diff --git a/SOURCES/0014-macros.pesign-handle-centos-like-rhel-with-rhelver.patch b/SOURCES/0014-macros.pesign-handle-centos-like-rhel-with-rhelver.patch new file mode 100644 index 0000000..f483ec6 --- /dev/null +++ b/SOURCES/0014-macros.pesign-handle-centos-like-rhel-with-rhelver.patch @@ -0,0 +1,26 @@ +From efb69f149f256631a952e0a0db5b45ed5d391509 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 10 Aug 2021 12:39:08 -0400 +Subject: [PATCH] macros.pesign: handle centos like rhel with --rhelver + +Signed-off-by: Peter Jones +--- + src/macros.pesign | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/macros.pesign b/src/macros.pesign +index 34af57c5b3b..2ca1afb916e 100644 +--- a/src/macros.pesign ++++ b/src/macros.pesign +@@ -35,6 +35,7 @@ + %{?_buildhost:--hostname "%{_buildhost}"} \\\ + %{?vendor:--vendor "%{vendor}"} \\\ +- %{?_rhel:--rhelver "%{_rhel}"} \\\ ++ %{?rhel:--rhelver "%{rhel}"} \\\ ++ %{?centos:--rhelver "%{centos}"} \\\ + %{?-n:--rhelcert %{-n*}}%{?!-n:--rhelcert %{__pesign_cert}} \\\ + %{?-a:--rhelcafile "%{-a*}"} \\\ + %{?-c:--rhelcertfile "%{-c*}"} \\\ +-- +2.31.1 + diff --git a/SOURCES/0015-Detect-the-presence-of-rpm-sign-when-checking-for-rh.patch b/SOURCES/0015-Detect-the-presence-of-rpm-sign-when-checking-for-rh.patch new file mode 100644 index 0000000..7a4fba6 --- /dev/null +++ b/SOURCES/0015-Detect-the-presence-of-rpm-sign-when-checking-for-rh.patch @@ -0,0 +1,27 @@ +From 3956d8a819541578b31c919270e915fbcc791e89 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 1 Oct 2021 17:58:20 -0400 +Subject: [PATCH] Detect the presence of rpm-sign when checking for + "rhel"-ness. + +Signed-off-by: Peter Jones +--- + src/pesign-rpmbuild-helper.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in +index 27b8261bc17..d6ca29683b1 100644 +--- a/src/pesign-rpmbuild-helper.in ++++ b/src/pesign-rpmbuild-helper.in +@@ -187,7 +187,7 @@ main() { + fi + fi + +- if [[ "${rhelver}" -ge 7 ]] ; then ++ if [[ "${rhelver}" -ge 7 ]] && which rpm-sign >&/dev/null ; then + nssdir="$(mktemp -p "${PWD}" -d)" + echo > "${nssdir}/pwfile" + certutil -N -d "${nssdir}" -f "${nssdir}/pwfile" +-- +2.31.1 + diff --git a/SPECS/pesign.spec b/SPECS/pesign.spec index 57a8033..5905a96 100644 --- a/SPECS/pesign.spec +++ b/SPECS/pesign.spec @@ -3,7 +3,7 @@ Name: pesign Summary: Signing utility for UEFI binaries Version: 113 -Release: 17%{?dist} +Release: 21%{?dist} License: GPLv2 URL: https://github.com/vathpela/pesign @@ -56,6 +56,8 @@ Patch0010: 0010-pesign-authorize-don-t-setfacl-etc-pki-pesign-foo.patch Patch0011: 0011-kernel-building-hack.patch Patch0012: 0012-Use-run-not-var-run.patch Patch0013: 0013-Turn-off-free-nonheap-object.patch +Patch0014: 0014-macros.pesign-handle-centos-like-rhel-with-rhelver.patch +Patch0015: 0015-Detect-the-presence-of-rpm-sign-when-checking-for-rh.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -168,6 +170,14 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null %{python3_sitelib}/mockbuild/plugins/pesign.* %changelog +* Tue Dec 14 2021 Robbie Harwood - 113-21 +- Sync with beta changes +- Resolves: rhbz#2030501 + +* Tue Aug 10 2021 Peter Jones - 113-18 +- Detect the CentOS version number correctly in rpm pesign macro + Related: rhbz#1991688 + * Mon Aug 09 2021 Mohan Boddu - 113-17 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688