Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pesign-obs-integration-10.2+git20240723.d344d91-slfo.1.1.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: pesign-obs-integration Distribution: SUSE Linux Framework One
Version: 10.2+git20240723.d344d91 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.1 Build date: Wed Aug 21 17:38:43 2024
Group: Development/Tools/Other Build host: h04-ch1b
Size: 93894 Source RPM: pesign-obs-integration-10.2+git20240723.d344d91-slfo.1.1.1.src.rpm
Packager: https://www.suse.com/
Url: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools
Summary: Macros and scripts to sign the kernel and bootloader
This package provides scripts and rpm macros to automate signing of the
boot loader, kernel and kernel modules in the openSUSE Buildservice.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Tue Jul 23 2024 jlee@suse.com
  - Update to version 10.2+git20240723.d344d91:
    * Quote % signs in scripts
    * Export also a VCS tag
    * specfile: Change license to OR-LATER
    * specfile: Update rpm constructs
    * spec.in: Add changelog tag
    * spec.in: Don't copy changes to OTHER
    * spec.in: Use SPDX license
* Fri Feb 16 2024 jlee@suse.com
  - Update to version 10.2+git20240216.1e15ef4:
    * Create changes file for reproducible build
    * Add support for authenticated uefi variables
    * Allow to dump the pkcs7 signed data as well
    * Add -N option to add a NULL param to the digest algo definitions
    * Add -C option to include certificates in the PKCS7 signature
    * spec.in: fix rpmlint warnings
* Thu Jun 22 2023 jlee@suse.com
  - Modify pesign-obs-integration.changes, add bsc#1211849 to changelog.
    The supporting of filetriggers and transfiletriggers in
    pesign-gen-repackage-spec in 10.2+git20230612.4699910 is for
    bsc#1211849.
* Mon Jun 12 2023 jlee@suse.com
  - Update to version 10.2+git20230612.4699910:
    * pesign-gen-repackage-spec: support filetriggers and transfiletriggers (bsc#1211849)
    * Add support for dependency generators
    * pesign-gen-repackage-spec: fix the filename issue in the scripts of generated ueficert package
    * Verfiy the signatures before attaching them
    * Don't copy rpmlintrc to OTHER
    * Fix %attr issues
    * Support %lang
    * Support OrderWithRequires
    * pesign-repackage.spec.in: Add description for footer_size
  - Removed the following patches becuase they are merged to
    10.2+git20230612.4699910:
      Patch:          order.patch
      Patch1:         attr.patch
      Patch2:         lang.patch
      Patch3:         rpmlintrc.patch
      Patch4:         verify-sig.patch
      Patch5:         dependency-generators.patch
  - Use README.md instead of README in pesign-obs-integration.spec.
* Mon Jan 23 2023 gmbr3@opensuse.org
  - Add dependency-generators.patch to support copying source files
    and macros to the re-package build (jsc#PED-2658)
* Wed Sep 28 2022 glin@suse.com
  - Add verify-sig.patch to verify the signatures before attaching
    them (bsc#1200108, bsc#1203679)
* Sat Jul 09 2022 gmbr3@opensuse.org
  - Update attr.patch to fix ghost symlinks still being affected
  - Add rpmlintrc.patch to stop copying it to the build output
* Wed Jun 22 2022 gmbr3@opensuse.org
  - Add attr.patch to fix:
    * Avoid assigning %attr's to symlinks which causes rpmbuild spam
    * Change perms mask to 07777 to ensure SUID/SGID is copied over
  - Add lang.patch to support %lang
* Wed Jun 15 2022 gmbr3@opensuse.org
  - Update to version 10.2+git20220504.8690743:
    * Don't repackage aarch64_ilp32 *-64bit packages
    * Use pesign for signing on riscv64
    * Add padding to grub signature correctly (jsc#SLE-18271 bsc#1192764).
    * kernel-sign-file: Support appending verbatim PKCS#7 signature.
    * kernel-sign-file: Move x509 parsing into a function.
    * Support ppc grub signing (jsc#SLE-18271 bsc#1192764).
    * Handle packages with epochs as well
    * Turn off rpm fatal warnings for noarch packages
  - Upstreamed patches:
    * 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch
    * 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch
    * 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch
    * 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch
  - Added patches:
    * order.patch - support OrderWithRequires
* Fri Jan 21 2022 msuchanek@suse.com
  - Support signing grub on powerpc (jsc#SLE-18271 bsc#1192764).
