Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: pesign-obs-integration | Distribution: SUSE Linux Framework One |
Version: 10.2+git20240723.d344d91 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.1 | Build date: Wed Aug 21 17:38:43 2024 |
Group: Development/Tools/Other | Build host: h04-ch1b |
Size: 93894 | Source RPM: pesign-obs-integration-10.2+git20240723.d344d91-slfo.1.1.1.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools | |
Summary: Macros and scripts to sign the kernel and bootloader |
This package provides scripts and rpm macros to automate signing of the boot loader, kernel and kernel modules in the openSUSE Buildservice.
GPL-2.0-or-later
* Tue Jul 23 2024 jlee@suse.com - Update to version 10.2+git20240723.d344d91: * Quote % signs in scripts * Export also a VCS tag * specfile: Change license to OR-LATER * specfile: Update rpm constructs * spec.in: Add changelog tag * spec.in: Don't copy changes to OTHER * spec.in: Use SPDX license * Fri Feb 16 2024 jlee@suse.com - Update to version 10.2+git20240216.1e15ef4: * Create changes file for reproducible build * Add support for authenticated uefi variables * Allow to dump the pkcs7 signed data as well * Add -N option to add a NULL param to the digest algo definitions * Add -C option to include certificates in the PKCS7 signature * spec.in: fix rpmlint warnings * Thu Jun 22 2023 jlee@suse.com - Modify pesign-obs-integration.changes, add bsc#1211849 to changelog. The supporting of filetriggers and transfiletriggers in pesign-gen-repackage-spec in 10.2+git20230612.4699910 is for bsc#1211849. * Mon Jun 12 2023 jlee@suse.com - Update to version 10.2+git20230612.4699910: * pesign-gen-repackage-spec: support filetriggers and transfiletriggers (bsc#1211849) * Add support for dependency generators * pesign-gen-repackage-spec: fix the filename issue in the scripts of generated ueficert package * Verfiy the signatures before attaching them * Don't copy rpmlintrc to OTHER * Fix %attr issues * Support %lang * Support OrderWithRequires * pesign-repackage.spec.in: Add description for footer_size - Removed the following patches becuase they are merged to 10.2+git20230612.4699910: Patch: order.patch Patch1: attr.patch Patch2: lang.patch Patch3: rpmlintrc.patch Patch4: verify-sig.patch Patch5: dependency-generators.patch - Use README.md instead of README in pesign-obs-integration.spec. * Mon Jan 23 2023 gmbr3@opensuse.org - Add dependency-generators.patch to support copying source files and macros to the re-package build (jsc#PED-2658) * Wed Sep 28 2022 glin@suse.com - Add verify-sig.patch to verify the signatures before attaching them (bsc#1200108, bsc#1203679) * Sat Jul 09 2022 gmbr3@opensuse.org - Update attr.patch to fix ghost symlinks still being affected - Add rpmlintrc.patch to stop copying it to the build output * Wed Jun 22 2022 gmbr3@opensuse.org - Add attr.patch to fix: * Avoid assigning %attr's to symlinks which causes rpmbuild spam * Change perms mask to 07777 to ensure SUID/SGID is copied over - Add lang.patch to support %lang * Wed Jun 15 2022 gmbr3@opensuse.org - Update to version 10.2+git20220504.8690743: * Don't repackage aarch64_ilp32 *-64bit packages * Use pesign for signing on riscv64 * Add padding to grub signature correctly (jsc#SLE-18271 bsc#1192764). * kernel-sign-file: Support appending verbatim PKCS#7 signature. * kernel-sign-file: Move x509 parsing into a function. * Support ppc grub signing (jsc#SLE-18271 bsc#1192764). * Handle packages with epochs as well * Turn off rpm fatal warnings for noarch packages - Upstreamed patches: * 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch * 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch * 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch * 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch - Added patches: * order.patch - support OrderWithRequires * Fri Jan 21 2022 msuchanek@suse.com - Support signing grub on powerpc (jsc#SLE-18271 bsc#1192764). + 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch + 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch + 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch + 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch * Wed Aug 04 2021 lnussel@suse.de - Update to version 10.2+git20210804.ff18da1: * brp-99-pesign: fix that the signature of shim be broken * Fri Jul 30 2021 lnussel@suse.de - Update to version 10.2+git20210730.0cb100c: * Sign kernel also in module dir (boo#1184804) (replaces pesign-kernel-in-lib.diff) - switch package to obs_scm to avoid recompression * Fri Jul 23 2021 dmueller@suse.com - Update to version git master (10.2): * Add support for GZIP and ZSTD module compression (bsc#1188636) * Always pad the EFI image when calculating the hash * Version bump to 10.2 * approach issue#22 false noarch subpackage - drop pesign-obs-integration-bsc1183747-always-pad-efi-images.patch pesign-obs-integration-support-gzip-zstd-compression.patch (merged) * Mon Jun 21 2021 glin@suse.com - Add pesign-obs-integration-support-gzip-zstd-compression.patch to support gzip and zstd module compression * Fri Apr 23 2021 lnussel@suse.de - find kernel also in /lib (boo#1184804, pesign-kernel-in-lib.diff) * Fri Mar 19 2021 glin@suse.com - Add pesign-obs-integration-bsc1183747-always-pad-efi-images.patch to fix the potential hash mismatching (bsc#1183747) * Mon Dec 21 2020 glin@suse.com - Update to version 10.2: * Fix the wrongly created noarch subpackages (issue#22, bsc#1180242) * Wed Oct 21 2020 dmueller@suse.com - Update to version 10.1+1602850462: * Compress kernel modules in batch and in parallel (bsc#1188636) * Forward _binary_payload to the repackaged rpm (bsc#1175882) - remove 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch, parallel-compression.patch (upstream) * Thu Oct 15 2020 dmueller@suse.com - Sync from git master directly - drop 0001-Add-support-for-kernel-module-compression.patch 0001-Enable-find_provides-and-requires.patch 0001-Initialize-compress-variable.patch 0001-Keep-the-files-in-the-OTHER-directory.patch 0001-Passthrough-license-tag.patch 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch pesign-sign-s390x-kernel.patch (upstream) - add parallel-compression.patch * Wed Sep 02 2020 glin@suse.com - Add 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch to forward _binary_payload to the repackaged rpm (bsc#1175882) * Fri Jul 17 2020 glin@suse.com - Add 0001-Enable-find_provides-and-requires.patch (bsc#1114605, bsc#1180279) + Enable this patch again since virtualbox-kmp is split from the main package so the customized %find_provides for virtualbox-x11-guest won't be affected anymore. * Wed Feb 26 2020 meissner@suse.com - pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x) kernels with just kernel-sign-file (bsc#1163524) * Wed Feb 19 2020 meissner@suse.com - 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch Hard code signing of stage3.bin of s390-tools (bsc#1163524) * Wed Nov 06 2019 jslaby@suse.com - 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch to support xz-compressed vmlinux (bnc#1155921) * Wed Nov 06 2019 glin@suse.com - 0001-Keep-the-files-in-the-OTHER-directory.patch to keep the files in the OTHER directory (boo#1155474) * Wed Sep 04 2019 msuchanek@suse.com - Require pesign on arm (boo#1134303). * Thu Aug 01 2019 glin@suse.com - Add 0001-Initialize-compress-variable.patch to initialize $compress in pesign-gen-repackage-spec to avoid warning * Wed May 29 2019 glin@suse.com - Add 0001-Add-support-for-kernel-module-compression.patch to support kernel module compression (bsc#1135854, jsc#SLE-16661) * Fri May 17 2019 guillaume.gardet@opensuse.org - pesign is also available on %arm (boo#1134303). * Tue Apr 16 2019 glin@suse.com - Drop 0002-Enable-find_provides-and-requires.patch due to the build failure of virtualbox-guest-x11 * Thu Apr 11 2019 glin@suse.com - rpm: forward the missing rpm bits (bsc#1114605, bsc#1180279) + 0001-Passthrough-license-tag.patch + 0002-Enable-find_provides-and-requires.patch * Tue Dec 11 2018 glin@suse.com - Version 10.1 - Add modsign-verify for the signature verification (bsc#1118953) * Wed Oct 31 2018 glin@suse.com - rpm: properly forward dep flags (bsc#1114605) - Fix new Lintian Error from Debian 10 * Tue Jun 12 2018 glin@suse.com - debhelper: restrict wildcard package unpacking * Mon Jun 11 2018 glin@suse.com - debhelper: fix conffiles corner case * Fri Jun 08 2018 glin@suse.com - Remove the unstable source url - Update the debian scripts * Mon Jun 04 2018 glin@suse.com - Switch to tarball release * Thu Feb 22 2018 glin@suse.com - Provide password file for 'certutil -A' due to the change in mozilla-nss 3.35 (boo#1082235) * Wed Nov 08 2017 jlee@suse.com - Modified modsign-repackage, using certificate to try to decrypt the signature of kernel module. It can be used to verify the integrity of signature. * Wed Sep 27 2017 jlee@suse.com - Michael Schröder improved the original kernel-sign-file script to support PKCS#7 kernel module signing. Replacing sign-file.c with new kernel-sign-file script. (bsc#1049122) * Sun Sep 24 2017 coolo@suse.com - escape regexp in pesign-gen-repackage-spec for perl 5.26 * Wed Sep 06 2017 jlee@suse.com - To support PKCS#7 kernel module signing, copy sign-file.c from SLE-15 v4.12 kernel source to replace the kernel-sign-file script to align upstream. (bsc#1049122) * Tue Nov 29 2016 mmarek@suse.cz - Copy over any *.log files from the first build (bsc#1012422) * Thu Mar 03 2016 glin@suse.com - Add aarch64 support since pesign also build on aarch64 * Thu Jan 22 2015 mmarek@suse.cz - Add support for file verify flags (bnc#905420). * Thu Jan 22 2015 mmarek@suse.cz - Sort the parts of the repackage spec file for easier debugging. * Tue Sep 16 2014 mls@suse.de - fall back to project cert in the followup spec if it exists * Tue Sep 02 2014 ro@suse.de - sanitize release line in specfile * Wed Aug 20 2014 mmarek@suse.cz - brp-99-compress-vmlinux: Compress the vmlinux image after find-debuginfo (bnc#880848, bnc#884459) * Tue Aug 12 2014 meissner@suse.com - switch gen-hmac to use fipscheck instead of sha256hmac * Mon Aug 04 2014 mmarek@suse.cz - Set BRP_PESIGN_FILES="" in the repackage build to avoid loops. * Wed Jul 30 2014 mmarek@suse.cz - Accept also rpmlintrc files without any <package>- prefix. * Mon Jul 28 2014 mmarek@suse.cz - Use package's rpmlintrc files in the second build. * Thu Jul 03 2014 mmarek@suse.cz - Drop support for signing firmware files (bnc#867199) * Thu Apr 24 2014 mmarek@suse.cz - Fix matching /boot and /lib/firmware in pesign-repackage.spec * Wed Apr 23 2014 mmarek@suse.com - Do not store the buildroot in the .