import redhat-rpm-config-125-1.el8
This commit is contained in:
parent
678b3cc9bf
commit
a95bffd78c
111
SOURCES/gpgverify
Executable file
111
SOURCES/gpgverify
Executable file
@ -0,0 +1,111 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
|
||||
#
|
||||
# This material is provided as is, with absolutely no warranty expressed
|
||||
# or implied. Any use is at your own risk.
|
||||
#
|
||||
# Permission is hereby granted to use or copy this shellscript
|
||||
# for any purpose, provided the above notices are retained on all copies.
|
||||
# Permission to modify the code and to distribute modified code is granted,
|
||||
# provided the above notices are retained, and a notice that the code was
|
||||
# modified is included with the above copyright notice.
|
||||
|
||||
|
||||
function print_help {
|
||||
cat <<'EOF'
|
||||
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
|
||||
|
||||
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
|
||||
verifies a file against a detached OpenPGP signature and a keyring. The keyring
|
||||
shall contain all the keys that are trusted to certify the authenticity of the
|
||||
file, and must not contain any untrusted keys.
|
||||
|
||||
The differences, compared to invoking gpgv directly, are that gpgverify accepts
|
||||
the keyring in either ASCII-armored or unarmored form, and that it will not
|
||||
accidentally use a default keyring in addition to the specified one.
|
||||
|
||||
Parameters:
|
||||
--keyring=<pathname> keyring with all the trusted keys and no others
|
||||
--signature=<pathname> detached signature to verify
|
||||
--data=<pathname> file to verify against the signature
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
fatal_error() {
|
||||
message="$1" # an error message
|
||||
status=$2 # a number to use as the exit code
|
||||
echo "gpgverify: $message" >&2
|
||||
exit $status
|
||||
}
|
||||
|
||||
|
||||
require_parameter() {
|
||||
term="$1" # a term for a required parameter
|
||||
value="$2" # Complain and terminate if this value is empty.
|
||||
if test -z "${value}" ; then
|
||||
fatal_error "No ${term} was provided." 2
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
check_status() {
|
||||
action="$1" # a string that describes the action that was attempted
|
||||
status=$2 # the exit code of the command
|
||||
if test $status -ne 0 ; then
|
||||
fatal_error "$action failed." $status
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Parse the command line.
|
||||
keyring=
|
||||
signature=
|
||||
data=
|
||||
for parameter in "$@" ; do
|
||||
case "${parameter}" in
|
||||
(--help)
|
||||
print_help
|
||||
exit
|
||||
;;
|
||||
(--keyring=*)
|
||||
keyring="${parameter#*=}"
|
||||
;;
|
||||
(--signature=*)
|
||||
signature="${parameter#*=}"
|
||||
;;
|
||||
(--data=*)
|
||||
data="${parameter#*=}"
|
||||
;;
|
||||
(*)
|
||||
fatal_error "Unknown parameter: \"${parameter}\"" 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
require_parameter 'keyring' "${keyring}"
|
||||
require_parameter 'signature' "${signature}"
|
||||
require_parameter 'data file' "${data}"
|
||||
|
||||
# Make a temporary working directory.
|
||||
workdir="$(mktemp --directory)"
|
||||
check_status 'Making a temporary directory' $?
|
||||
workring="${workdir}/keyring.gpg"
|
||||
|
||||
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
|
||||
# ASCII-armored.
|
||||
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
|
||||
check_status 'Decoding the keyring' $?
|
||||
|
||||
# Verify the signature using the decoded keyring.
|
||||
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
|
||||
check_status 'Signature verification' $?
|
||||
|
||||
# (--homedir isn't actually necessary. --dearmor processes only the input file,
|
||||
# and if --keyring is used and contains a slash, then gpgv2 uses only that
|
||||
# keyring. Thus neither command will look for a default keyring, but --homedir
|
||||
# makes extra double sure that no default keyring will be touched in case
|
||||
# another version of GPG works differently.)
|
||||
|
||||
# Clean up. (This is not done in case of an error that may need inspection.)
|
||||
rm --recursive --force ${workdir}
|
79
SOURCES/macros.fedora-misc
Normal file
79
SOURCES/macros.fedora-misc
Normal file
@ -0,0 +1,79 @@
|
||||
# Some miscellaneous Fedora-related macros
|
||||
|
||||
# List files matching inclusion globs, excluding files matching exclusion blogs
|
||||
# Optional parameters:
|
||||
# – -i "<globs>" inclusion globs
|
||||
# – -x "<globs>" exclusion globs
|
||||
# Globs are space-separated lists of shell globs. Such lists require %{quote:}
|
||||
# use for safe rpm argument passing.
|
||||
# Alternatively, set the following rpm variables before calling the macro:
|
||||
# – “listfiles_include” inclusion globs
|
||||
# — “listfiles_exclude” exclusion globs
|
||||
# Arguments passed to the macro without flags will be interpreted as inclusion
|
||||
# globs.
|
||||
%listfiles(i:x:) %{expand:
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
|
||||
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
|
||||
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
|
||||
while IFS= read -r finc ; do
|
||||
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
|
||||
| sort -u | grep -q "${finc}" || echo "${finc}"
|
||||
done <<< "${listfiles_include}"
|
||||
%else
|
||||
echo "${listfiles_include}"
