pesign-test-app/SPECS/pesign-test-app.spec

Summary: Simple pesign test target
Name: pesign-test-app
Version: 5
Release: 28%{?dist}.inferit
License: GPLv2
URL: https://github.com/vathpela/pesign-test-app
BuildRequires: make
BuildRequires: gcc
BuildRequires: acl
BuildRequires: git
BuildRequires: gnu-efi
BuildRequires: gnu-efi-devel
BuildRequires: pesign >= 0.104-1
BuildRequires: efi-srpm-macros
# ExclusiveArch: i686 x86_64 ia64 aarch64
ExclusiveArch: x86_64

# pesign-test-app generates no binaries that run under the installed OS, so
# debuginfo is useless
%global debug_package %{nil}

%global __pesign_client_token "NSS Certificate DB"

# there is no tarball at github, of course.  To get this version do:
# git clone https://github.com/vathpela/pesign-test-app.git
# git checkout %%{version}
Source0: pesign-test-app-%{version}.tar.bz2

Patch0001: 0001-Fix-gnu-efi-include-path.patch

%description
This package contains a very simple UEFI application that effectively does
nothing.  The entire purpose of this is to provide a safe app to be signed,
so that we don't have to build large applications in order to test that
deployments of new pesign versions into build infrastructure have succeeded.

%prep
%autosetup -S git

%build
make LIBDIR=%{_libdir} DATADIR=%{_datadir} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_LDFLAGS"
cp %{name}.efi %{name}-unsigned.efi
id
ls -ld /etc/pki/pesign || :
getfacl /etc/pki/pesign || :
ls -l /etc/pki/pesign || :
getfacl /etc/pki/pesign/* || :

%define pe_signing_cert MSVSphere Secure Boot Signing

cp %{name}-unsigned.efi %{name}-unsigned.0.efi
%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.efi -a spheresecurebootca.cer -c spheresecureboot001.cer -n spheresecureboot001


%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_libdir}
make LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} DATADIR=%{_datadir} \
	install
mv %{name}-signed.efi %{buildroot}/%{_datadir}/%{name}-%{version}/

%check
%ifarch %{efi}
# for display in the build log
for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do
	pesign -l -i "${x}"
	# to test the actual output
	pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$"
	pesign -l -i "${x}" | grep -c -q '^The signer.s common name is MSVSphere Secure Boot Signing$'
done
%endif

%files
%doc README COPYING
%dir %{_datadir}/%{name}-%{version}
%{_datadir}/%{name}-%{version}/%{name}.efi
%{_datadir}/%{name}-%{version}/%{name}-signed*.efi

%changelog
* Mon Mar 27 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 5-28.inferit
- Initial adoption for MSVSphere infrastructure

* Wed Feb 01 2023 Robbie Harwood <rharwood@redhat.com> - 5.28
- Rise and sign

* Tue Jul 12 2022 Robbie Harwood <rharwood@redhat.com> - 5.27
- Test test app itself

* Tue Dec 08 2020 Peter Jones <pjones@redhat.com> - 5-26
- Test bkernel02

* Thu Jul 16 2020 Peter Jones <pjones@redhat.com> - 5-25
- Test pesign-113-10.fc33

* Thu Jul 16 2020 Peter Jones <pjones@redhat.com> - 5-24
- Try naming the cert differently

* Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-23
- Test builders again again

* Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-22
- Test builders again again

* Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-21
- Test builders again again

* Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-20
- Test builders again

* Tue Jul 07 2020 Peter Jones <pjones@redhat.com> - 5-19
- Make sure this still works with pesign-113-8~1.fc33

* Mon Jul 06 2020 Peter Jones <pjones@redhat.com> - 5-14
- Build again

* Thu Jun 11 2020 Peter Jones <pjones@redhat.com> - 5-13
- Rebuild to test pesign-113-2.fc33 client

* Tue Nov 12 2019 Peter Jones <pjones@redhat.com> - 5-12
- Fix gnu-efi include paths.
  Resolves: rhbz#1736420

* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Tue Aug 15 2017 Peter Jones <pjones@redhat.com> - 5-7
- Trying an f27 build with pesign-0.112-20 on the host and in the chroot.

* Tue Aug 15 2017 Peter Jones <pjones@redhat.com> - 5-6
- Try an f27 build...

* Mon Aug 14 2017 Peter Jones <pjones@redhat.com> - 5-5
- Try this again.

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Wed Aug 17 2016 Peter Jones <pjones@redhat.com> - 5-1
- Update to pesign-test-app-5, which adds Aarch64 support.

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Tue Feb 17 2015 Peter Jones <pjones@redhat.com> - 0.4-14
- Right hand.

* Tue Feb 17 2015 Peter Jones <pjones@redhat.com> - 0.4-13
- Left hand.

* Mon Nov 10 2014 Peter Jones <pjones@redhat.com> - 0.4-12
- And the other shoe drops.

* Mon Nov 10 2014 Peter Jones <pjones@redhat.com> - 0.4-11
- I bet you don't know why this is getting built now.

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Wed Aug 28 2013 Peter Jones <pjones@redhat.com> - 0.4-4
- Rebuilding to make sure bkernel01 is working right

* Wed May 22 2013 Peter Jones <pjones@redhat.com> - 0.4-2
- Add %%check

* Tue May 21 2013 Peter Jones <pjones@redhat.com> - 0.4-1
- Make it build on i686.

* Tue May 21 2013 Peter Jones <pjones@redhat.com> - 0.3-1
- First attempt.