import redhat-rpm-config-125-1.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:48:30 -04:00 committed by Andrew Lukoshko
parent 678b3cc9bf
commit a95bffd78c
4 changed files with 208 additions and 1 deletions

111
SOURCES/gpgverify Executable file
View File

@ -0,0 +1,111 @@
#!/bin/bash
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
#
# This material is provided as is, with absolutely no warranty expressed
# or implied. Any use is at your own risk.
#
# Permission is hereby granted to use or copy this shellscript
# for any purpose, provided the above notices are retained on all copies.
# Permission to modify the code and to distribute modified code is granted,
# provided the above notices are retained, and a notice that the code was
# modified is included with the above copyright notice.
function print_help {
cat <<'EOF'
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
verifies a file against a detached OpenPGP signature and a keyring. The keyring
shall contain all the keys that are trusted to certify the authenticity of the
file, and must not contain any untrusted keys.
The differences, compared to invoking gpgv directly, are that gpgverify accepts
the keyring in either ASCII-armored or unarmored form, and that it will not
accidentally use a default keyring in addition to the specified one.
Parameters:
--keyring=<pathname> keyring with all the trusted keys and no others
--signature=<pathname> detached signature to verify
--data=<pathname> file to verify against the signature
EOF
}
fatal_error() {
message="$1" # an error message
status=$2 # a number to use as the exit code
echo "gpgverify: $message" >&2
exit $status
}
require_parameter() {
term="$1" # a term for a required parameter
value="$2" # Complain and terminate if this value is empty.
if test -z "${value}" ; then
fatal_error "No ${term} was provided." 2
fi
}
check_status() {
action="$1" # a string that describes the action that was attempted
status=$2 # the exit code of the command
if test $status -ne 0 ; then
fatal_error "$action failed." $status
fi
}
# Parse the command line.
keyring=
signature=
data=
for parameter in "$@" ; do
case "${parameter}" in
(--help)
print_help
exit
;;
(--keyring=*)
keyring="${parameter#*=}"
;;
(--signature=*)
signature="${parameter#*=}"
;;
(--data=*)
data="${parameter#*=}"
;;
(*)
fatal_error "Unknown parameter: \"${parameter}\"" 2
;;
esac
done
require_parameter 'keyring' "${keyring}"
require_parameter 'signature' "${signature}"
require_parameter 'data file' "${data}"
# Make a temporary working directory.
workdir="$(mktemp --directory)"
check_status 'Making a temporary directory' $?
workring="${workdir}/keyring.gpg"
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
# ASCII-armored.
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
check_status 'Decoding the keyring' $?
# Verify the signature using the decoded keyring.
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
check_status 'Signature verification' $?
# (--homedir isn't actually necessary. --dearmor processes only the input file,
# and if --keyring is used and contains a slash, then gpgv2 uses only that
# keyring. Thus neither command will look for a default keyring, but --homedir
# makes extra double sure that no default keyring will be touched in case
# another version of GPG works differently.)
# Clean up. (This is not done in case of an error that may need inspection.)
rm --recursive --force ${workdir}

View File

@ -0,0 +1,79 @@
# Some miscellaneous Fedora-related macros
# List files matching inclusion globs, excluding files matching exclusion blogs
# Optional parameters:
# -i "<globs>" inclusion globs
# -x "<globs>" exclusion globs
# Globs are space-separated lists of shell globs. Such lists require %{quote:}
# use for safe rpm argument passing.
# Alternatively, set the following rpm variables before calling the macro:
# “listfiles_include” inclusion globs
# — “listfiles_exclude” exclusion globs
# Arguments passed to the macro without flags will be interpreted as inclusion
# globs.
%listfiles(i:x:) %{expand:
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
while IFS= read -r finc ; do
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
| sort -u | grep -q "${finc}" || echo "${finc}"
done <<< "${listfiles_include}"
%else
echo "${listfiles_include}"
%endif
%endif
}
# https://github.com/rpm-software-management/rpm/issues/581
# Write the contents of a list of rpm variables to a macro file.
# The target file must contain the corresponding anchors.
# For example %writevars -f myfile foo bar will replace:
# @@FOO@@ with the rpm evaluation of %{foo} and
# @@BAR@@ with the rpm evaluation of %{bar}
# in myfile
%writevars(f:) %{lua:
local fedora = require "fedora.common"
local macrofile = rpm.expand("%{-f*}")
local rpmvars = {}
for i = 1, rpm.expand("%#") do
table.insert(rpmvars, rpm.expand("%" .. i))
end
fedora.writevars(macrofile,rpmvars)
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}

View File

@ -0,0 +1,3 @@
# kernel_arches lists what arches the full kernel is built for.
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}

View File

@ -6,7 +6,7 @@
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 123
Version: 125
Release: 1%{?dist}
# No version specified.
License: GPL+
@ -45,6 +45,8 @@ Source151: macros.kmp
Source152: macros.vpath
Source153: macros.forge
Source154: macros.ldconfig
Source155: macros.kernel-srpm
Source156: macros.fedora-misc
# Build policy scripts
# this comes from https://github.com/rpm-software-management/rpm/pull/344
@ -65,6 +67,7 @@ Source400: dist.sh
Source401: rpmsort
Source402: symset-table
Source403: kmodtool
Source404: gpgverify
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
Source500: config.guess
@ -143,6 +146,7 @@ install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
@ -168,6 +172,7 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{rrcdir}/brp-mangle-shebangs
%{rrcdir}/brp-ldconfig
%{rrcdir}/dist.sh
%{rrcdir}/gpgverify
%{rrcdir}/redhat-hardened-*
%{rrcdir}/redhat-annobin-*
%{rrcdir}/config.*
@ -181,6 +186,8 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.forge
%{_rpmconfigdir}/macros.d/macros.ldconfig
%{_rpmconfigdir}/macros.d/macros.vpath
%{_rpmconfigdir}/macros.d/macros.kernel-srpm
%{_rpmconfigdir}/macros.d/macros.fedora-misc
%{_rpmconfigdir}/kabi.sh
%doc buildflags.md
@ -198,6 +205,13 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
%{_rpmconfigdir}/macros.d/macros.kmp
%changelog
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
- Add missing macros.fedora-misc file (#1874576)
* Mon Nov 09 2020 Florian Festi <ffesti@redhat.com> - 124-1
- Add macros.kernel-srpm (#1874578)
- Added gpgverify (#1874576)
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
- Update kmod.prov for better performance (#1794491)
- Backport performance improvements for brp-mangle-shebangs (#1794779)