Add Sequoia signing support back

It turns out the subpackage itself is fine, we just need to adjust the
affected Beaker tests and make them cover the Sequoia backend as well.

This reverts commit 40c682ecfc.

Related: RHEL-56363

macros.rpmsign-sequoia

@@ -0,0 +1,23 @@
+#==============================================================================
+# ---- Sequoia signature macros.
+#	The signature to use and the location of configuration files for
+#	signing packages with Sequoia.
+#
+# Unlike GnuPG, Sequoia doesn't support specifying the signer key by
+# email or name match, you need to supply the hex fingerprint (or keyid)
+#%_gpg_name
+#%_gpg_path
+
+%__gpg	/usr/bin/sq
+
+#	Macro(s) to hold the arguments passed to Sequoia for package
+#	signing.  Expansion result is parsed by popt, so be sure to use
+#	%{shescape} where needed.
+#
+
+%__gpg_sign_cmd %{__gpg} %{__gpg} sign \
+	%{?_gpg_sign_cmd_extra_args} \
+        %{?_gpg_name:--signer-key %{_gpg_name}} \
+        --detached --output %{shescape:%{?__signature_filename}} \
+        %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
+

rpm.spec

@@ -27,7 +27,7 @@
 
 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 7
+%global baserelease 8
 %global sover 10
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -46,6 +46,7 @@ Source10: rpmdb-rebuild.service
 Source20: rpmdb-migrate.service
 Source21: rpmdb_migrate
 
+Source30: macros.rpmsign-sequoia
 Source31: macros.rpmsign-gnupg
 
 Requires: coreutils
@@ -137,7 +138,7 @@ rpm-4.9.90-no-man-dirs.patch
 rpm-4.18.92-disable-sysusers.patch
 rpm-4.18.90-weak-user-group.patch
 
-# We supply gpg config separately, remove gpg stuff from main macros
+# We supply gpg/sq config separately, remove gpg stuff from main macros
 rpm-4.19.1.1-nogpg.patch
 
 # Patches already upstream:
@@ -183,7 +184,7 @@ This package contains the RPM shared libraries for building packages.
 %package sign-libs
 Summary:  Libraries for signing RPM packages
 Requires: rpm-libs%{_isa} = %{version}-%{release}
-Requires(meta): rpm-sign-gnupg
+Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia)
 
 %description sign-libs
 This package contains the RPM shared libraries for signing packages.
@@ -192,10 +193,20 @@ This package contains the RPM shared libraries for signing packages.
 Summary: Support for signing RPM packages using GnuPG
 Requires: gnupg2
 Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
+Conflicts: rpm-sign-sequoia
 
 %description sign-gnupg
 This package provides configuration for signing RPM packages using GnuPG.
 
+%package sign-sequoia
+Summary: Support for signing RPM packages using Sequoia
+Requires: sequoia-sq
+Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
+Conflicts: rpm-sign-gnupg
+
+%description sign-sequoia
+This package provides configuration for signing RPM packages using Sequoia.
+
 %package devel
 Summary:  Development files for manipulating RPM packages
 License:  GPL-2.0-or-later OR LGPL-2.1-or-later
@@ -440,8 +451,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
 # workaround for https://github.com/rpm-software-management/rpm/issues/2811
 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
 
-# Signing macros for GnuPG
-install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
+# Signing macros for Sequoia and GnuPG
+install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
 
 %pre
 # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
@@ -580,6 +591,9 @@ fi
 %{_libdir}/librpmsign.so.%{sover}
 %{_libdir}/librpmsign.so.%{sover}.*
 
+%files sign-sequoia
+%{rpmhome}/macros.d/macros.rpmsign-sequoia
+
 %files sign-gnupg
 %{rpmhome}/macros.d/macros.rpmsign-gnupg
 
@@ -639,6 +653,9 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 
 %changelog
+* Tue Nov 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-8
+- Add Sequoia signing support back
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-7
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018