teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

Blame 0018-rpmsign-Handle-certpath-for-signing-certificate.patch

45e748
From 5e74846046e06f5a3401c4d2eb4ccfadacd4ab53 Mon Sep 17 00:00:00 2001
45e748
From: Jes Sorensen <jsorensen@fb.com>
45e748
Date: Fri, 3 Apr 2020 16:26:06 -0400
45e748
Subject: [PATCH 18/33] rpmsign: Handle --certpath for signing certificate
45e748
45e748
fsverirty needs a certificate for signing, in addition to the signing key.
45e748
45e748
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45e748
---
45e748
 rpmsign.c | 12 ++++++++++++
45e748
 1 file changed, 12 insertions(+)
45e748
45e748
diff --git a/rpmsign.c b/rpmsign.c
45e748
index 94cbf1d1a..074dd8b13 100644
45e748
--- a/rpmsign.c
45e748
+++ b/rpmsign.c
45e748
@@ -22,6 +22,9 @@ static int mode = MODE_NONE;
45e748
 static int fskpass = 0;
45e748
 static char * fileSigningKey = NULL;
45e748
 #endif
45e748
+#ifdef WITH_FSVERITY
45e748
+static char * fileSigningCert = NULL;
45e748
+#endif
45e748
 
45e748
 static struct rpmSignArgs sargs = {NULL, 0, 0};
45e748
 
45e748
@@ -44,6 +47,9 @@ static struct poptOption signOptsTable[] = {
45e748
     { "signverity", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
45e748
 	&sargs.signflags, RPMSIGN_FLAG_FSVERITY,
45e748
 	N_("generate fsverity signatures for package(s) files"), NULL},
45e748
+    { "certpath", '\0', POPT_ARG_STRING, &fileSigningCert, 0,
45e748
+	N_("use file signing cert <cert>"),
45e748
+	N_("<cert>") },
45e748
 #endif
45e748
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45e748
     { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
45e748
@@ -123,6 +129,12 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45e748
 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
45e748
     }
45e748
 
45e748
+#ifdef WITH_FSVERITY
45e748
+    if (fileSigningCert) {
45e748
+	rpmPushMacro(NULL, "_file_signing_cert", NULL, fileSigningCert, RMIL_GLOBAL);
45e748
+    }
45e748
+#endif
45e748
+
45e748
     if (flags_sign_files(sargs->signflags)) {
45e748
 	char *fileSigningKeyPassword = NULL;
45e748
 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
45e748
-- 
45e748
2.27.0
45e748