From 33815947f5dede0a6ce4f712d73bdd85a776fdfc Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Dec 05 2024 07:05:40 +0000 Subject: Revert the gnupg/sequoia signing sub-packages, too much headache Ship the Sequoia signing macros as a %doc you can easily just copy to /etc/rpm to enable, this is much less hassle for what is more of a tech-preview feature at this time. Obsolete rpm-sign-gnupg and -sequoia in case somebody had these installed on the stream, but these haven't been part of any official (pre)release so we can drop them before GA. Related: RHEL-56363 --- diff --git a/macros.rpmsign-gnupg b/macros.rpmsign-gnupg deleted file mode 100644 index 110ef26..0000000 --- a/macros.rpmsign-gnupg +++ /dev/null @@ -1,22 +0,0 @@ -#============================================================================== -# ---- GPG signature macros. -# The signature to use and the location of configuration files for -# signing packages with GNU gpg. -# -#%_gpg_name -#%_gpg_path - -%__gpg /usr/bin/gpg2 - -# Macro(s) to hold the arguments passed to GPG/PGP for package -# signing. Expansion result is parsed by popt, so be sure to use -# %{shescape} where needed. -# -%__gpg_sign_cmd %{shescape:%{__gpg}} \ - gpg --no-verbose --no-armor --no-secmem-warning \ - %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ - %{?_gpg_sign_cmd_extra_args} \ - %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \ - -sbo %{shescape:%{?__signature_filename}} \ - %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} - diff --git a/macros.rpmsign-sequoia b/macros.rpmsign-sequoia index dcb9d55..13d8ece 100644 --- a/macros.rpmsign-sequoia +++ b/macros.rpmsign-sequoia @@ -3,6 +3,9 @@ # The signature to use and the location of configuration files for # signing packages with Sequoia. # +# To enable signing with sequoia-sq, just copy this file to /etc/rpm: +# cp /usr/share/doc/rpm/macros.rpmsign-sequoia /etc/rpm/ +# # Unlike GnuPG, Sequoia doesn't support specifying the signer key by # email or name match, you need to supply the hex fingerprint (or keyid) #%_gpg_name diff --git a/rpm-4.19.1.1-nogpg.patch b/rpm-4.19.1.1-nogpg.patch deleted file mode 100644 index 8d21d4a..0000000 --- a/rpm-4.19.1.1-nogpg.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in ---- rpm-4.19.1.1/macros.in.nogpg 2024-10-14 10:01:22.265773552 +0300 -+++ rpm-4.19.1.1/macros.in 2024-10-14 10:02:32.245317535 +0300 -@@ -30,7 +30,6 @@ - %__chown @__CHOWN@ - %__cp @__CP@ - %__file @__FILE@ --%__gpg @__GPG@ - %__grep @__GREP@ - %__gzip @__GZIP@ - %__id @__ID@ -@@ -321,12 +320,6 @@ Supplements: (%{name} = %{version}-%{r - # marked as %doc should be installed. - #%_excludedocs - --# The signature to use and the location of configuration files for --# signing packages with GNU gpg. --# --#%_gpg_name --#%_gpg_path -- - # The port and machine name of an HTTP proxy host (used for FTP/HTTP). - # - #%_httpport -@@ -595,10 +588,10 @@ Supplements: (%{name} = %{version}-%{r - %_fileattrsdir %{_rpmconfigdir}/fileattrs - - # This macro defines how much space (in bytes) in package should be --# reserved for gpg signatures during building of a package. If this space is --# big enough for gpg signatures to fit into it then signing of the packages is -+# reserved for OpenPGP signatures during building of a package. If this space -+# big enough for the signature to fit into it then signing of the packages is - # very quick because it is not necessary to rewrite the whole package to make --# some space for gpg signatures. -+# some space for the signature. - %__gpg_reserved_space 4096 - - #============================================================================== -@@ -613,20 +606,6 @@ Supplements: (%{name} = %{version}-%{r - %_db_backend @DB_BACKEND@ - - #============================================================================== --# ---- GPG/PGP/PGP5 signature macros. --# Macro(s) to hold the arguments passed to GPG/PGP for package --# signing. Expansion result is parsed by popt, so be sure to use --# %{shescape} where needed. --# --%__gpg_sign_cmd %{shescape:%{__gpg}} \ -- gpg --no-verbose --no-armor --no-secmem-warning \ -- %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \ -- %{?