import redhat-rpm-config-125-1.el8
This commit is contained in:
parent
678b3cc9bf
commit
a95bffd78c
111
SOURCES/gpgverify
Executable file
111
SOURCES/gpgverify
Executable file
@ -0,0 +1,111 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
|
||||||
|
#
|
||||||
|
# This material is provided as is, with absolutely no warranty expressed
|
||||||
|
# or implied. Any use is at your own risk.
|
||||||
|
#
|
||||||
|
# Permission is hereby granted to use or copy this shellscript
|
||||||
|
# for any purpose, provided the above notices are retained on all copies.
|
||||||
|
# Permission to modify the code and to distribute modified code is granted,
|
||||||
|
# provided the above notices are retained, and a notice that the code was
|
||||||
|
# modified is included with the above copyright notice.
|
||||||
|
|
||||||
|
|
||||||
|
function print_help {
|
||||||
|
cat <<'EOF'
|
||||||
|
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
|
||||||
|
|
||||||
|
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
|
||||||
|
verifies a file against a detached OpenPGP signature and a keyring. The keyring
|
||||||
|
shall contain all the keys that are trusted to certify the authenticity of the
|
||||||
|
file, and must not contain any untrusted keys.
|
||||||
|
|
||||||
|
The differences, compared to invoking gpgv directly, are that gpgverify accepts
|
||||||
|
the keyring in either ASCII-armored or unarmored form, and that it will not
|
||||||
|
accidentally use a default keyring in addition to the specified one.
|
||||||
|
|
||||||
|
Parameters:
|
||||||
|
--keyring=<pathname> keyring with all the trusted keys and no others
|
||||||
|
--signature=<pathname> detached signature to verify
|
||||||
|
--data=<pathname> file to verify against the signature
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fatal_error() {
|
||||||
|
message="$1" # an error message
|
||||||
|
status=$2 # a number to use as the exit code
|
||||||
|
echo "gpgverify: $message" >&2
|
||||||
|
exit $status
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
require_parameter() {
|
||||||
|
term="$1" # a term for a required parameter
|
||||||
|
value="$2" # Complain and terminate if this value is empty.
|
||||||
|
if test -z "${value}" ; then
|
||||||
|
fatal_error "No ${term} was provided." 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
check_status() {
|
||||||
|
action="$1" # a string that describes the action that was attempted
|
||||||
|
status=$2 # the exit code of the command
|
||||||
|
if test $status -ne 0 ; then
|
||||||
|
fatal_error "$action failed." $status
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Parse the command line.
|
||||||
|
keyring=
|
||||||
|
signature=
|
||||||
|
data=
|
||||||
|
for parameter in "$@" ; do
|
||||||
|
case "${parameter}" in
|
||||||
|
(--help)
|
||||||
|
print_help
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
(--keyring=*)
|
||||||
|
keyring="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--signature=*)
|
||||||
|
signature="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(--data=*)
|
||||||
|
data="${parameter#*=}"
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
fatal_error "Unknown parameter: \"${parameter}\"" 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
require_parameter 'keyring' "${keyring}"
|
||||||
|
require_parameter 'signature' "${signature}"
|
||||||
|
require_parameter 'data file' "${data}"
|
||||||
|
|
||||||
|
# Make a temporary working directory.
|
||||||
|
workdir="$(mktemp --directory)"
|
||||||
|
check_status 'Making a temporary directory' $?
|
||||||
|
workring="${workdir}/keyring.gpg"
|
||||||
|
|
||||||
|
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
|
||||||
|
# ASCII-armored.
|
||||||
|
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
|
||||||
|
check_status 'Decoding the keyring' $?
|
||||||
|
|
||||||
|
# Verify the signature using the decoded keyring.
|
||||||
|
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
|
||||||
|
check_status 'Signature verification' $?
