6 changed files with 93 additions and 88 deletions
--- a/Add-support-for-selecting-clang-as-a-toolchain.patch
+++ b/Add-support-for-selecting-clang-as-a-toolchain.patch
@ -96,7 +96,7 @@ index 5fdaf0a..0062126 100755
 %_hardened_build	1
 %_hardened_cflags	%{?_hardened_build:%{_hardening_cflags}}
@@ -195,7 +243,11 @@
- #%_ld_as_needed		1
+ # use "%define _ld_as_needed 1" to enable.
 %_ld_as_needed_flags	%{?_ld_as_needed:-Wl,--as-needed}
 
 -%__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} 
--- a/Call-set_build_flags-cc-before-build-check-and-insta.patch
+++ b/Call-set_build_flags-cc-before-build-check-and-insta.patch
@ -26,11 +26,11 @@ index 0062126..8c16706 100755
 +%_auto_set_build_flags 0
 +
 +%__spec_build_pre %{___build_pre} \
-+  %[0%{?_auto_set_build_cc} ? "%{set_build_cc}" : ""] \
-+  %[0%{?_auto_set_build_flags} ? "%{set_build_flags}" : ""]
+  %[%{_auto_set_build_cc} ? "%{set_build_cc}" : ""] \
+  %[%{_auto_set_build_flags} ? "%{set_build_flags}" : ""]
 +%__spec_check_pre %{___build_pre} \
-+  %[0%{?_auto_set_build_cc} ? "%{set_build_cc}" : ""] \
-+  %[0%{?_auto_set_build_flags} ? "%{set_build_flags}" : ""]
+  %[%{_auto_set_build_cc} ? "%{set_build_cc}" : ""] \
+  %[%{_auto_set_build_flags} ? "%{set_build_flags}" : ""]
 +
 #For backwards compatibility only.
 %__global_cflags %{build_cflags}
@ -39,8 +39,8 @@ index 0062126..8c16706 100755
     [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}"\
     mkdir -p `dirname "$RPM_BUILD_ROOT"`\
     mkdir "$RPM_BUILD_ROOT"\
-+    %[0%{?_auto_set_build_cc} ? "%{set_build_cc}" : ""]\
-+    %[0%{?_auto_set_build_flags} ? "%{set_build_flags}" : ""]\
+    %[%{_auto_set_build_cc} ? "%{set_build_cc}" : ""]\
+    %[%{_auto_set_build_flags} ? "%{set_build_flags}" : ""]\
 %{nil}
 
 # ---- Expanded at end of %install scriptlet.
--- a/Delete-the-commented-code.patch
+++ b/Delete-the-commented-code.patch
@ -5,7 +5,8 @@ Subject: [PATCH] Delete the commented code

 ---
 brp-digest-list | 1 -
- 1 file changed, 1 deletion(-)
+ macros          | 7 -------
+ 2 files changed, 8 deletions(-)

 diff --git a/brp-digest-list b/brp-digest-list
 index 77248c9..7de42b7 100644
@ -19,6 +20,43 @@ index 77248c9..7de42b7 100644
 TMPDIR="/tmp"
 BIN_PKG_FILES=${TMPDIR}/${3%%.rpm}
 cat - > $BIN_PKG_FILES
+diff --git a/macros b/macros
+index 52df0f6..bf672e2 100644
+--- a/macros
+++ b/macros
+@@ -16,10 +16,8 @@
+ %_fmoddir		%{_libdir}/gfortran/modules
+ 
+ %_enable_debug_packages 1
+-#%_include_minidebuginfo 1
+ %_include_gdb_index     1
+ %_debugsource_packages  1
+-#%_debuginfo_subpackages 1
+ 
+ %_build_id_links none
+ 
+@@ -188,11 +186,9 @@
+ # Fail linking if there are undefined symbols.  Required for proper
+ # ELF symbol versioning support.  Disabled by default.
+ # Use "%define _ld_strict_symbol_defs 1" to enable.
+-#%_ld_strict_symbol_defs		1
+ %_ld_symbols_flags		%{?_ld_strict_symbol_defs:-Wl,-z,defs}
+ 
+ # use "%define _ld_as_needed 1" to enable.
+-#%_ld_as_needed		1
+ %_ld_as_needed_flags	%{?_ld_as_needed:-Wl,--as-needed}
+ 
+ %__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} 
+@@ -304,9 +300,6 @@ Requires:       man info \
+ %description help \
+ Man pages and other related documents for %{name}.
+ 
+-#%sbin_installinfo_rm bc.info
+-#%sbin_installinfo_rm bc.info.gz
+-
+ %install_info() \
+ /sbin/install-info %1 %{_infodir}/dir || :
+ 
 -- 
 2.33.0