*.hmac file. * Wed Apr 23 2014 mmarek@suse.com - Regenerate the HMAC checksum when signing and EFI binary with a checksum (fate#316930, bnc#856310). * Wed Apr 23 2014 mmarek@suse.com - Update README. * Wed Apr 23 2014 mmarek@suse.cz - Add /usr/lib/rpm/pesign/gen-hmac tool to generate a hmac checksum for a given file (fate#316930, bnc#856310). * Thu Apr 03 2014 ro@suse.de - pesign-gen-repackage-spec: switch to new rpm style handling of weak dependencies * Thu Jan 16 2014 mmarek@suse.cz - Do not sign any files if BRP_PESIGN_FILES is set not an empty string (bnc#857599). * Tue Jan 07 2014 mmarek@suse.cz - Fix a typo in the last change. * Mon Jan 06 2014 mmarek@suse.cz - Default to BRP_PESIGN_FILES="*.ko /lib/firmware" (bnc#857599). * Mon Jan 06 2014 mmarek@suse.cz - Add --signatures=<directory> option to modsign-repackage (bnc#841627). * Fri Jun 14 2013 mmarek@suse.cz - Put debuginfo packages to %_topdir/OTHER (bnc#824971). * Thu Mar 28 2013 mmarek@suse.cz - Version 10 - Add modsign-repackage tool to repackage RPMs outside the buildservice * Tue Mar 26 2013 glin@suse.com - Calculate the digest of the padded data section to be consistent with the output file (bnc#808594, bnc#811325) * Fri Mar 15 2013 coolo@suse.com - correct the license of the generated package to fix build * Tue Mar 05 2013 mmarek@suse.cz - Do not repackage debuginfo package (bnc#806637) * Mon Mar 04 2013 mmarek@suse.cz - Version 9 - Add support for triggers (bnc#806737) * Wed Feb 20 2013 mmarek@suse.cz - Do not fail the build if %_topdir/OTHER cannot be created * Wed Feb 13 2013 mmarek@suse.cz - Version 8 - Hide baselibs from post-build-checks * Wed Feb 13 2013 mmarek@suse.cz - Do not repackage baselibs * Wed Feb 13 2013 mmarek@suse.cz - Version 7 - Fix for scriptlets with empty body * Tue Feb 12 2013 mls@suse.de - reduce debugging as pesign is now fixed * Tue Feb 12 2013 mls@suse.de - add a bit of debug output to find out why the kernel signatures are bad * Wed Feb 06 2013 mls@suse.de - switch to normal brp hook - mv stuff in pesign directory instead of cluttering /usr/lib/rpm * Fri Feb 01 2013 mls@suse.de - fix pesign calls * Fri Feb 01 2013 mmarek@suse.cz - Add some preliminary code to sign EFI binaries, marked with FIXMEs. * Wed Jan 30 2013 mmarek@suse.cz - Version 6 - Fix handling packages with NoSource - Fix for multiple patterns in %sign_files * Tue Jan 29 2013 mmarek@suse.cz - Version 5 - Use newc-style cpio archives, as required by the buildservice. - Use signing certificates provided by the buildservice. - Minor fixes. * Mon Jan 28 2013 mmarek@suse.cz - Version 4 - Support for firmware signatures. - Expect the correct archive with signatures (<name>.cpio.rsasign.sig). - Minor fixes. * Wed Jan 23 2013 mmarek@suse.cz - Version 3 - Switch to storing whole files in the *.cpio.rsasign archive. - Append the signatures to kernel modules. * Fri Jan 18 2013 mmarek@suse.cz - Version 2 - Generates another specfile in pesign-repackage.spec to be able to copy nearly all RPM tags from the original packages. - Changed to only store sha256 hashes in the *.cpio.rsasign file, instead of whole files. * Thu Dec 13 2012 mmarek@suse.com - Created package with macros and scripts to integrate kernel and bootloader signing into OBS (fate#314552).
/usr/bin/modsign-repackage /usr/bin/modsign-verify /usr/lib/rpm/brp-suse.d /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux /usr/lib/rpm/brp-suse.d/brp-99-pesign /usr/lib/rpm/pesign /usr/lib/rpm/pesign/gen-hmac /usr/lib/rpm/pesign/kernel-sign-file /usr/lib/rpm/pesign/pesign-gen-repackage-spec /usr/lib/rpm/pesign/pesign-repackage.spec.in /usr/share/doc/packages/pesign-obs-integration /usr/share/doc/packages/pesign-obs-integration/README.md /usr/share/licenses/pesign-obs-integration /usr/share/licenses/pesign-obs-integration/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Dec 20 23:34:21 2024