!5 [sync] PR-3: 新增支持DIM文件签名

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

Add-support-for-DIM.patch

@@ -0,0 +1,27 @@
+From 47d79f48c0f5d4b5ce02e33d54fb1954df41fb2f Mon Sep 17 00:00:00 2001
+From: zhangyiru330 <zhangyiru3@huawei.com>
+Date: Mon, 7 Mar 2022 14:32:49 +0800
+Subject: [PATCH] Add support for DIM
+
+---
+ pesign-repackage.spec.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in
+index 6dae3a9..8b4b550 100644
+--- a/pesign-repackage.spec.in
++++ b/pesign-repackage.spec.in
+@@ -138,6 +138,10 @@ for sig in "${sigs[@]}"; do
+ 		mkdir -p %buildroot/etc/ima/digest_lists.sig
+ 		cp $sig %buildroot/etc/ima/digest_lists.sig
+ 		;;
++	*/etc/dim/digest_list/*)
++		mkdir -p %buildroot/etc/dim/digest_list
++		cp $sig %buildroot/etc/dim/digest_list
++		;;
+ 	*.ko.sig)
+ 		/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f"
+ 		;;
+-- 
+1.8.3.1
+

pesign-obs-integration.spec

@@ -23,7 +23,7 @@ Summary:        Macros and scripts to sign the kernel and bootloader
 License:        GPL-2.0-only
 Group:          Development/Tools/Other
 Version:        10.1
-Release:        2
+Release:        3
 Requires:       fipscheck
 %if 0%{?suse_version}
 Requires:       mozilla-nss-tools
@@ -43,6 +43,7 @@ Patch2:         Skip-processing-of-ghost-files-as-they-are-not-extra.patch
 Patch3:         Add-support-for-digest-lists.patch
 Patch4:         Don-t-set-files-variable-in-brp-99-pesign.patch
 Patch5:         Disable-building-debug-packages.patch
+Patch6:         Add-support-for-DIM.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version}
 # suse-module-tools <= 15.0.10 contains modsign-verify
@@ -87,6 +88,9 @@ fi
 /usr/lib/rpm/*
 
 %changelog
+* Mon Mar 07 2022 w00559322 <wangyu283@huawei.com> - 10.1-3
+- Add Add-support-for-DIM.patch
+
 * Wed Jul 22 2020 Roberto Sassu <roberto.sassu@huawei.com> - 10.1-2
 - Add Require-nss-util-for-building-in-pesign-repackage.sp.patch