|
||||||
|
|
||||||
|
# (--homedir isn't actually necessary. --dearmor processes only the input file,
|
||||||
|
# and if --keyring is used and contains a slash, then gpgv2 uses only that
|
||||||
|
# keyring. Thus neither command will look for a default keyring, but --homedir
|
||||||
|
# makes extra double sure that no default keyring will be touched in case
|
||||||
|
# another version of GPG works differently.)
|
||||||
|
|
||||||
|
# Clean up. (This is not done in case of an error that may need inspection.)
|
||||||
|
rm --recursive --force ${workdir}
|
79
SOURCES/macros.fedora-misc
Normal file
79
SOURCES/macros.fedora-misc
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
# Some miscellaneous Fedora-related macros
|
||||||
|
|
||||||
|
# List files matching inclusion globs, excluding files matching exclusion blogs
|
||||||
|
# Optional parameters:
|
||||||
|
# – -i "<globs>" inclusion globs
|
||||||
|
# – -x "<globs>" exclusion globs
|
||||||
|
# Globs are space-separated lists of shell globs. Such lists require %{quote:}
|
||||||
|
# use for safe rpm argument passing.
|
||||||
|
# Alternatively, set the following rpm variables before calling the macro:
|
||||||
|
# – “listfiles_include” inclusion globs
|
||||||
|
# — “listfiles_exclude” exclusion globs
|
||||||
|
# Arguments passed to the macro without flags will be interpreted as inclusion
|
||||||
|
# globs.
|
||||||
|
%listfiles(i:x:) %{expand:
|
||||||
|
%if %{lua: print(string.len(rpm.expand("%{?-i*}%{?listfiles_include}%*")))}
|
||||||
|
listfiles_include=$(realpath -e --relative-base=. %{?-i*} %{?listfiles_include} %* | sort -u)
|
||||||
|
%if %{lua: print(string.len(rpm.expand("%{?-x*}%{?listfiles_exclude}")))}
|
||||||
|
while IFS= read -r finc ; do
|
||||||
|
realpath -qe --relative-base=. %{?-x*} %{?listfiles_exclude} \\
|
||||||
|
| sort -u | grep -q "${finc}" || echo "${finc}"
|
||||||
|
done <<< "${listfiles_include}"
|
||||||
|
%else
|
||||||
|
echo "${listfiles_include}"
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
}
|
||||||
|
|
||||||
|
# https://github.com/rpm-software-management/rpm/issues/581
|
||||||
|
# Write the contents of a list of rpm variables to a macro file.
|
||||||
|
# The target file must contain the corresponding anchors.
|
||||||
|
# For example %writevars -f myfile foo bar will replace:
|
||||||
|
# @@FOO@@ with the rpm evaluation of %{foo} and
|
||||||
|
# @@BAR@@ with the rpm evaluation of %{bar}
|
||||||
|
# in myfile
|
||||||
|
%writevars(f:) %{lua:
|
||||||
|
local fedora = require "fedora.common"
|
||||||
|
local macrofile = rpm.expand("%{-f*}")
|
||||||
|
local rpmvars = {}
|
||||||
|
for i = 1, rpm.expand("%#") do
|
||||||
|
table.insert(rpmvars, rpm.expand("%" .. i))
|
||||||
|
end
|
||||||
|
fedora.writevars(macrofile,rpmvars)
|
||||||
|
}
|
||||||
|
|
||||||
|
# gpgverify verifies signed sources. There is documentation in the script.
|
||||||
|
%gpgverify(k:s:d:) %{lua:
|
||||||
|
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||||
|
local keyring = rpm.expand("%{-k*}")
|
||||||
|
local signature = rpm.expand("%{-s*}")
|
||||||
|
local data = rpm.expand("%{-d*}")
|
||||||
|
print(script)
|
||||||
|
if keyring ~= "" then
|
||||||
|
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||||
|
end
|
||||||
|
if signature ~= "" then
|
||||||
|
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||||
|
end
|
||||||
|
if data ~= "" then
|
||||||
|
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
# gpgverify verifies signed sources. There is documentation in the script.
|
||||||
|
%gpgverify(k:s:d:) %{lua:
|
||||||
|
local script = rpm.expand("%{_rpmconfigdir}/redhat/gpgverify ")
|
||||||
|
local keyring = rpm.expand("%{-k*}")
|
||||||
|
local signature = rpm.expand("%{-s*}")
|
||||||
|
local data = rpm.expand("%{-d*}")
|
||||||
|
print(script)
|
||||||
|
if keyring ~= "" then
|
||||||
|
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
|
||||||
|
end
|
||||||
|
if signature ~= "" then
|
||||||
|
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
|
||||||
|
end
|
||||||
|
if data ~= "" then
|
||||||
|
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
|
||||||
|
end
|
||||||
|
}
|
3
SOURCES/macros.kernel-srpm
Normal file
3
SOURCES/macros.kernel-srpm
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# kernel_arches lists what arches the full kernel is built for.
|
||||||
|
|
||||||
|
%kernel_arches x86_64 s390x ppc64le aarch64 %{arm}
|
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Summary: Red Hat specific rpm configuration files
|
Summary: Red Hat specific rpm configuration files
|
||||||
Name: redhat-rpm-config
|
Name: redhat-rpm-config
|
||||||
Version: 123
|
Version: 125
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
# No version specified.
|
# No version specified.
|
||||||
License: GPL+
|
License: GPL+
|
||||||
@ -45,6 +45,8 @@ Source151: macros.kmp
|
|||||||
Source152: macros.vpath
|
Source152: macros.vpath
|
||||||
Source153: macros.forge
|
Source153: macros.forge
|
||||||
Source154: macros.ldconfig
|
Source154: macros.ldconfig
|
||||||
|
Source155: macros.kernel-srpm
|
||||||
|
Source156: macros.fedora-misc
|
||||||
|
|
||||||
# Build policy scripts
|
# Build policy scripts
|
||||||
# this comes from https://github.com/rpm-software-management/rpm/pull/344
|
# this comes from https://github.com/rpm-software-management/rpm/pull/344
|
||||||
@ -65,6 +67,7 @@ Source400: dist.sh
|
|||||||
Source401: rpmsort
|
Source401: rpmsort
|
||||||
Source402: symset-table
|
Source402: symset-table
|
||||||
Source403: kmodtool
|
Source403: kmodtool
|
||||||
|
Source404: gpgverify
|
||||||
|
|
||||||
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
|
# 2016-10-02 snapshots from http://git.savannah.gnu.org/gitweb/?p=config.git
|
||||||
Source500: config.guess
|
Source500: config.guess
|
||||||
@ -143,6 +146,7 @@ install -p -m 444 -t %{buildroot}%{rrcdir} redhat-hardened-*
|
|||||||
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
|
install -p -m 444 -t %{buildroot}%{rrcdir} redhat-annobin-*
|
||||||
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
|
install -p -m 755 -t %{buildroot}%{rrcdir} config.*
|
||||||
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
|
install -p -m 755 -t %{buildroot}%{rrcdir} dist.sh rpmsort symset-table kmodtool
|
||||||
|
install -p -m 755 -t %{buildroot}%{rrcdir} gpgverify
|
||||||
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
|
install -p -m 755 -t %{buildroot}%{rrcdir} brp-*
|
||||||
|
|
||||||
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
|
install -p -m 755 -t %{buildroot}%{rrcdir} find-*
|
||||||
@ -168,6 +172,7 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
|||||||
%{rrcdir}/brp-mangle-shebangs
|
%{rrcdir}/brp-mangle-shebangs
|
||||||
%{rrcdir}/brp-ldconfig
|
%{rrcdir}/brp-ldconfig
|
||||||
%{rrcdir}/dist.sh
|
%{rrcdir}/dist.sh
|
||||||
|
%{rrcdir}/gpgverify
|
||||||
%{rrcdir}/redhat-hardened-*
|
%{rrcdir}/redhat-hardened-*
|
||||||
%{rrcdir}/redhat-annobin-*
|
%{rrcdir}/redhat-annobin-*
|
||||||
%{rrcdir}/config.*
|
%{rrcdir}/config.*
|
||||||
@ -181,6 +186,8 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
|||||||
%{_rpmconfigdir}/macros.d/macros.forge
|
%{_rpmconfigdir}/macros.d/macros.forge
|
||||||
%{_rpmconfigdir}/macros.d/macros.ldconfig
|
%{_rpmconfigdir}/macros.d/macros.ldconfig
|
||||||
%{_rpmconfigdir}/macros.d/macros.vpath
|
%{_rpmconfigdir}/macros.d/macros.vpath
|
||||||
|
%{_rpmconfigdir}/macros.d/macros.kernel-srpm
|
||||||
|
%{_rpmconfigdir}/macros.d/macros.fedora-misc
|
||||||
%{_rpmconfigdir}/kabi.sh
|
%{_rpmconfigdir}/kabi.sh
|
||||||
%doc buildflags.md
|
%doc buildflags.md
|
||||||
|
|
||||||
@ -198,6 +205,13 @@ install -p -m 755 %{SOURCE21} %{buildroot}%{_rpmconfigdir}/kabi.sh
|
|||||||
%{_rpmconfigdir}/macros.d/macros.kmp
|
%{_rpmconfigdir}/macros.d/macros.kmp
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 27 2020 Florian Festi <ffesti@redhat.com> - 125-1
|
||||||
|
- Add missing macros.fedora-misc file (#1874576)
|
||||||
|
|
||||||
|
* Mon Nov 09 2020 Florian Festi <ffesti@redhat.com> - 124-1
|
||||||
|
- Add macros.kernel-srpm (#1874578)
|
||||||
|
- Added gpgverify (#1874576)
|
||||||
|
|
||||||
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
|
* Tue Jun 16 2020 Florian Festi <ffesti@redhat.com> - 123-1
|
||||||
- Update kmod.prov for better performance (#1794491)
|
- Update kmod.prov for better performance (#1794491)
|
||||||
- Backport performance improvements for brp-mangle-shebangs (#1794779)
|
- Backport performance improvements for brp-mangle-shebangs (#1794779)
|
||||||
|
Loading…
Reference in New Issue
Block a user