Revert the gnupg/sequoia signing sub-packages, too much headache

Ship the Sequoia signing macros as a %doc you can easily just copy
to /etc/rpm to enable, this is much less hassle for what is more
of a tech-preview feature at this time.

Obsolete rpm-sign-gnupg and -sequoia in case somebody had these
installed on the stream, but these haven't been part of any official
(pre)release so we can drop them before GA.

Related: RHEL-56363
This commit is contained in:
Panu Matilainen 2024-12-04 12:04:16 +02:00
parent 8317a615b0
commit 33815947f5
4 changed files with 14 additions and 113 deletions

View File

@ -1,22 +0,0 @@
#==============================================================================
# ---- GPG signature macros.
# The signature to use and the location of configuration files for
# signing packages with GNU gpg.
#
#%_gpg_name
#%_gpg_path
%__gpg /usr/bin/gpg2
# Macro(s) to hold the arguments passed to GPG/PGP for package
# signing. Expansion result is parsed by popt, so be sure to use
# %{shescape} where needed.
#
%__gpg_sign_cmd %{shescape:%{__gpg}} \
gpg --no-verbose --no-armor --no-secmem-warning \
%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
%{?_gpg_sign_cmd_extra_args} \
%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
-sbo %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}

View File

@ -3,6 +3,9 @@
# The signature to use and the location of configuration files for
# signing packages with Sequoia.
#
# To enable signing with sequoia-sq, just copy this file to /etc/rpm:
# cp /usr/share/doc/rpm/macros.rpmsign-sequoia /etc/rpm/
#
# Unlike GnuPG, Sequoia doesn't support specifying the signer key by
# email or name match, you need to supply the hex fingerprint (or keyid)
#%_gpg_name

View File

@ -1,59 +0,0 @@
diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in
--- rpm-4.19.1.1/macros.in.nogpg 2024-10-14 10:01:22.265773552 +0300
+++ rpm-4.19.1.1/macros.in 2024-10-14 10:02:32.245317535 +0300
@@ -30,7 +30,6 @@
%__chown @__CHOWN@
%__cp @__CP@
%__file @__FILE@
-%__gpg @__GPG@
%__grep @__GREP@
%__gzip @__GZIP@
%__id @__ID@
@@ -321,12 +320,6 @@ Supplements: (%{name} = %{version}-%{r
# marked as %doc should be installed.
#%_excludedocs
-# The signature to use and the location of configuration files for
-# signing packages with GNU gpg.
-#
-#%_gpg_name
-#%_gpg_path
-
# The port and machine name of an HTTP proxy host (used for FTP/HTTP).
#
#%_httpport
@@ -595,10 +588,10 @@ Supplements: (%{name} = %{version}-%{r
%_fileattrsdir %{_rpmconfigdir}/fileattrs
# This macro defines how much space (in bytes) in package should be
-# reserved for gpg signatures during building of a package. If this space is
-# big enough for gpg signatures to fit into it then signing of the packages is
+# reserved for OpenPGP signatures during building of a package. If this space
+# big enough for the signature to fit into it then signing of the packages is
# very quick because it is not necessary to rewrite the whole package to make
-# some space for gpg signatures.
+# some space for the signature.
%__gpg_reserved_space 4096
#==============================================================================
@@ -613,20 +606,6 @@ Supplements: (%{name} = %{version}-%{r
%_db_backend @DB_BACKEND@
#==============================================================================
-# ---- GPG/PGP/PGP5 signature macros.
-# Macro(s) to hold the arguments passed to GPG/PGP for package
-# signing. Expansion result is parsed by popt, so be sure to use
-# %{shescape} where needed.
-#
-%__gpg_sign_cmd %{shescape:%{__gpg}} \
- gpg --no-verbose --no-armor --no-secmem-warning \
- %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
- %{?_gpg_sign_cmd_extra_args} \
- %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
- -sbo %{shescape:%{?__signature_filename}} \
- %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-
-#==============================================================================
# ---- Transaction macros.
# Macro(s) used to parameterize transactions.
#

View File

@ -27,7 +27,7 @@
%global rpmver 4.19.1.1
#global snapver rc1
%global baserelease 8
%global baserelease 9
%global sover 10
%global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -47,7 +47,6 @@ Source20: rpmdb-migrate.service
Source21: rpmdb_migrate
Source30: macros.rpmsign-sequoia
Source31: macros.rpmsign-gnupg
Requires: coreutils
Requires: popt%{_isa} >= 1.10.2.1
@ -138,9 +137,6 @@ rpm-4.9.90-no-man-dirs.patch
rpm-4.18.92-disable-sysusers.patch
rpm-4.18.90-weak-user-group.patch
# We supply gpg/sq config separately, remove gpg stuff from main macros
rpm-4.19.1.1-nogpg.patch
# Patches already upstream:
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
@ -184,29 +180,13 @@ This package contains the RPM shared libraries for building packages.
%package sign-libs
Summary: Libraries for signing RPM packages
Requires: rpm-libs%{_isa} = %{version}-%{release}
Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia)
# in case somebody on the stream had these installed
Obsoletes: rpm-sign-gnupg < 4.19.1.1-9.el10
Obsoletes: rpm-sign-sequoia < 4.19.1.1-9.el10
%description sign-libs
This package contains the RPM shared libraries for signing packages.
%package sign-gnupg
Summary: Support for signing RPM packages using GnuPG
Requires: gnupg2
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
Conflicts: rpm-sign-sequoia
%description sign-gnupg
This package provides configuration for signing RPM packages using GnuPG.
%package sign-sequoia
Summary: Support for signing RPM packages using Sequoia
Requires: sequoia-sq
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
Conflicts: rpm-sign-gnupg
%description sign-sequoia
This package provides configuration for signing RPM packages using Sequoia.
%package devel
Summary: Development files for manipulating RPM packages
License: GPL-2.0-or-later OR LGPL-2.1-or-later
@ -451,8 +431,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
# workaround for https://github.com/rpm-software-management/rpm/issues/2811
rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
# Signing macros for Sequoia and GnuPG
install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
# Signing macros for Sequoia
install -m 644 %{SOURCE30} $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/
%pre
# Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
@ -591,12 +571,6 @@ fi
%{_libdir}/librpmsign.so.%{sover}
%{_libdir}/librpmsign.so.%{sover}.*
%files sign-sequoia
%{rpmhome}/macros.d/macros.rpmsign-sequoia
%files sign-gnupg
%{rpmhome}/macros.d/macros.rpmsign-gnupg
%files build
%{_bindir}/rpmbuild
%{_bindir}/gendiff
@ -624,6 +598,7 @@ fi
%files sign
%{_bindir}/rpmsign
%{_mandir}/man8/rpmsign.8*
%doc %{_defaultdocdir}/rpm/macros.rpmsign-sequoia
%files -n python3-%{name}
%dir %{python3_sitearch}/rpm
@ -653,6 +628,10 @@ fi
%doc %{_defaultdocdir}/rpm/API/
%changelog
* Wed Dec 04 2024 Panu Matilainen <pmatilai@redhat.com> - 4.19.1.1-9
- Revert the gnupg/sequoia sub-packages, too much headache
- Ship sequoia-signing enablement macros as documentation instead
* Tue Nov 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-8
- Add Sequoia signing support back