59 lines
1.7 KiB
Diff
59 lines
1.7 KiB
Diff
From 9caa3773a41c531c21b4a696a6928ed953f18b7f Mon Sep 17 00:00:00 2001
|
|
From: Roberto Sassu <roberto.sassu@huawei.com>
|
|
Date: Sat, 27 Jun 2020 13:38:07 +0200
|
|
Subject: [PATCH] Add support for digest lists
|
|
|
|
---
|
|
pesign-gen-repackage-spec | 7 +++++++
|
|
pesign-repackage.spec.in | 11 +++++++++--
|
|
2 files changed, 16 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/pesign-gen-repackage-spec b/pesign-gen-repackage-spec
|
|
index 96f07b5..682c5c1 100755
|
|
--- a/pesign-gen-repackage-spec
|
|
+++ b/pesign-gen-repackage-spec
|
|
@@ -432,6 +432,13 @@ sub print_files {
|
|
if (-e "$path.sig") {
|
|
print SPEC "$attrs " . quote($f->{name}) . ".sig\n";
|
|
}
|
|
+
|
|
+ my $digest_list_sig = $f->{name};
|
|
+ $digest_list_sig =~ s/digest_lists/digest_lists.sig/;
|
|
+
|
|
+ if (-e "$directory/$digest_list_sig.sig") {
|
|
+ print SPEC "$attrs " . quote($digest_list_sig) . ".sig\n";
|
|
+ }
|
|
}
|
|
}
|
|
|
|
diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in
|
|
index 76732b5..141f990 100644
|
|
--- a/pesign-repackage.spec.in
|
|
+++ b/pesign-repackage.spec.in
|
|
@@ -119,13 +119,20 @@ fi
|
|
mkdir nss-db
|
|
nss_db=$PWD/nss-db
|
|
echo foofoofoo > "$nss_db/passwd"
|
|
-certutil -N -d "$nss_db" -f "$nss_db/passwd"
|
|
-certutil -A -d "$nss_db" -f "$nss_db/passwd" -n cert -t CT,CT,CT -i "$cert"
|
|
+
|
|
+if test "$(wc -l <cert.crt)" -gt 1; then
|
|
+ certutil -N -d "$nss_db" -f "$nss_db/passwd"
|
|
+ certutil -A -d "$nss_db" -f "$nss_db/passwd" -n cert -t CT,CT,CT -i "$cert"
|
|
+fi
|
|
|
|
sigs=($(find -type f -name '*.sig' -printf '%%P\n'))
|
|
for sig in "${sigs[@]}"; do
|
|
f=%buildroot/${sig%.sig}
|
|
case "/$sig" in
|
|
+ */etc/ima/digest_lists/*)
|
|
+ mkdir -p %buildroot/etc/ima/digest_lists.sig
|
|
+ cp $sig %buildroot/etc/ima/digest_lists.sig
|
|
+ ;;
|
|
*.ko.sig)
|
|
/usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f"
|
|
;;
|
|
--
|
|
2.27.GIT
|
|
|