    + 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch
    + 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch
    + 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch
    + 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch
* Wed Aug 04 2021 lnussel@suse.de
  - Update to version 10.2+git20210804.ff18da1:
    * brp-99-pesign: fix that the signature of shim be broken
* Fri Jul 30 2021 lnussel@suse.de
  - Update to version 10.2+git20210730.0cb100c:
    * Sign kernel also in module dir (boo#1184804)
      (replaces pesign-kernel-in-lib.diff)
  - switch package to obs_scm to avoid recompression
* Fri Jul 23 2021 dmueller@suse.com
  - Update to version git master (10.2):
    * Add support for GZIP and ZSTD module compression (bsc#1188636)
    * Always pad the EFI image when calculating the hash
    * Version bump to 10.2
    * approach issue#22 false noarch subpackage
  - drop pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
    pesign-obs-integration-support-gzip-zstd-compression.patch (merged)
* Mon Jun 21 2021 glin@suse.com
  - Add pesign-obs-integration-support-gzip-zstd-compression.patch
    to support gzip and zstd module compression
* Fri Apr 23 2021 lnussel@suse.de
  - find kernel also in /lib (boo#1184804, pesign-kernel-in-lib.diff)
* Fri Mar 19 2021 glin@suse.com
  - Add pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
    to fix the potential hash mismatching (bsc#1183747)
* Mon Dec 21 2020 glin@suse.com
  - Update to version 10.2:
    * Fix the wrongly created noarch subpackages
      (issue#22, bsc#1180242)
* Wed Oct 21 2020 dmueller@suse.com
  - Update to version 10.1+1602850462:
    * Compress kernel modules in batch and in parallel (bsc#1188636)
    * Forward _binary_payload to the repackaged rpm (bsc#1175882)
  - remove 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch,
    parallel-compression.patch (upstream)
* Thu Oct 15 2020 dmueller@suse.com
  - Sync from git master directly
  - drop 0001-Add-support-for-kernel-module-compression.patch
    0001-Enable-find_provides-and-requires.patch
    0001-Initialize-compress-variable.patch
    0001-Keep-the-files-in-the-OTHER-directory.patch
    0001-Passthrough-license-tag.patch
    0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
    0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
    pesign-sign-s390x-kernel.patch (upstream)
  - add parallel-compression.patch
* Wed Sep 02 2020 glin@suse.com
  - Add 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch to
    forward _binary_payload to the repackaged rpm (bsc#1175882)
* Fri Jul 17 2020 glin@suse.com
  - Add 0001-Enable-find_provides-and-requires.patch
    (bsc#1114605, bsc#1180279)
    + Enable this patch again since virtualbox-kmp is split from
      the main package so the customized %find_provides for
      virtualbox-x11-guest won't be affected anymore.
* Wed Feb 26 2020 meissner@suse.com
  - pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x)
    kernels with just kernel-sign-file (bsc#1163524)
* Wed Feb 19 2020 meissner@suse.com
  - 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
    Hard code signing of stage3.bin of s390-tools (bsc#1163524)
* Wed Nov 06 2019 jslaby@suse.com
  - 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
    to support xz-compressed vmlinux (bnc#1155921)
* Wed Nov 06 2019 glin@suse.com
  - 0001-Keep-the-files-in-the-OTHER-directory.patch to keep the
    files in the OTHER directory (boo#1155474)
* Wed Sep 04 2019 msuchanek@suse.com
  - Require pesign on arm (boo#1134303).
* Thu Aug 01 2019 glin@suse.com
  - Add 0001-Initialize-compress-variable.patch to initialize
    $compress in pesign-gen-repackage-spec to avoid warning
* Wed May 29 2019 glin@suse.com
  - Add 0001-Add-support-for-kernel-module-compression.patch to
    support kernel module compression (bsc#1135854, jsc#SLE-16661)
* Fri May 17 2019 guillaume.gardet@opensuse.org
  - pesign is also available on %arm (boo#1134303).
* Tue Apr 16 2019 glin@suse.com
  - Drop 0002-Enable-find_provides-and-requires.patch due to the
    build failure of virtualbox-guest-x11
* Thu Apr 11 2019 glin@suse.com
  - rpm: forward the missing rpm bits (bsc#1114605, bsc#1180279)
    + 0001-Passthrough-license-tag.patch
    + 0002-Enable-find_provides-and-requires.patch
* Tue Dec 11 2018 glin@suse.com
  - Version 10.1
  - Add modsign-verify for the signature verification (bsc#1118953)
* Wed Oct 31 2018 glin@suse.com
  - rpm: properly forward dep flags (bsc#1114605)
  - Fix new Lintian Error from Debian 10
* Tue Jun 12 2018 glin@suse.com
  - debhelper: restrict wildcard package unpacking
* Mon Jun 11 2018 glin@suse.com
  - debhelper: fix conffiles corner case
* Fri Jun 08 2018 glin@suse.com
  - Remove the unstable source url
  - Update the debian scripts
* Mon Jun 04 2018 glin@suse.com
  - Switch to tarball release
* Thu Feb 22 2018 glin@suse.com
  - Provide password file for 'certutil -A' due to the change in
    mozilla-nss 3.35 (boo#1082235)
* Wed Nov 08 2017 jlee@suse.com
  - Modified modsign-repackage, using certificate to try to decrypt
    the signature of kernel module. It can be used to verify the
    integrity of signature.
* Wed Sep 27 2017 jlee@suse.com
  - Michael Schröder improved the original kernel-sign-file script to
    support PKCS#7 kernel module signing. Replacing sign-file.c with
    new kernel-sign-file script. (bsc#1049122)
* Sun Sep 24 2017 coolo@suse.com
  - escape regexp in pesign-gen-repackage-spec for perl 5.26
* Wed Sep 06 2017 jlee@suse.com
  - To support PKCS#7 kernel module signing, copy sign-file.c from
    SLE-15 v4.12 kernel source to replace the kernel-sign-file script
    to align upstream. (bsc#1049122)
* Tue Nov 29 2016 mmarek@suse.cz
  - Copy over any *.log files from the first build (bsc#1012422)
* Thu Mar 03 2016 glin@suse.com
  - Add aarch64 support since pesign also build on aarch64
* Thu Jan 22 2015 mmarek@suse.cz
  - Add support for file verify flags (bnc#905420).
* Thu Jan 22 2015 mmarek@suse.cz
  - Sort the parts of the repackage spec file for easier debugging.
* Tue Sep 16 2014 mls@suse.de
  - fall back to project cert in the followup spec if it
    exists
* Tue Sep 02 2014 ro@suse.de
  - sanitize release line in specfile
* Wed Aug 20 2014 mmarek@suse.cz
  - brp-99-compress-vmlinux: Compress the vmlinux image after
    find-debuginfo (bnc#880848, bnc#884459)
* Tue Aug 12 2014 meissner@suse.com
  - switch gen-hmac to use fipscheck instead of sha256hmac
* Mon Aug 04 2014 mmarek@suse.cz
  - Set BRP_PESIGN_FILES="" in the repackage build to avoid loops.
* Wed Jul 30 2014 mmarek@suse.cz
  - Accept also rpmlintrc files without any <package>- prefix.
* Mon Jul 28 2014 mmarek@suse.cz
  - Use package's rpmlintrc files in the second build.
* Thu Jul 03 2014 mmarek@suse.cz
  - Drop support for signing firmware files (bnc#867199)
* Thu Apr 24 2014 mmarek@suse.cz
  - Fix matching /boot and /lib/firmware in pesign-repackage.spec
* Wed Apr 23 2014 mmarek@suse.com
  - Do not store the buildroot in the .*.hmac file.
* Wed Apr 23 2014 mmarek@suse.com
  - Regenerate the HMAC checksum when signing and EFI binary with
    a checksum (fate#316930, bnc#856310).
* Wed Apr 23 2014 mmarek@suse.com
  - Update README.
* Wed Apr 23 2014 mmarek@suse.cz
  - Add /usr/lib/rpm/pesign/gen-hmac tool to generate a hmac checksum
    for a given file (fate#316930, bnc#856310).
* Thu Apr 03 2014 ro@suse.de
  - pesign-gen-repackage-spec: switch to new rpm style handling
    of weak dependencies
* Thu Jan 16 2014 mmarek@suse.cz
  - Do not sign any files if BRP_PESIGN_FILES is set not an empty
    string (bnc#857599).
