diff --git a/macros.rpmsign-sequoia b/macros.rpmsign-sequoia new file mode 100644 index 0000000..dcb9d55 --- /dev/null +++ b/macros.rpmsign-sequoia @@ -0,0 +1,23 @@ +#============================================================================== +# ---- Sequoia signature macros. +# The signature to use and the location of configuration files for +# signing packages with Sequoia. +# +# Unlike GnuPG, Sequoia doesn't support specifying the signer key by +# email or name match, you need to supply the hex fingerprint (or keyid) +#%_gpg_name +#%_gpg_path + +%__gpg /usr/bin/sq + +# Macro(s) to hold the arguments passed to Sequoia for package +# signing. Expansion result is parsed by popt, so be sure to use +# %{shescape} where needed. +# + +%__gpg_sign_cmd %{__gpg} %{__gpg} sign \ + %{?_gpg_sign_cmd_extra_args} \ + %{?_gpg_name:--signer-key %{_gpg_name}} \ + --detached --output %{shescape:%{?__signature_filename}} \ + %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} + diff --git a/rpm.spec b/rpm.spec index 44b8ff3..ce78dcc 100644 --- a/rpm.spec +++ b/rpm.spec @@ -27,7 +27,7 @@ %global rpmver 4.19.1.1 #global snapver rc1 -%global baserelease 7 +%global baserelease 8 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -46,6 +46,7 @@ Source10: rpmdb-rebuild.service Source20: rpmdb-migrate.service Source21: rpmdb_migrate +Source30: macros.rpmsign-sequoia Source31: macros.rpmsign-gnupg Requires: coreutils @@ -137,7 +138,7 @@ rpm-4.9.90-no-man-dirs.patch rpm-4.18.92-disable-sysusers.patch rpm-4.18.90-weak-user-group.patch -# We supply gpg config separately, remove gpg stuff from main macros +# We supply gpg/sq config separately, remove gpg stuff from main macros rpm-4.19.1.1-nogpg.patch # Patches already upstream: @@ -183,7 +184,7 @@ This package contains the RPM shared libraries for building packages. %package sign-libs Summary: Libraries for signing RPM packages Requires: rpm-libs%{_isa} = %{version}-%{release} -Requires(meta): rpm-sign-gnupg +Requires(meta): (rpm-sign-gnupg or rpm-sign-sequoia) %description sign-libs This package contains the RPM shared libraries for signing packages. @@ -192,10 +193,20 @@ This package contains the RPM shared libraries for signing packages. Summary: Support for signing RPM packages using GnuPG Requires: gnupg2 Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} +Conflicts: rpm-sign-sequoia %description sign-gnupg This package provides configuration for signing RPM packages using GnuPG. +%package sign-sequoia +Summary: Support for signing RPM packages using Sequoia +Requires: sequoia-sq +Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release} +Conflicts: rpm-sign-gnupg + +%description sign-sequoia +This package provides configuration for signing RPM packages using Sequoia. + %package devel Summary: Development files for manipulating RPM packages License: GPL-2.0-or-later OR LGPL-2.1-or-later @@ -440,8 +451,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp # workaround for https://github.com/rpm-software-management/rpm/issues/2811 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md -# Signing macros for GnuPG -install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d +# Signing macros for Sequoia and GnuPG +install -m 644 %{SOURCE30} %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d %pre # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm @@ -580,6 +591,9 @@ fi %{_libdir}/librpmsign.so.%{sover} %{_libdir}/librpmsign.so.%{sover}.* +%files sign-sequoia +%{rpmhome}/macros.d/macros.rpmsign-sequoia + %files sign-gnupg %{rpmhome}/macros.d/macros.rpmsign-gnupg @@ -639,6 +653,9 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Tue Nov 12 2024 Michal Domonkos - 4.19.1.1-8 +- Add Sequoia signing support back + * Tue Oct 29 2024 Troy Dawson - 4.19.1.1-7 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018