richardphibel / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
Source Code
GIT

Blame 0018-rpmsign-Handle-certpath-for-signing-certificate.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-imaevm-bootstrap c8s-sig-hyperscale c8s-sig-hyperscale-experimental c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-experimental fix-IMA-signature-lengths-assumed-constant fix-for-mix-transactions fix-stackoverflow-in-rpm2extents rpmcow-denylist rpmcow-denylist-c9s
  1.   2f13d767d167f58acb696676681f7eb2675e7b27
  2.   0018-rpmsign-Handle-certpath-for-signing-certificate.patch
Blob History Raw
45e748 
From 5e74846046e06f5a3401c4d2eb4ccfadacd4ab53 Mon Sep 17 00:00:00 2001
45e748 
From: Jes Sorensen <jsorensen@fb.com>
45e748 
Date: Fri, 3 Apr 2020 16:26:06 -0400
45e748 
Subject: [PATCH 18/33] rpmsign: Handle --certpath for signing certificate
45e748
45e748 
fsverirty needs a certificate for signing, in addition to the signing key.
45e748
45e748 
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45e748 
---
45e748 
 rpmsign.c | 12 ++++++++++++
45e748 
 1 file changed, 12 insertions(+)
45e748
45e748 
diff --git a/rpmsign.c b/rpmsign.c
45e748 
index 94cbf1d1a..074dd8b13 100644
45e748 
--- a/rpmsign.c
45e748 
+++ b/rpmsign.c
45e748 
@@ -22,6 +22,9 @@ static int mode = MODE_NONE;
45e748 
 static int fskpass = 0;
45e748 
 static char * fileSigningKey = NULL;
45e748 
 #endif
45e748 
+#ifdef WITH_FSVERITY
45e748 
+static char * fileSigningCert = NULL;
45e748 
+#endif
45e748
45e748 
 static struct rpmSignArgs sargs = {NULL, 0, 0};
45e748
45e748 
@@ -44,6 +47,9 @@ static struct poptOption signOptsTable[] = {
45e748 
     { "signverity", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
45e748 
 	&sargs.signflags, RPMSIGN_FLAG_FSVERITY,
45e748 
 	N_("generate fsverity signatures for package(s) files"), NULL},
45e748 
+    { "certpath", '\0', POPT_ARG_STRING, &fileSigningCert, 0,
45e748 
+	N_("use file signing cert <cert>"),
45e748 
+	N_("<cert>") },
45e748 
 #endif
45e748 
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45e748 
     { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
45e748 
@@ -123,6 +129,12 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45e748 
 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
45e748 
     }
45e748
45e748 
+#ifdef WITH_FSVERITY
45e748 
+    if (fileSigningCert) {
45e748 
+	rpmPushMacro(NULL, "_file_signing_cert", NULL, fileSigningCert, RMIL_GLOBAL);
45e748 
+    }
45e748 
+#endif
45e748 
+
45e748 
     if (flags_sign_files(sargs->signflags)) {
45e748 
 	char *fileSigningKeyPassword = NULL;
45e748 
 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
45e748 
--
45e748 
2.27.0
45e748

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation