packages/openEuler-rpm-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ima: keep the process of OBS signing same as previous version

Browse Source 
(cherry picked from commit 9e4c57f0338de224025346b7e56d19401701a268)
This commit is contained in:
Huaxin Lu 2024-12-19 10:33:50 +08:00 committed by openeuler-sync-bot
parent 97c590a31c
commit 3bcf5abe5e
2 changed files with 24 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
Feature-support-EBS-sign-for-IMA-digest-list.patch
View File

@ -1,22 +1,21 @@
From 0449160c84daff8c557dee47a970e4f4837ff81d Mon Sep 17 00:00:00 2001 From 3c5bb3890756f2e0504e7f8f3f965025f49694b0 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com> From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Mon, 12 Dec 2022 00:16:01 +0800 Date: Mon, 12 Dec 2022 00:16:01 +0800
Subject: [PATCH] support EBS sign for IMA digest list Subject: [PATCH] support EBS sign for IMA digest list
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com> Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com> Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
--- ---
brp-digest-list | 46 +++++----- brp-digest-list | 20 +++-
brp-ebs-sign | 238 ++++++++++++++++++++++++++++++++++++++++++++++++ brp-ebs-sign | 238 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 262 insertions(+), 22 deletions(-) 2 files changed, 254 insertions(+), 4 deletions(-)
create mode 100644 brp-ebs-sign create mode 100644 brp-ebs-sign
diff --git a/brp-digest-list b/brp-digest-list diff --git a/brp-digest-list b/brp-digest-list
index e698b7a..d1e2600 100644 index 6c8a94d..645f5e4 100644
--- a/brp-digest-list --- a/brp-digest-list
+++ b/brp-digest-list +++ b/brp-digest-list
@@ -26,7 +26,6 @@ fi @@ -25,7 +25,6 @@ fi
DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists
mkdir -p $DIGEST_LIST_DIR mkdir -p $DIGEST_LIST_DIR
mkdir -p $DIGEST_LIST_DIR.tlv mkdir -p $DIGEST_LIST_DIR.tlv
@ -24,27 +23,10 @@ index e698b7a..d1e2600 100644
# Generate digest list for the kernel # Generate digest list for the kernel
gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \ gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
@@ -70,28 +69,31 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam @@ -69,13 +68,26 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
chmod 644 $DIGEST_LIST_TLV_PATH chmod 644 $DIGEST_LIST_TLV_PATH
echo $DIGEST_LIST_TLV_PATH echo $DIGEST_LIST_TLV_PATH
-if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
- ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
- # Generate digest list for the user space parsers
- LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
- $RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
- -d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
- -i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
-
- f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
- [ -f $f ] || exit 0
-
- chmod 644 $f
- echo $f
+#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
+# ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
+# Generate digest list for the user space parsers
+
+# do EBS sign +# do EBS sign
+export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}') +export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
+export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}') +export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
@ -56,30 +38,24 @@ index e698b7a..d1e2600 100644
+ mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH + mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
+ exit 0 + exit 0
+fi +fi
+
- [ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
+# do OBS sign +# do OBS sign
+[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0 if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
# Generate digest list for the user space parsers
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
- $RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
- -d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
- -i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
+ $RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
+ -d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
+ -i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
- export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*" f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
- export RPM_BUILD_ROOT [ -f $f ] || exit 0
- export RPM_PACKAGE_NAME="digest-list-tools"
- export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
+export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
+export RPM_BUILD_ROOT
+export RPM_PACKAGE_NAME="digest-list-tools"
+export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
- if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
- /usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
- fi
+if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
+ /usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
fi
+#fi
diff --git a/brp-ebs-sign b/brp-ebs-sign diff --git a/brp-ebs-sign b/brp-ebs-sign
new file mode 100644 new file mode 100644
index 0000000..a7a83e5 index 0000000..885d7aa
--- /dev/null --- /dev/null
+++ b/brp-ebs-sign +++ b/brp-ebs-sign
@@ -0,0 +1,238 @@ @@ -0,0 +1,238 @@

5
openEuler-rpm-config.spec
View File

@ -3,7 +3,7 @@
Name: %{vendor}-rpm-config Name: %{vendor}-rpm-config
Version: 30 Version: 30
Release: 57 Release: 58
License: GPL+ License: GPL+
Summary: specific rpm configuration files Summary: specific rpm configuration files
URL: https://gitee.com/openeuler/openEuler-rpm-config URL: https://gitee.com/openeuler/openEuler-rpm-config
@ -150,6 +150,9 @@ sed -i "s/__vendor/%{vendor}/g" `grep "__vendor" -rl %{buildroot}%{_rpmconfigdir
%{rpmvdir}/find-requires.ksyms %{rpmvdir}/find-requires.ksyms
%changelog %changelog
* Thu Dec 19 2024 luhuaxin <luhuaxin1@huawei.com> - 30-58
- ima: keep the process of OBS signing same as previous version
* Tue Aug 6 2024 liyunfei <liyunfei33@huawei.com> - 30-57 * Tue Aug 6 2024 liyunfei <liyunfei33@huawei.com> - 30-57
- Fix for "%undefine _auto_set_build_XX" usage - Fix for "%undefine _auto_set_build_XX" usage