Fix an oversight when introducing this: Sequoia defaults to ASCII armor
signatures whereas GnuPG defaults to binary signatures. We should create
binary signatures with sq too for consistency.
Related: RHEL-56363
Ship the Sequoia signing macros as a %doc you can easily just copy
to /etc/rpm to enable, this is much less hassle for what is more
of a tech-preview feature at this time.
Obsolete rpm-sign-gnupg and -sequoia in case somebody had these
installed on the stream, but these haven't been part of any official
(pre)release so we can drop them before GA.
Related: RHEL-56363
It turns out the subpackage itself is fine, we just need to adjust the
affected Beaker tests and make them cover the Sequoia backend as well.
This reverts commit 40c682ecfc.
Related: RHEL-56363
Running a build through the RHEL OSCI reveals some possible shortcomings
of the original design:
- Custom macros using %__gpg may now easily break if the Sequoia backend
is installed, such as those overriding %__gpg_sign_cmd where %__gpg is
typically the first argument, followed by CLI options only known to
GnuPG. This is exactly the case with some of our Beaker tests.
- Some tests attempt to install both subpackages directly with dnf which
obviously fails as they conflict with each other. This is just a test
issue, though.
Therefore, the boolean dependency in rpm-sign-libs declaring that both
implementations are equally compatible is just wrong, until we can prove
otherwise, by making the CI tests pass, for starters.
Drop the Sequoia subpackage for now. This is less drastic than a full
revert since the actual GnuPG split-off is still reasonable on its own.
We can always add Sequoia support back later, once we figure out the
above issues.
Related: RHEL-56363
Add new rpmsign-sequoia and rpmsign-gnupg subpackages which can be
used to switch between the two OpenPGP implementations for signing,
rpm-sign-libs just requires one of them to be present.
It's worth noting that unlike GnuPG, Sequoia doesn't accept names or
email addresses as the signer identifier, one needs to supply the actual key
fingerprint.
Resolves: RHEL-56363
This follows https://github.com/rpm-software-management/rpm/issues/2511
and moves the license string to only one place. No need to repeat it
in subpackages.
I did not include a changelog entry as there are five other PR waiting in a
queue, and that would conflict with them.
Tools have been moved into the tools/ directory in the tarball so update
the ./rpmdb path accordingly.
Also remove the README.md file that is installed from the docs/
directory and ends up alongside the project's README file for no good
reason. This is tracked upstream as:
https://github.com/rpm-software-management/rpm/issues/2811
Also remove the already noop %check support altogether as the new
test-suite backend currently doesn't support running inside a mock
buildroot (this may change in the future, in which case we'll add it
back).
Currently systemd has it's own conflicting user/group provide generation
but we need the rpm one for the sysuser integration. This must not
proceed before https://src.fedoraproject.org/rpms/systemd/pull-request/109
is merged + built because this involves a file-level conflict.
Note that this does NOT enable the sysuser integration in rpm, merely
the provides generation, but doing so will allow people to begin testing
the actual integration.