Revert Sequoia signing support for now, breaks CI
Running a build through the RHEL OSCI reveals some possible shortcomings of the original design: - Custom macros using %__gpg may now easily break if the Sequoia backend is installed, such as those overriding %__gpg_sign_cmd where %__gpg is typically the first argument, followed by CLI options only known to GnuPG. This is exactly the case with some of our Beaker tests. - Some tests attempt to install both subpackages directly with dnf which obviously fails as they conflict with each other. This is just a test issue, though. Therefore, the boolean dependency in rpm-sign-libs declaring that both implementations are equally compatible is just wrong, until we can prove otherwise, by making the CI tests pass, for starters. Drop the Sequoia subpackage for now. This is less drastic than a full revert since the actual GnuPG split-off is still reasonable on its own. We can always add Sequoia support back later, once we figure out the above issues. Related: RHEL-56363
This commit is contained in:
Michal Domonkos
parent
0f0847f87a
commit
40c682ecfc
@ -1,23 +0,0 @@
|
||||
#==============================================================================
|
||||
# ---- Sequoia signature macros.
|
||||
# The signature to use and the location of configuration files for
|
||||
# signing packages with Sequoia.
|
||||
#
|
||||
# Unlike GnuPG, Sequoia doesn't support specifying the signer key by
|
||||
# email or name match, you need to supply the hex fingerprint (or keyid)
|
||||
#%_gpg_name
|
||||
#%_gpg_path
|
||||
|
||||
%__gpg /usr/bin/sq
|
||||
|
||||
# Macro(s) to hold the arguments passed to Sequoia for package
|
||||
# signing. Expansion result is parsed by popt, so be sure to use
|
||||
# %{shescape} where needed.
|
||||
#
|
||||
|
||||
%__gpg_sign_cmd %{__gpg} %{__gpg} sign \
|
||||
%{?_gpg_sign_cmd_extra_args} \
|
||||
%{?_gpg_name:--signer-key %{_gpg_name}} \
|
||||
--detached --output %{shescape:%{?__signature_filename}} \
|
||||
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
|
||||
|
||||
27
rpm.spec
27
rpm.spec
@ -27,7 +27,7 @@
|
||||
|
||||
%global rpmver 4.19.1.1
|
||||
#global snapver rc1
|
||||
%global baserelease 5
|
||||
%global baserelease 6
|
||||
%global sover 10
|
||||
|
||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
@ -46,7 +46,6 @@ Source10: rpmdb-rebuild.service
|
||||
Source20: rpmdb-migrate.service
|
||||
Source21: rpmdb_migrate
|
||||
|
||||
Source30: macros.rpmsign-sequoia
|
||||
Source31: macros.rpmsign-gnupg
|
||||
|
||||
Requires: coreutils
|
||||
@ -138,7 +137,7 @@ rpm-4.9.90-no-man-dirs.patch
|
||||
rpm-4.18.92-disable-sysusers.patch
|
||||
rpm-4.18.90-weak-user-group.patch
|
||||
|
||||
# We supply gpg/sq config separately, remove gpg stuff from main macros
|
||||
# We supply gpg config separately, remove gpg stuff from main macros
|
||||
rpm-4.19.1.1-nogpg.patch
|
||||
|
||||
# Patches already upstream:
|
||||
@ -184,7 +183,7 @@ This package contains the RPM shared libraries for building packages.
|
||||
%package sign-libs
|
||||
Summary: Libraries for signing RPM packages
|
||||
Requires: rpm-libs%{_isa} = %{version}-%{release}
|
||||
Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia)
|
||||
Requires(meta): rpm-sign-gnupg
|
||||
|
||||
%description sign-libs
|
||||
This package contains the RPM shared libraries for signing packages.
|
||||
@ -193,20 +192,10 @@ This package contains the RPM shared libraries for signing packages.
|
||||
Summary: Support for signing RPM packages using GnuPG
|
||||
Requires: gnupg2
|
||||
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
|
||||
Conflicts: rpm-sign-sequoia
|
||||
|
||||
%description sign-gnupg
|
||||
This package provides configuration for signing RPM packages using GnuPG.
|
||||
|
||||
%package sign-sequoia
|
||||
Summary: Support for signing RPM packages using Sequoia
|
||||
Requires: sequoia-sq
|
||||
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
|
||||
Conflicts: rpm-sign-gnupg
|
||||
|
||||
%description sign-sequoia
|
||||
This package provides configuration for signing RPM packages using Sequoia.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for manipulating RPM packages
|
||||
License: GPL-2.0-or-later OR LGPL-2.1-or-later
|
||||
@ -451,8 +440,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
|
||||
# workaround for https://github.com/rpm-software-management/rpm/issues/2811
|
||||
rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
|
||||
|
||||
# Signing macros for Sequoia and GnuPG
|
||||
install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
|
||||
# Signing macros for GnuPG
|
||||
install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
|
||||
|
||||
%pre
|
||||
# Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
|
||||
@ -591,9 +580,6 @@ fi
|
||||
%{_libdir}/librpmsign.so.%{sover}
|
||||
%{_libdir}/librpmsign.so.%{sover}.*
|
||||
|
||||
%files sign-sequoia
|
||||
%{rpmhome}/macros.d/macros.rpmsign-sequoia
|
||||
|
||||
%files sign-gnupg
|
||||
%{rpmhome}/macros.d/macros.rpmsign-gnupg
|
||||
|
||||
@ -653,6 +639,9 @@ fi
|
||||
%doc %{_defaultdocdir}/rpm/API/
|
||||
|
||||
%changelog
|
||||
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-6
|
||||
- Revert Sequoia signing support for now, breaks CI
|
||||
|
||||
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-5
|
||||
- Fix Conflicts in new rpm-sign backends
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user