--- a/Feature-support-EBS-sign-for-IMA-digest-list.patch
+++ b/Feature-support-EBS-sign-for-IMA-digest-list.patch
@ -1,21 +1,22 @@
-From 3c5bb3890756f2e0504e7f8f3f965025f49694b0 Mon Sep 17 00:00:00 2001
+From 0449160c84daff8c557dee47a970e4f4837ff81d Mon Sep 17 00:00:00 2001
 From: Huaxin Lu <luhuaxin1@huawei.com>
 Date: Mon, 12 Dec 2022 00:16:01 +0800
 Subject: [PATCH] support EBS sign for IMA digest list

 Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
 Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
+
 ---
- brp-digest-list |  20 +++-
+ brp-digest-list |  46 +++++-----
 brp-ebs-sign    | 238 ++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 254 insertions(+), 4 deletions(-)
+ 2 files changed, 262 insertions(+), 22 deletions(-)
 create mode 100644 brp-ebs-sign

 diff --git a/brp-digest-list b/brp-digest-list
-index 6c8a94d..645f5e4 100644
+index e698b7a..d1e2600 100644
 --- a/brp-digest-list
 +++ b/brp-digest-list
-@@ -25,7 +25,6 @@ fi
+@@ -26,7 +26,6 @@ fi
 DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists
 mkdir -p $DIGEST_LIST_DIR
 mkdir -p $DIGEST_LIST_DIR.tlv
@ -23,10 +24,27 @@ index 6c8a94d..645f5e4 100644
 
 # Generate digest list for the kernel
 gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
-@@ -69,13 +68,26 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
+@@ -70,28 +69,31 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
 chmod 644 $DIGEST_LIST_TLV_PATH
 echo $DIGEST_LIST_TLV_PATH
 
+-if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
+-      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
+-	# Generate digest list for the user space parsers
+-	LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
+-		$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
+-		-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
+-		-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
+-
+-	f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
+-	[ -f $f ] || exit 0
+-
+-	chmod 644 $f
+-	echo $f
+#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
+#      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
+# Generate digest list for the user space parsers
+
 +# do EBS sign
 +export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
 +export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
@ -38,24 +56,30 @@ index 6c8a94d..645f5e4 100644
 +	mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
 +	exit 0
 +fi
-+
-+# do OBS sign
- if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
-       ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
- 	# Generate digest list for the user space parsers
- 	LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
-		$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
-		-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
-		-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
-+	$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
-+	-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
-+	-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
 