|
||||
%endif
|
||||
%endif
|
||||
}
|
||||
|
||||
# https://github.com/rpm-software-management/rpm/issues/581
|
||||
# Write the contents of a list of rpm variables to a macro file.
|
||||
# The target file must contain the corresponding anchors.
|
||||
# For example %writevars -f myfile foo bar will replace:
|
||||
# @@FOO@@ with the rpm evaluation of %{foo} and
|
||||
# @@BAR@@ with the rpm evaluation of %{bar}
|
||||
# in myfile
|
||||
%writevars(f:) %{lua:
|
||||
local fedora = require "fedora.common"
|
||||
local macrofile = rpm.expand("%{-f*}")
|
||||
local rpmvars = {}
|
||||
for i = 1, rpm.expand("%#") do
|
||||
table.insert(rpmvars, rpm.expand("%" .. i))
|
||||
end
|
||||
fedora.writevars(macrofile,rpmvars)
|
||||
}
|
||||
|
||||
# gpgverify verifies signed sources. There is documentation in the script.
|
||||
%gpgverify(k:s:d:) %{lua:
|
||||
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||
local keyring = rpm.expand("%{-k*}")
|
||||
local signature = rpm.expand("%{-s*}")
|
||||
local data = rpm.expand("%{-d*}")
|
||||
print(script)
|
||||
if keyring ~= "" then
|
||||
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||
end
|
||||
if signature ~= "" then
|
||||
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||
end
|
||||
if data ~= "" then
|
||||
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||
end
|
||||
}
|
||||
|
||||
# gpgverify verifies signed sources. There is documentation in the script.
|
||||
%gpgverify(k:s:d:) %{lua:
|
||||
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||
local keyring = rpm.expand("%{-k*}")
|
||||
local signature = rpm.expand("%{-s*}")
|
||||
local data = rpm.expand("%{-d*}")
|
||||
print(script)
|
||||
if keyring ~= "" then
|
||||
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||
end
|
||||
if signature ~= "" then
|
||||
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||
end
|
||||
if data ~= "" then
|
||||
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||
end
|
||||
}
|
3
SOURCES/macros.kernel-srpm
Normal file
3
SOURCES/macros.kernel-srpm
Normal file
@ -0,0 +1,3 @@
|
||||
# kernel_arches lists what arches the full kernel is built for.
|
||||
|
||||
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}
|
@ -6,7 +6,7 @@
|
||||
|
||||
Summary: Red Hat specific rpm configuration files
|
||||
Name: redhat-rpm-config
|
||||
Version: 123
|
||||
Version: 125
|
||||
Release: 1%{?dist}
|
||||
# No version specified.
|
||||
License: GPL+
|
||||
@ -45,6 +45,8 @@ Source151: macros.kmp
|
||||
Source152: macros.vpath
|
||||
Source153: macros.forge
|
||||
Source154: macros.ldconfig
|
||||
Source155: macros.kernel-srpm
|
||||
Source156: macros.fedora-misc
|
||||
|
||||
# Build policy scripts
|
||||
# this comes from https://github.com/rpm-software-management/rpm/pull/344
|
||||
@ -65,6 +67,7 @@ Source400: dist.sh
|
||||
Source401: rpmsort
|
||||
Source402: symset-table
|
||||
Source403: kmodtool
|
||||
Source404: gpgverify
|
||||
|
||||
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
|
||||
Source500: config.guess
|
||||
@ -143,6 +146,7 @@ install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
|
||||
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
|
||||
|
||||
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
|
||||
@ -168,6 +172,7 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
||||
%{rrcdir}/brp-mangle-shebangs
|
||||
%{rrcdir}/brp-ldconfig
|
||||
%{rrcdir}/dist.sh
|
||||
%{rrcdir}/gpgverify
|
||||
%{rrcdir}/redhat-hardened-*
|
||||
%{rrcdir}/redhat-annobin-*
|
||||
%{rrcdir}/config.*
|
||||
@ -181,6 +186,8 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
||||
%{_rpmconfigdir}/macros.d/macros.forge
|
||||
%{_rpmconfigdir}/macros.d/macros.ldconfig
|
||||
%{_rpmconfigdir}/macros.d/macros.vpath
|
||||
%{_rpmconfigdir}/macros.d/macros.kernel-srpm
|
||||
%{_rpmconfigdir}/macros.d/macros.fedora-misc
|
||||
%{_rpmconfigdir}/kabi.sh
|
||||
%doc buildflags.md
|
||||
|
||||
@ -198,6 +205,13 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
||||
%{_rpmconfigdir}/macros.d/macros.kmp
|
||||
|
||||
%changelog
|
||||
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
|
||||
- Add missing macros.fedora-misc file (#1874576)
|
||||
|
||||
* Mon Nov 09 2020 Florian Festi <ffesti@redhat.com> - 124-1
|
||||
- Add macros.kernel-srpm (#1874578)
|
||||
- Added gpgverify (#1874576)
|
||||
|
||||
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
|
||||
- Update kmod.prov for better performance (#1794491)
|
||||
- Backport performance improvements for brp-mangle-shebangs (#1794779)
|
||||
|
Loading…
Reference in New Issue
Block a user