Merge branch 'c10s' into a10s

2024-12-17 15:23:51 +03:00 · 2024-12-17 15:23:51 +03:00 · 3faab8ffb9
commit 3faab8ffb9
parent ec30123a8f 4783f4455f
4 changed files with 43 additions and 101 deletions
--- a/macros.rpmsign-gnupg
+++ b/macros.rpmsign-gnupg
@ -1,22 +0,0 @@
 #==============================================================================
 # ---- GPG signature macros.
 #	The signature to use and the location of configuration files for
 #	signing packages with GNU gpg.
 #
 #%_gpg_name
 #%_gpg_path
 %__gpg	/usr/bin/gpg2
 #	Macro(s) to hold the arguments passed to GPG/PGP for package
 #	signing.  Expansion result is parsed by popt, so be sure to use
 #	%{shescape} where needed.
 #
 %__gpg_sign_cmd			%{shescape:%{__gpg}} \
 	gpg --no-verbose --no-armor --no-secmem-warning \
 	%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
 	%{?_gpg_sign_cmd_extra_args} \
 	%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
 	-sbo %{shescape:%{?__signature_filename}} \
 	%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
--- a/macros.rpmsign-sequoia
+++ b/macros.rpmsign-sequoia
@ -0,0 +1,26 @@
 #==============================================================================
 # ---- Sequoia signature macros.
 #	The signature to use and the location of configuration files for
 #	signing packages with Sequoia.
 #
 #	To enable signing with sequoia-sq, just copy this file to /etc/rpm:
 #	cp /usr/share/doc/rpm/macros.rpmsign-sequoia /etc/rpm/
 #
 # Unlike GnuPG, Sequoia doesn't support specifying the signer key by
 # email or name match, you need to supply the hex fingerprint (or keyid)
 #%_gpg_name
 #%_gpg_path
 %__gpg	/usr/bin/sq
 #	Macro(s) to hold the arguments passed to Sequoia for package
 #	signing.  Expansion result is parsed by popt, so be sure to use
 #	%{shescape} where needed.
 #
 %__gpg_sign_cmd %{__gpg} %{__gpg} sign \
 	%{?_gpg_sign_cmd_extra_args} \
        %{?_gpg_name:--signer-key %{_gpg_name}} \
        --binary --detached --output %{shescape:%{?__signature_filename}} \
        %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
--- a/rpm-4.19.1.1-nogpg.patch
+++ b/rpm-4.19.1.1-nogpg.patch
@ -1,59 +0,0 @@
 diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in
 --- rpm-4.19.1.1/macros.in.nogpg	2024-10-14 10:01:22.265773552 +0300
 +++ rpm-4.19.1.1/macros.in	2024-10-14 10:02:32.245317535 +0300
@@ -30,7 +30,6 @@
 %__chown		@__CHOWN@
 %__cp			@__CP@
 %__file			@__FILE@
 -%__gpg			@__GPG@
 %__grep			@__GREP@
 %__gzip			@__GZIP@
 %__id			@__ID@
@@ -321,12 +320,6 @@ Supplements:   (%{name} = %{version}-%{r
 #	marked as %doc should be installed.
 #%_excludedocs
 -#	The signature to use and the location of configuration files for
 -#	signing packages with GNU gpg.
 -#
 -#%_gpg_name
 -#%_gpg_path
 -
 #	The port and machine name of an HTTP proxy host (used for FTP/HTTP).
 #
 #%_httpport
@@ -595,10 +588,10 @@ Supplements:   (%{name} = %{version}-%{r
 %_fileattrsdir		%{_rpmconfigdir}/fileattrs
 # This macro defines how much space (in bytes) in package should be
 -# reserved for gpg signatures during building of a package. If this space is
 -# big enough for gpg signatures to fit into it then signing of the packages is
 +# reserved for OpenPGP signatures during building of a package. If this space
 +# big enough for the signature to fit into it then signing of the packages is
 # very quick because it is not necessary to rewrite the whole package to make
 -# some space for gpg signatures.
 +# some space for the signature.
