From 8317a615b0705ab4dc0f1540e6e8e610c7c1a1f9 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Nov 12 2024 13:19:06 +0000 Subject: Add Sequoia signing support back It turns out the subpackage itself is fine, we just need to adjust the affected Beaker tests and make them cover the Sequoia backend as well. This reverts commit 40c682ecfcbdf781e59b6ce89103396d93f681ed. Related: RHEL-56363 --- diff --git a/macros.rpmsign-sequoia b/macros.rpmsign-sequoia new file mode 100644 index 0000000..dcb9d55 --- /dev/null +++ b/macros.rpmsign-sequoia @@ -0,0 +1,23 @@ +#============================================================================== +# ---- Sequoia signature macros. +# The signature to use and the location of configuration files for +# signing packages with Sequoia. +# +# Unlike GnuPG, Sequoia doesn't support specifying the signer key by +# email or name match, you need to supply the hex fingerprint (or keyid) +#%_gpg_name +#%_gpg_path + +%__gpg /usr/bin/sq + +# Macro(s) to hold the arguments passed to Sequoia for package +# signing. Expansion result is parsed by popt, so be sure to use +# %{shescape} where needed. +# + +%__gpg_sign_cmd %{__gpg} %{__gpg} sign \ + %{?_gpg_sign_cmd_extra_args} \ + %{?_gpg_name:--signer-key %{_gpg_name}} \ + --detached --output %{shescape:%{?__signature_filename}} \ + %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + diff --git a/rpm.spec b/rpm.spec index 44b8ff3..ce78dcc 100644 --- a/rpm.spec +++ b/rpm.spec @@ -27,7 +27,7 @@ %global rpmver 4.19.1.1 #global snapver rc1 -%global baserelease 7 +%global baserelease 8 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -46,6 +46,7 @@ Source10: rpmdb-rebuild.service Source20: rpmdb-migrate.service Source21: rpmdb_migrate +Source30: macros.rpmsign-sequoia Source31: macros.rpmsign-gnupg Requires: coreutils @@ -137,7 +138,7 @@ rpm-4.9.90-no-man-dirs.patch rpm-4.18.92-disable-sysusers.patch rpm-4.18.90-weak-user-group.patch -# We supply gpg config separately, remove gpg stuff from main macros +# We supply gpg/sq config separately, remove gpg stuff from main macros rpm-4.19.1.1-nogpg.patch # Patches already upstream: @@ -183,7 +184,7 @@ This package contains the RPM shared libraries for building packages. %package sign-libs Summary: Libraries for signing RPM packages Requires: rpm-libs%{_isa} = %{version}-%{release} -Requires(meta): rpm-sign-gnupg +Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia) %description sign-libs This package contains the RPM shared libraries for signing packages. @@ -192,10 +193,20 @@ This package contains the RPM shared libraries for signing packages. Summary: Support for signing RPM packages using GnuPG Requires: gnupg2 Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} +Conflicts: rpm-sign-sequoia %description sign-gnupg This package provides configuration for signing RPM packages using GnuPG. +%package sign-sequoia +Summary: Support for signing RPM packages using Sequoia +Requires: sequoia-sq +Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} +Conflicts: rpm-sign-gnupg + +%description sign-sequoia +This package provides configuration for signing RPM packages using Sequoia. + %package devel Summary: Development files for manipulating RPM packages License: GPL-2.0-or-later OR LGPL-2.1-or-later @@ -440,8 +451,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp # workaround for https://github.com/rpm-software-management/rpm/issues/2811 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md -# Signing macros for GnuPG -install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d +# Signing macros for Sequoia and GnuPG +install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d %pre # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm @@ -580,6 +591,9 @@ fi %{_libdir}/librpmsign.so.%{sover} %{_libdir}/librpmsign.so.%{sover}.* +%files sign-sequoia +%{rpmhome}/macros.d/macros.rpmsign-sequoia + %files sign-gnupg %{rpmhome}/macros.d/macros.rpmsign-gnupg @@ -639,6 +653,9 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Tue Nov 12 2024 Michal Domonkos - 4.19.1.1-8 +- Add Sequoia signing support back + * Tue Oct 29 2024 Troy Dawson - 4.19.1.1-7 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018