_gpg_sign_cmd_extra_args} \ -- %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \ -- -sbo %{shescape:%{?__signature_filename}} \ -- %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} -- --#============================================================================== - # ---- Transaction macros. - # Macro(s) used to parameterize transactions. - # diff --git a/rpm.spec b/rpm.spec index ce78dcc..5153625 100644 --- a/rpm.spec +++ b/rpm.spec @@ -27,7 +27,7 @@ %global rpmver 4.19.1.1 #global snapver rc1 -%global baserelease 8 +%global baserelease 9 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -47,7 +47,6 @@ Source20: rpmdb-migrate.service Source21: rpmdb_migrate Source30: macros.rpmsign-sequoia -Source31: macros.rpmsign-gnupg Requires: coreutils Requires: popt%{_isa} >= 1.10.2.1 @@ -138,9 +137,6 @@ rpm-4.9.90-no-man-dirs.patch rpm-4.18.92-disable-sysusers.patch rpm-4.18.90-weak-user-group.patch -# We supply gpg/sq config separately, remove gpg stuff from main macros -rpm-4.19.1.1-nogpg.patch - # Patches already upstream: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch @@ -184,29 +180,13 @@ This package contains the RPM shared libraries for building packages. %package sign-libs Summary: Libraries for signing RPM packages Requires: rpm-libs%{_isa} = %{version}-%{release} -Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia) +# in case somebody on the stream had these installed +Obsoletes: rpm-sign-gnupg < 4.19.1.1-9.el10 +Obsoletes: rpm-sign-sequoia < 4.19.1.1-9.el10 %description sign-libs This package contains the RPM shared libraries for signing packages. -%package sign-gnupg -Summary: Support for signing RPM packages using GnuPG -Requires: gnupg2 -Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} -Conflicts: rpm-sign-sequoia - -%description sign-gnupg -This package provides configuration for signing RPM packages using GnuPG. - -%package sign-sequoia -Summary: Support for signing RPM packages using Sequoia -Requires: sequoia-sq -Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} -Conflicts: rpm-sign-gnupg - -%description sign-sequoia -This package provides configuration for signing RPM packages using Sequoia. - %package devel Summary: Development files for manipulating RPM packages License: GPL-2.0-or-later OR LGPL-2.1-or-later @@ -451,8 +431,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp # workaround for https://github.com/rpm-software-management/rpm/issues/2811 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md -# Signing macros for Sequoia and GnuPG -install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d +# Signing macros for Sequoia +install -m 644 %{SOURCE30} $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/ %pre # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm @@ -591,12 +571,6 @@ fi %{_libdir}/librpmsign.so.%{sover} %{_libdir}/librpmsign.so.%{sover}.* -%files sign-sequoia -%{rpmhome}/macros.d/macros.rpmsign-sequoia - -%files sign-gnupg -%{rpmhome}/macros.d/macros.rpmsign-gnupg - %files build %{_bindir}/rpmbuild %{_bindir}/gendiff @@ -624,6 +598,7 @@ fi %files sign %{_bindir}/rpmsign %{_mandir}/man8/rpmsign.8* +%doc %{_defaultdocdir}/rpm/macros.rpmsign-sequoia %files -n python3-%{name} %dir %{python3_sitearch}/rpm @@ -653,6 +628,10 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Wed Dec 04 2024 Panu Matilainen - 4.19.1.1-9 +- Revert the gnupg/sequoia sub-packages, too much headache +- Ship sequoia-signing enablement macros as documentation instead + * Tue Nov 12 2024 Michal Domonkos - 4.19.1.1-8 - Add Sequoia signing support back