 %__gpg_reserved_space 4096
 #==============================================================================
@@ -613,20 +606,6 @@ Supplements:   (%{name} = %{version}-%{r
 %_db_backend	      @DB_BACKEND@
 #==============================================================================
 -# ---- GPG/PGP/PGP5 signature macros.
 -#	Macro(s) to hold the arguments passed to GPG/PGP for package
 -#	signing.  Expansion result is parsed by popt, so be sure to use
 -#	%{shescape} where needed.
 -#
 -%__gpg_sign_cmd			%{shescape:%{__gpg}} \
 -	gpg --no-verbose --no-armor --no-secmem-warning \
 -	%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
 -	%{?_gpg_sign_cmd_extra_args} \
 -	%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
 -	-sbo %{shescape:%{?__signature_filename}} \
 -	%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
 -
 -#==============================================================================
 # ---- Transaction macros.
 #	Macro(s) used to parameterize transactions.
 #
--- a/rpm.spec
+++ b/rpm.spec
@ -27,7 +27,7 @@
 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 7
+%global baserelease 9
 %global sover 10
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -46,7 +46,7 @@ Source10: rpmdb-rebuild.service
 Source20: rpmdb-migrate.service
 Source21: rpmdb_migrate
-Source31: macros.rpmsign-gnupg
+Source30: macros.rpmsign-sequoia
 Requires: coreutils
 Requires: popt%{_isa} >= 1.10.2.1
@ -140,9 +140,6 @@ rpm-4.9.90-no-man-dirs.patch
 rpm-4.18.92-disable-sysusers.patch
 rpm-4.18.90-weak-user-group.patch
 # We supply gpg config separately, remove gpg stuff from main macros
 rpm-4.19.1.1-nogpg.patch
 # Patches already upstream:
 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
@ -186,19 +183,13 @@ This package contains the RPM shared libraries for building packages.
 %package sign-libs
 Summary:  Libraries for signing RPM packages
 Requires: rpm-libs%{_isa} = %{version}-%{release}
-Requires(meta): rpm-sign-gnupg
+# in case somebody on the stream had these installed
 Obsoletes: rpm-sign-gnupg < 4.19.1.1-9.el10
 Obsoletes: rpm-sign-sequoia < 4.19.1.1-9.el10
 %description sign-libs
 This package contains the RPM shared libraries for signing packages.
 %package sign-gnupg
 Summary: Support for signing RPM packages using GnuPG
 Requires: gnupg2
 Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
 %description sign-gnupg
 This package provides configuration for signing RPM packages using GnuPG.
 %package devel
 Summary:  Development files for manipulating RPM packages
 License:  GPL-2.0-or-later OR LGPL-2.1-or-later
@ -443,8 +434,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
 # workaround for https://github.com/rpm-software-management/rpm/issues/2811
 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
-# Signing macros for GnuPG
+# Signing macros for Sequoia
-install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
+install -m 644 %{SOURCE30} $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/
 %pre
 # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
@ -583,9 +574,6 @@ fi
 %{_libdir}/librpmsign.so.%{sover}
 %{_libdir}/librpmsign.so.%{sover}.*
 %files sign-gnupg
 %{rpmhome}/macros.d/macros.rpmsign-gnupg
 %files build
 %{_bindir}/rpmbuild
 %{_bindir}/gendiff
@ -613,6 +601,7 @@ fi
 %files sign
 %{_bindir}/rpmsign
 %{_mandir}/man8/rpmsign.8*
 %doc %{_defaultdocdir}/rpm/macros.rpmsign-sequoia
 %files -n python3-%{name}
 %dir %{python3_sitearch}/rpm
@ -642,9 +631,17 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 %changelog
-* Tue Dec 10 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-7.alma.1
+* Tue Dec 17 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-9.alma.1
 - Fix: Treat x86_64_v2 as x86_64 in architecture checks
 * Wed Dec 04 2024 Panu Matilainen <pmatilai@redhat.com> - 4.19.1.1-9
 - Revert the gnupg/sequoia sub-packages, too much headache
 - Ship sequoia-signing enablement macros as documentation instead
 - Generate binary signatures with Sequoia too
 * Tue Nov 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-8
 - Add Sequoia signing support back
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-7
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018