- 	f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
- 	[ -f $f ] || exit 0
+-	[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
+# do OBS sign
+[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
+ 
+-	export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
+-	export RPM_BUILD_ROOT
+-	export RPM_PACKAGE_NAME="digest-list-tools"
+-	export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
+export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
+export RPM_BUILD_ROOT
+export RPM_PACKAGE_NAME="digest-list-tools"
+export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
+ 
+-	if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
+-		/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
+-	fi
+if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
+	/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
+ fi
+#fi
 diff --git a/brp-ebs-sign b/brp-ebs-sign
 new file mode 100644
-index 0000000..885d7aa
+index 0000000..a7a83e5
 --- /dev/null
 +++ b/brp-ebs-sign
@@ -0,0 +1,238 @@
@ -285,7 +309,7 @@ index 0000000..885d7aa
 +		break;
 +	elif [ $ret_sign -eq $FAILED_SIGN_PERMISSION_DENIED ]; then
 +		echo "Failed to sign file, permission denied"
-+		SIGN_RESULT=$FAILED_SIGN_PERMISSION_DENIED
+		SIGN_RESULT=1
 +		break;
 +	elif [ $i -ne $CONFIG_RETEST_COUNT ]; then
 +		echo "Failed to sign file, try again"
--- a/add-riscv64-to-some-arches-macro.patch
+++ b/add-riscv64-to-some-arches-macro.patch
@ -1,41 +0,0 @@
-From 09e746df9d0c333fef9aabcec3047f68c9d1fc60 Mon Sep 17 00:00:00 2001
-From: laokz <zhangkai@iscas.ac.cn>
-Date: Sat, 27 Apr 2024 15:09:30 +0800
-Subject: [PATCH] add riscv64 to some arches macro
-
---
- macros | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/macros b/macros
-index 218cd23..c609e85 100644
--- a/macros
-+++ b/macros
-@@ -310,7 +310,7 @@
- %generic_arches %{ix86} x86_64 %{arm} aarch64 loongarch64 powerpc64le ppc64le
- %ldc_arches %{generic_arches}
- %valgrind_arches %{generic_arches}
-%nodejs_arches %{generic_arches}
-+%nodejs_arches %{generic_arches} riscv64
- %ldc_arches %{generic_arches}
- %mono_arches %{generic_arches}
- %fpc_arches %{generic_arches}
-@@ -319,11 +319,10 @@
- %GNAT_arches %{GPRbuild_arches} %{generic_arches}
- %GPRbuild_arches  %{generic_arches}
- %nim_arches	 %{generic_arches}
-%nodejs_arches	 %{generic_arches}
-%ocaml_native_compiler   %{generic_arches}
-%ocaml_natdynlink        %{generic_arches}
-%ocaml_native_profiling  %{generic_arches}
-%openblas_arches 	 %{generic_arches}
-+%ocaml_native_compiler   %{generic_arches} riscv64
-+%ocaml_natdynlink        %{generic_arches} riscv64
-+%ocaml_native_profiling  %{generic_arches} riscv64
-+%openblas_arches 	 %{generic_arches} riscv64
- 
- #%ldconfig /sbin/ldconfig
- %ldconfig_post(n:) %{?ldconfig:%post -p %ldconfig %{?*} %{-n:-n %{-n*}}\
-- 
-2.39.2
-
--- a/openEuler-rpm-config.spec
+++ b/openEuler-rpm-config.spec
@ -3,7 +3,7 @@

 Name:		%{vendor}-rpm-config
 Version:	30
-Release:	58
+Release:	53
 License:	GPL+
 Summary:	specific rpm configuration files
 URL:		https://gitee.com/openeuler/openEuler-rpm-config
@ -38,7 +38,6 @@ Patch24:	Delete-the-commented-code.patch
 Patch25:	Add-support-for-selecting-clang-as-a-toolchain.patch
 Patch26:	Call-set_build_flags-cc-before-build-check-and-insta.patch
 Patch27:	openEuler-rpm-config-add-optflags-for-loongarch64-and-sw_64.patch
-Patch28:	add-riscv64-to-some-arches-macro.patch

 Provides: python-rpm-macros = %{?epoch:%{epoch}:}%{version}-%{release}
 Provides: python2-rpm-macros = %{?epoch:%{epoch}:}%{version}-%{release}
@ -150,21 +149,6 @@ sed -i "s/__vendor/%{vendor}/g" `grep "__vendor" -rl %{buildroot}%{_rpmconfigdir
 %{rpmvdir}/find-requires.ksyms

 %changelog
-* Thu Dec 19 2024 luhuaxin <luhuaxin1@huawei.com> - 30-58
- ima: keep the process of OBS signing same as previous version
-
-* Tue Aug 6 2024 liyunfei <liyunfei33@huawei.com> - 30-57
- Fix for "%undefine _auto_set_build_XX" usage
-
-* Mon Apr 29 2024 xujing <xujing125@huawei.com> - 30-56
- don't delete the commented code in macros
-
-* Sun Apr 28 2024 laokz <zhangkai@iscas.ac.cn> - 30-55
- add riscv64 to some arches macro
-
-* Sun Apr 7 2024 zhangguangzhi <zhangguangzhi3@huawei.com> - 30-54
- ima digest list ebs sign ret 2 when errmsg is SIGN_PERMISSION_DENIED
-
 * Fri Mar 29 2024 zhangguangzhi <zhangguangzhi3@huawei.com> - 30-53
 - ima digest list ebs sign use file path and check errmsg