diff --git a/.pesign-test-app.metadata b/.pesign-test-app.metadata new file mode 100644 index 0000000..86e00e3 --- /dev/null +++ b/.pesign-test-app.metadata @@ -0,0 +1 @@ +0db174239a2532a9485b6b5623ab3cb2 SOURCES/pesign-test-app-5.tar.bz2 diff --git a/0001-Fix-gnu-efi-include-path.patch b/SOURCES/0001-Fix-gnu-efi-include-path.patch similarity index 100% rename from 0001-Fix-gnu-efi-include-path.patch rename to SOURCES/0001-Fix-gnu-efi-include-path.patch diff --git a/pesign-test-app.spec b/SPECS/pesign-test-app.spec similarity index 83% rename from pesign-test-app.spec rename to SPECS/pesign-test-app.spec index 4cf8b0a..d0d2b1c 100644 --- a/pesign-test-app.spec +++ b/SPECS/pesign-test-app.spec @@ -1,7 +1,7 @@ Summary: Simple pesign test target Name: pesign-test-app Version: 5 -Release: 28%{?dist} +Release: 28%{?dist}.inferit License: GPLv2 URL: https://github.com/vathpela/pesign-test-app BuildRequires: make @@ -19,7 +19,7 @@ ExclusiveArch: x86_64 # debuginfo is useless %global debug_package %{nil} -%global __pesign_client_token "OpenSC Card (Fedora Signer)" +%global __pesign_client_token "NSS Certificate DB" # there is no tarball at github, of course. To get this version do: # git clone https://github.com/vathpela/pesign-test-app.git @@ -41,27 +41,16 @@ deployments of new pesign versions into build infrastructure have succeeded. make LIBDIR=%{_libdir} DATADIR=%{_datadir} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_LDFLAGS" cp %{name}.efi %{name}-unsigned.efi id -ls -ld /var/run/pesign || : -getfacl /var/run/pesign || : -ls -l /var/run/pesign/socket || : -getfacl /var/run/pesign/socket || : -ls -ld /run/pesign || : -getfacl /run/pesign || : -ls -l /run/pesign/socket || : -getfacl /run/pesign/socket || : - -%define pe_signing_cert grub2-signer -if ! true ; then - cp %{name}-unsigned.efi bzImage.signed - %pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501 - %pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301 - mv bzImage.signed %{name}-signed.efi -else - cp %{name}-unsigned.efi %{name}-unsigned.0.efi - %pesign -s -i %{name}-unsigned.0.efi -o %{name}.tmp.efi -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501 - %define pe_signing_cert fwupd-signer - %pesign -s -i %{name}.tmp.efi -o %{name}-signed.efi -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301 -fi +ls -ld /etc/pki/pesign || : +getfacl /etc/pki/pesign || : +ls -l /etc/pki/pesign || : +getfacl /etc/pki/pesign/* || : + +%define pe_signing_cert MSVSphere Secure Boot Signing + +cp %{name}-unsigned.efi %{name}-unsigned.0.efi +%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.efi -a spheresecurebootca.cer -c spheresecureboot001.cer -n spheresecureboot001 + %install rm -rf %{buildroot} @@ -71,15 +60,13 @@ make LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} DATADIR=%{_datadir} \ mv %{name}-signed.efi %{buildroot}/%{_datadir}/%{name}-%{version}/ %check -ls -la /var/run/pesign || : %ifarch %{efi} # for display in the build log for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do pesign -l -i "${x}" # to test the actual output pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$" - pesign -l -i "${x}" | grep -c -q '^The signer.s common name is Fedora Secure Boot Signer$' || - pesign -l -i "${x}" | grep -c -q '^The signer.s common name is fwupd-signer$' + pesign -l -i "${x}" | grep -c -q '^The signer.s common name is MSVSphere Secure Boot Signing$' done %endif @@ -90,6 +77,9 @@ done %{_datadir}/%{name}-%{version}/%{name}-signed*.efi %changelog +* Mon Mar 27 2023 Eugene Zamriy - 5-28.inferit +- Initial adoption for MSVSphere infrastructure + * Wed Feb 01 2023 Robbie Harwood - 5.28 - Rise and sign diff --git a/noautobuild b/noautobuild deleted file mode 100644 index e69de29..0000000 diff --git a/sources b/sources deleted file mode 100644 index 0350981..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -0db174239a2532a9485b6b5623ab3cb2 pesign-test-app-5.tar.bz2