* Tue Jan 07 2014 mmarek@suse.cz
  - Fix a typo in the last change.
* Mon Jan 06 2014 mmarek@suse.cz
  - Default to BRP_PESIGN_FILES="*.ko /lib/firmware" (bnc#857599).
* Mon Jan 06 2014 mmarek@suse.cz
  - Add --signatures=<directory> option to modsign-repackage
    (bnc#841627).
* Fri Jun 14 2013 mmarek@suse.cz
  - Put debuginfo packages to %_topdir/OTHER (bnc#824971).
* Thu Mar 28 2013 mmarek@suse.cz
  - Version 10
  - Add modsign-repackage tool to repackage RPMs outside the buildservice
* Tue Mar 26 2013 glin@suse.com
  - Calculate the digest of the padded data section to be consistent
    with the output file (bnc#808594, bnc#811325)
* Fri Mar 15 2013 coolo@suse.com
  - correct the license of the generated package to fix build
* Tue Mar 05 2013 mmarek@suse.cz
  - Do not repackage debuginfo package (bnc#806637)
* Mon Mar 04 2013 mmarek@suse.cz
  - Version 9
  - Add support for triggers (bnc#806737)
* Wed Feb 20 2013 mmarek@suse.cz
  - Do not fail the build if %_topdir/OTHER cannot be created
* Wed Feb 13 2013 mmarek@suse.cz
  - Version 8
  - Hide baselibs from post-build-checks
* Wed Feb 13 2013 mmarek@suse.cz
  - Do not repackage baselibs
* Wed Feb 13 2013 mmarek@suse.cz
  - Version 7
  - Fix for scriptlets with empty body
* Tue Feb 12 2013 mls@suse.de
  - reduce debugging as pesign is now fixed
* Tue Feb 12 2013 mls@suse.de
  - add a bit of debug output to find out why the kernel signatures
    are bad
* Wed Feb 06 2013 mls@suse.de
  - switch to normal brp hook
  - mv stuff in pesign directory instead of cluttering /usr/lib/rpm
* Fri Feb 01 2013 mls@suse.de
  - fix pesign calls
* Fri Feb 01 2013 mmarek@suse.cz
  - Add some preliminary code to sign EFI binaries, marked with
    FIXMEs.
* Wed Jan 30 2013 mmarek@suse.cz
  - Version 6
  - Fix handling packages with NoSource
  - Fix for multiple patterns in %sign_files
* Tue Jan 29 2013 mmarek@suse.cz
  - Version 5
  - Use newc-style cpio archives, as required by the buildservice.
  - Use signing certificates provided by the buildservice.
  - Minor fixes.
* Mon Jan 28 2013 mmarek@suse.cz
  - Version 4
  - Support for firmware signatures.
  - Expect the correct archive with signatures (<name>.cpio.rsasign.sig).
  - Minor fixes.
* Wed Jan 23 2013 mmarek@suse.cz
  - Version 3
  - Switch to storing whole files in the *.cpio.rsasign archive.
  - Append the signatures to kernel modules.
* Fri Jan 18 2013 mmarek@suse.cz
  - Version 2
  - Generates another specfile in pesign-repackage.spec to
    be able to copy nearly all RPM tags from the original packages.
  - Changed to only store sha256 hashes in the *.cpio.rsasign file,
    instead of whole files.
* Thu Dec 13 2012 mmarek@suse.com
  - Created package with macros and scripts to integrate kernel and
    bootloader signing into OBS (fate#314552).

Files

/usr/bin/modsign-repackage
/usr/bin/modsign-verify
/usr/lib/rpm/brp-suse.d
/usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux
/usr/lib/rpm/brp-suse.d/brp-99-pesign
/usr/lib/rpm/pesign
/usr/lib/rpm/pesign/gen-hmac
/usr/lib/rpm/pesign/kernel-sign-file
/usr/lib/rpm/pesign/pesign-gen-repackage-spec
/usr/lib/rpm/pesign/pesign-repackage.spec.in
/usr/share/doc/packages/pesign-obs-integration
/usr/share/doc/packages/pesign-obs-integration/README.md
/usr/share/licenses/pesign-obs-integration
/usr/share/licenses/pesign-obs-integration/COPYING


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 20 23:34:21 2024