import rpm-4.19.1.1-9.el10

1 week ago · e7d0abc607
parent 006c46cf13
commit e7d0abc607
4 changed files with 42 additions and 100 deletions
--- a/SOURCES/macros.rpmsign-gnupg
+++ b/SOURCES/macros.rpmsign-gnupg
@ -1,22 +0,0 @@
-#==============================================================================
-# ---- GPG signature macros.
-#	The signature to use and the location of configuration files for
-#	signing packages with GNU gpg.
-#
-#%_gpg_name
-#%_gpg_path
-
-%__gpg	/usr/bin/gpg2
-
-#	Macro(s) to hold the arguments passed to GPG/PGP for package
-#	signing.  Expansion result is parsed by popt, so be sure to use
-#	%{shescape} where needed.
-#
-%__gpg_sign_cmd			%{shescape:%{__gpg}} \
-	gpg --no-verbose --no-armor --no-secmem-warning \
-	%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
-	%{?_gpg_sign_cmd_extra_args} \
-	%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
-	-sbo %{shescape:%{?__signature_filename}} \
-	%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-
--- a/SOURCES/macros.rpmsign-sequoia
+++ b/SOURCES/macros.rpmsign-sequoia
@ -0,0 +1,26 @@
+#==============================================================================
+# ---- Sequoia signature macros.
+#	The signature to use and the location of configuration files for
+#	signing packages with Sequoia.
+#
+#	To enable signing with sequoia-sq, just copy this file to /etc/rpm:
+#	cp /usr/share/doc/rpm/macros.rpmsign-sequoia /etc/rpm/
+#
+# Unlike GnuPG, Sequoia doesn't support specifying the signer key by
+# email or name match, you need to supply the hex fingerprint (or keyid)
+#%_gpg_name
+#%_gpg_path
+
+%__gpg	/usr/bin/sq
+
+#	Macro(s) to hold the arguments passed to Sequoia for package
+#	signing.  Expansion result is parsed by popt, so be sure to use
+#	%{shescape} where needed.
+#
+
+%__gpg_sign_cmd %{__gpg} %{__gpg} sign \
+	%{?_gpg_sign_cmd_extra_args} \
+        %{?_gpg_name:--signer-key %{_gpg_name}} \
+        --binary --detached --output %{shescape:%{?__signature_filename}} \
+        %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
+
--- a/SOURCES/rpm-4.19.1.1-nogpg.patch
+++ b/SOURCES/rpm-4.19.1.1-nogpg.patch
@ -1,59 +0,0 @@
-diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in
--- rpm-4.19.1.1/macros.in.nogpg	2024-10-14 10:01:22.265773552 +0300
-+++ rpm-4.19.1.1/macros.in	2024-10-14 10:02:32.245317535 +0300
-@@ -30,7 +30,6 @@
- %__chown		@__CHOWN@
- %__cp			@__CP@
- %__file			@__FILE@
-%__gpg			@__GPG@
- %__grep			@__GREP@
- %__gzip			@__GZIP@
- %__id			@__ID@
-@@ -321,12 +320,6 @@ Supplements:   (%{name} = %{version}-%{r
- #	marked as %doc should be installed.
- #%_excludedocs
- 
-#	The signature to use and the location of configuration files for
-#	signing packages with GNU gpg.
-#
-#%_gpg_name
-#%_gpg_path
-
- #	The port and machine name of an HTTP proxy host (used for FTP/HTTP).
- #
- #%_httpport
-@@ -595,10 +588,10 @@ Supplements:   (%{name} = %{version}-%{r
- %_fileattrsdir		%{_rpmconfigdir}/fileattrs
- 
- # This macro defines how much space (in bytes) in package should be
-# reserved for gpg signatures during building of a package. If this space is
-# big enough for gpg signatures to fit into it then signing of the packages is
-+# reserved for OpenPGP signatures during building of a package. If this space
-+# big enough for the signature to fit into it then signing of the packages is
- # very quick because it is not necessary to rewrite the whole package to make
-# some space for gpg signatures.
-+# some space for the signature.
- %__gpg_reserved_space 4096
- 
- #==============================================================================
-@@ -613,20 +606,6 @@ Supplements:   (%{name} = %{version}-%{r
- %_db_backend	      @DB_BACKEND@
- 
- #==============================================================================
-# ---- GPG/PGP/PGP5 signature macros.
-#	Macro(s) to hold the arguments passed to GPG/PGP for package
-#	signing.  Expansion result is parsed by popt, so be sure to use
-#	%{shescape} where needed.
-#
-%__gpg_sign_cmd			%{shescape:%{__gpg}} \
-	gpg --no-verbose --no-armor --no-secmem-warning \
-	%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
-	%{?_gpg_sign_cmd_extra_args} \
-	%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
-	-sbo %{shescape:%{?__signature_filename}} \
-	%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-
-#==============================================================================
- # ---- Transaction macros.
- #	Macro(s) used to parameterize transactions.
- #
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@ -27,7 +27,7 @@

