikeygen.c:39:
-efikeygen.c: In function 'add_cert_type':
-/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]
-     (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
-     ^
-efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'
-  unsigned char type = NS_CERT_TYPE_APP;
-                       ^~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-
-This is fixed by just making it an int.
-
-Fixes github issue #48.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- src/efikeygen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/efikeygen.c b/src/efikeygen.c
-index ede76ef..2cd953e 100644
--- a/src/efikeygen.c
-+++ b/src/efikeygen.c
-@@ -208,7 +208,7 @@ static int
- add_cert_type(cms_context *cms, void *extHandle, int is_ca)
- {
- 	SECItem bitStringValue;
-	unsigned char type = NS_CERT_TYPE_APP;
-+	int type = NS_CERT_TYPE_APP;
- 
- 	if (is_ca)
- 		type |= NS_CERT_TYPE_SSL_CA |
-- 
-2.21.0
-
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.hardware-pesign.tier0.functional}
--- a/SOURCES/pesign.py
+++ b/SOURCES/pesign.py
--- a/SPECS/pesign.spec
+++ b/SPECS/pesign.spec
@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 0.112
-Release: 26%{?dist}.alma
+Release: 26%{?dist}
 License: GPLv2
 URL:     https://github.com/vathpela/pesign

@ -61,7 +61,6 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
 Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
 Patch0030: 0030-Replace-var-run-with-run.patch
 Patch0031: 0031-efikeygen-Fix-the-build-with-nss-3.44.patch
-Patch0032: 0032-fix-the-build-with-nss-3.44.patch

 %description
 This package contains the pesign utility for signing UEFI binaries as
@ -166,9 +165,6 @@ exit 0
 %{python3_sitelib}/mockbuild/plugins/pesign.*

 %changelog
-* Fri Apr 01 2022 Eduard Abdullin <eabdullin@almalinux.org> - 0.112-26.alma
- AlmaLinux changes
-
 * Mon Nov 08 2021 Robbie Harwood <rharwood@redhat.com> - 0.112-26
 - Perform the /var/run to /run "migration" stupidity
 - Resolves: rhbz#1801976
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -0,0 +1,13 @@
+---
+inspections:
+  # Not a Java package
+  javabytecode: off
+
+  # These just flag when things change "too much"
+  changedfiles: off
+  filesize: off
+  patches: off
+  upstream: off
+
+  # https://bugzilla.redhat.com/show_bug.cgi?id=2010936
+  annocheck: off
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (certs.tar.xz) = 5df34f507a365ef87320776c99cbfad76365693901c71eaf64fec008afb9acfd7b615da5906b92a070c864e74f44934395c3f474ce5b33844cfa3df49a8ad188
+SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c