Initial adoption for MSVSphere infrastructure

5 changed files with 17 additions and 27 deletions
--- a/.pesign-test-app.metadata
+++ b/.pesign-test-app.metadata
@ -0,0 +1 @@
 0db174239a2532a9485b6b5623ab3cb2  SOURCES/pesign-test-app-5.tar.bz2
--- a/SOURCES/0001-Fix-gnu-efi-include-path.patch
+++ b/SOURCES/0001-Fix-gnu-efi-include-path.patch
--- a/SPECS/pesign-test-app.spec
+++ b/SPECS/pesign-test-app.spec
@ -1,7 +1,7 @@
 Summary: Simple pesign test target
 Name: pesign-test-app
 Version: 5
-Release: 28%{?dist}
+Release: 28%{?dist}.inferit
 License: GPLv2
 URL: https://github.com/vathpela/pesign-test-app
 BuildRequires: make
@ -19,7 +19,7 @@ ExclusiveArch: x86_64
 # debuginfo is useless
 %global debug_package %{nil}
-%global __pesign_client_token "OpenSC Card (Fedora Signer)"
+%global __pesign_client_token "NSS Certificate DB"
 # there is no tarball at github, of course.  To get this version do:
 # git clone https://github.com/vathpela/pesign-test-app.git
@ -41,27 +41,16 @@ deployments of new pesign versions into build infrastructure have succeeded.
 make LIBDIR=%{_libdir} DATADIR=%{_datadir} CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_OPT_LDFLAGS"
 cp %{name}.efi %{name}-unsigned.efi
 id
-ls -ld /var/run/pesign || :
+ls -ld /etc/pki/pesign || :
-getfacl /var/run/pesign || :
+getfacl /etc/pki/pesign || :
-ls -l /var/run/pesign/socket || :
+ls -l /etc/pki/pesign || :
-getfacl /var/run/pesign/socket || :
+getfacl /etc/pki/pesign/* || :
-ls -ld /run/pesign || :
+
-getfacl /run/pesign || :
+%define pe_signing_cert MSVSphere Secure Boot Signing
-ls -l /run/pesign/socket || :
+
 getfacl /run/pesign/socket || :
 %define pe_signing_cert grub2-signer
 if ! true ; then
 	cp %{name}-unsigned.efi bzImage.signed
 	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
 	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
 	mv bzImage.signed %{name}-signed.efi
 else
 cp %{name}-unsigned.efi %{name}-unsigned.0.efi
-	%pesign -s -i %{name}-unsigned.0.efi -o %{name}.tmp.efi -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
+%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.efi -a spheresecurebootca.cer -c spheresecureboot001.cer -n spheresecureboot001
-	%define pe_signing_cert fwupd-signer
+
 	%pesign -s -i %{name}.tmp.efi -o %{name}-signed.efi -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
 fi
 %install
 rm -rf %{buildroot}
@ -71,15 +60,13 @@ make LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} DATADIR=%{_datadir} \
 mv %{name}-signed.efi %{buildroot}/%{_datadir}/%{name}-%{version}/
 %check
 ls -la /var/run/pesign || :
 %ifarch %{efi}
 # for display in the build log
 for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do
 	pesign -l -i "${x}"
 	# to test the actual output
 	pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$"
-	pesign -l -i "${x}" | grep -c -q '^The signer.s common name is Fedora Secure Boot Signer$' ||
+	pesign -l -i "${x}" | grep -c -q '^The signer.s common name is MSVSphere Secure Boot Signing$'
 	pesign -l -i "${x}" | grep -c -q '^The signer.s common name is fwupd-signer$'
 done
 %endif
@ -90,6 +77,9 @@ done
 %{_datadir}/%{name}-%{version}/%{name}-signed*.efi
 %changelog
 * Mon Mar 27 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 5-28.inferit
 - Initial adoption for MSVSphere infrastructure
 * Wed Feb 01 2023 Robbie Harwood <rharwood@redhat.com> - 5.28
 - Rise and sign
--- a/0
+++ b/0
--- a/1
+++ b/1
@ -1 +0,0 @@
 0db174239a2532a9485b6b5623ab3cb2  pesign-test-app-5.tar.bz2
		`@ -0,0 +1 @@`
							`0db174239a2532a9485b6b5623ab3cb2 SOURCES/pesign-test-app-5.tar.bz2`
		`@ -1 +0,0 @@`
			`0db174239a2532a9485b6b5623ab3cb2 pesign-test-app-5.tar.bz2`