Ship the Sequoia signing macros as a %doc you can easily just copy
to /etc/rpm to enable, this is much less hassle for what is more
of a tech-preview feature at this time.
Obsolete rpm-sign-gnupg and -sequoia in case somebody had these
installed on the stream, but these haven't been part of any official
(pre)release so we can drop them before GA.
Related: RHEL-56363
It turns out the subpackage itself is fine, we just need to adjust the
affected Beaker tests and make them cover the Sequoia backend as well.
This reverts commit 40c682ecfc.
Related: RHEL-56363
Running a build through the RHEL OSCI reveals some possible shortcomings
of the original design:
- Custom macros using %__gpg may now easily break if the Sequoia backend
is installed, such as those overriding %__gpg_sign_cmd where %__gpg is
typically the first argument, followed by CLI options only known to
GnuPG. This is exactly the case with some of our Beaker tests.
- Some tests attempt to install both subpackages directly with dnf which
obviously fails as they conflict with each other. This is just a test
issue, though.
Therefore, the boolean dependency in rpm-sign-libs declaring that both
implementations are equally compatible is just wrong, until we can prove
otherwise, by making the CI tests pass, for starters.
Drop the Sequoia subpackage for now. This is less drastic than a full
revert since the actual GnuPG split-off is still reasonable on its own.
We can always add Sequoia support back later, once we figure out the
above issues.
Related: RHEL-56363
Add new rpmsign-sequoia and rpmsign-gnupg subpackages which can be
used to switch between the two OpenPGP implementations for signing,
rpm-sign-libs just requires one of them to be present.
It's worth noting that unlike GnuPG, Sequoia doesn't accept names or
email addresses as the signer identifier, one needs to supply the actual key
fingerprint.
Resolves: RHEL-56363