 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 7
+%global baserelease 9
 %global sover 10

 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -46,7 +46,7 @@ Source10: rpmdb-rebuild.service
 Source20: rpmdb-migrate.service
 Source21: rpmdb_migrate

-Source31: macros.rpmsign-gnupg
+Source30: macros.rpmsign-sequoia

 Requires: coreutils
 Requires: popt%{_isa} >= 1.10.2.1
@ -137,9 +137,6 @@ rpm-4.9.90-no-man-dirs.patch
 rpm-4.18.92-disable-sysusers.patch
 rpm-4.18.90-weak-user-group.patch

-# We supply gpg config separately, remove gpg stuff from main macros
-rpm-4.19.1.1-nogpg.patch
-
 # Patches already upstream:
 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
@ -183,19 +180,13 @@ This package contains the RPM shared libraries for building packages.
 %package sign-libs
 Summary:  Libraries for signing RPM packages
 Requires: rpm-libs%{_isa} = %{version}-%{release}
-Requires(meta): rpm-sign-gnupg
+# in case somebody on the stream had these installed
+Obsoletes: rpm-sign-gnupg < 4.19.1.1-9.el10
+Obsoletes: rpm-sign-sequoia < 4.19.1.1-9.el10

 %description sign-libs
 This package contains the RPM shared libraries for signing packages.

-%package sign-gnupg
-Summary: Support for signing RPM packages using GnuPG
-Requires: gnupg2
-Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
-
-%description sign-gnupg
-This package provides configuration for signing RPM packages using GnuPG.
-
 %package devel
 Summary:  Development files for manipulating RPM packages
 License:  GPL-2.0-or-later OR LGPL-2.1-or-later
@ -440,8 +431,8 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
 # workaround for https://github.com/rpm-software-management/rpm/issues/2811
 rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md

-# Signing macros for GnuPG
-install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
+# Signing macros for Sequoia
+install -m 644 %{SOURCE30} $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/

 %pre
 # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
@ -580,9 +571,6 @@ fi
 %{_libdir}/librpmsign.so.%{sover}
 %{_libdir}/librpmsign.so.%{sover}.*

-%files sign-gnupg
-%{rpmhome}/macros.d/macros.rpmsign-gnupg
-
 %files build
 %{_bindir}/rpmbuild
 %{_bindir}/gendiff
@ -610,6 +598,7 @@ fi
 %files sign
 %{_bindir}/rpmsign
 %{_mandir}/man8/rpmsign.8*
+%doc %{_defaultdocdir}/rpm/macros.rpmsign-sequoia

 %files -n python3-%{name}
 %dir %{python3_sitearch}/rpm
@ -639,6 +628,14 @@ fi
 %doc %{_defaultdocdir}/rpm/API/

 %changelog
+* Wed Dec 04 2024 Panu Matilainen <pmatilai@redhat.com> - 4.19.1.1-9
+- Revert the gnupg/sequoia sub-packages, too much headache
+- Ship sequoia-signing enablement macros as documentation instead
+- Generate binary signatures with Sequoia too
+
+* Tue Nov 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-8
+- Add Sequoia signing support back
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-7
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018