Compare commits

...

1 Commits
rawhide ... i9

@ -0,0 +1 @@
0db174239a2532a9485b6b5623ab3cb2 SOURCES/pesign-test-app-5.tar.bz2

@ -1,7 +1,7 @@
Summary: Simple pesign test target Summary: Simple pesign test target
Name: pesign-test-app Name: pesign-test-app
Version: 5 Version: 5
Release: 28%{?dist} Release: 28%{?dist}.inferit
License: GPLv2 License: GPLv2
URL: https://github.com/vathpela/pesign-test-app URL: https://github.com/vathpela/pesign-test-app
BuildRequires: make BuildRequires: make
@ -19,7 +19,7 @@ ExclusiveArch: x86_64
# debuginfo is useless # debuginfo is useless
%global debug_package %{nil} %global debug_package %{nil}
%global __pesign_client_token "OpenSC Card (Fedora Signer)" %global __pesign_client_token "NSS Certificate DB"
# there is no tarball at github, of course. To get this version do: # there is no tarball at github, of course. To get this version do:
# git clone https://github.com/vathpela/pesign-test-app.git # git clone https://github.com/vathpela/pesign-test-app.git
@ -41,27 +41,16 @@ deployments of new pesign versions into build infrastructure have succeeded.
make LIBDIR=%{_libdir} DATADIR=%{_datadir} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_LDFLAGS" make LIBDIR=%{_libdir} DATADIR=%{_datadir} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_LDFLAGS"
cp %{name}.efi %{name}-unsigned.efi cp %{name}.efi %{name}-unsigned.efi
id id
ls -ld /var/run/pesign || : ls -ld /etc/pki/pesign || :
getfacl /var/run/pesign || : getfacl /etc/pki/pesign || :
ls -l /var/run/pesign/socket || : ls -l /etc/pki/pesign || :
getfacl /var/run/pesign/socket || : getfacl /etc/pki/pesign/* || :
ls -ld /run/pesign || :
getfacl /run/pesign || : %define pe_signing_cert MSVSphere Secure Boot Signing
ls -l /run/pesign/socket || :
getfacl /run/pesign/socket || :
%define pe_signing_cert grub2-signer
if ! true ; then
cp %{name}-unsigned.efi bzImage.signed
%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
mv bzImage.signed %{name}-signed.efi
else
cp %{name}-unsigned.efi %{name}-unsigned.0.efi cp %{name}-unsigned.efi %{name}-unsigned.0.efi
%pesign -s -i %{name}-unsigned.0.efi -o %{name}.tmp.efi -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501 %pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.efi -a spheresecurebootca.cer -c spheresecureboot001.cer -n spheresecureboot001
%define pe_signing_cert fwupd-signer
%pesign -s -i %{name}.tmp.efi -o %{name}-signed.efi -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
fi
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
@ -71,15 +60,13 @@ make LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} DATADIR=%{_datadir} \
mv %{name}-signed.efi %{buildroot}/%{_datadir}/%{name}-%{version}/ mv %{name}-signed.efi %{buildroot}/%{_datadir}/%{name}-%{version}/
%check %check
ls -la /var/run/pesign || :
%ifarch %{efi} %ifarch %{efi}
# for display in the build log # for display in the build log
for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do
pesign -l -i "${x}" pesign -l -i "${x}"
# to test the actual output # to test the actual output
pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$" pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$"
pesign -l -i "${x}" | grep -c -q '^The signer.s common name is Fedora Secure Boot Signer$' || pesign -l -i "${x}" | grep -c -q '^The signer.s common name is MSVSphere Secure Boot Signing$'
pesign -l -i "${x}" | grep -c -q '^The signer.s common name is fwupd-signer$'
done done
%endif %endif
@ -90,6 +77,9 @@ done
%{_datadir}/%{name}-%{version}/%{name}-signed*.efi %{_datadir}/%{name}-%{version}/%{name}-signed*.efi
%changelog %changelog
* Mon Mar 27 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 5-28.inferit
- Initial adoption for MSVSphere infrastructure
* Wed Feb 01 2023 Robbie Harwood <rharwood@redhat.com> - 5.28 * Wed Feb 01 2023 Robbie Harwood <rharwood@redhat.com> - 5.28
- Rise and sign - Rise and sign

@ -1 +0,0 @@
0db174239a2532a9485b6b5623ab3cb2 pesign-test-app-5.tar.bz2
Loading…
Cancel
Save