From c14d045188d50a5501320758c8ef248ca895a604 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Thu, 19 Dec 2024 10:33:50 +0800
Subject: [PATCH] ima: keep the process of OBS signing same as previous version

(cherry picked from commit 9e4c57f0338de224025346b7e56d19401701a268)
---
 ...support-EBS-sign-for-IMA-digest-list.patch | 64 ++++++-------------
 openEuler-rpm-config.spec                     |  5 +-
 2 files changed, 24 insertions(+), 45 deletions(-)

diff --git a/Feature-support-EBS-sign-for-IMA-digest-list.patch b/Feature-support-EBS-sign-for-IMA-digest-list.patch
index bd0fed0..138423c 100644
--- a/Feature-support-EBS-sign-for-IMA-digest-list.patch
+++ b/Feature-support-EBS-sign-for-IMA-digest-list.patch
@@ -1,22 +1,21 @@
-From 0449160c84daff8c557dee47a970e4f4837ff81d Mon Sep 17 00:00:00 2001
+From 3c5bb3890756f2e0504e7f8f3f965025f49694b0 Mon Sep 17 00:00:00 2001
 From: Huaxin Lu <luhuaxin1@huawei.com>
 Date: Mon, 12 Dec 2022 00:16:01 +0800
 Subject: [PATCH] support EBS sign for IMA digest list
 
 Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
 Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
-
 ---
- brp-digest-list |  46 +++++-----
+ brp-digest-list |  20 +++-
  brp-ebs-sign    | 238 ++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 262 insertions(+), 22 deletions(-)
+ 2 files changed, 254 insertions(+), 4 deletions(-)
  create mode 100644 brp-ebs-sign
 
 diff --git a/brp-digest-list b/brp-digest-list
-index e698b7a..d1e2600 100644
+index 6c8a94d..645f5e4 100644
 --- a/brp-digest-list
 +++ b/brp-digest-list
-@@ -26,7 +26,6 @@ fi
+@@ -25,7 +25,6 @@ fi
  DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists
  mkdir -p $DIGEST_LIST_DIR
  mkdir -p $DIGEST_LIST_DIR.tlv
@@ -24,27 +23,10 @@ index e698b7a..d1e2600 100644
  
  # Generate digest list for the kernel
  gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
-@@ -70,28 +69,31 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
+@@ -69,13 +68,26 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
  chmod 644 $DIGEST_LIST_TLV_PATH
  echo $DIGEST_LIST_TLV_PATH
  
--if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
--      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
--	# Generate digest list for the user space parsers
--	LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
--		$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
--		-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
--		-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
--
--	f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
--	[ -f $f ] || exit 0
--
--	chmod 644 $f
--	echo $f
-+#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
-+#      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
-+# Generate digest list for the user space parsers
-+
 +# do EBS sign
 +export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
 +export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
@@ -56,30 +38,24 @@ index e698b7a..d1e2600 100644
 +	mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
 +	exit 0
 +fi
- 
--	[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
++
 +# do OBS sign
-+[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
- 
--	export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
--	export RPM_BUILD_ROOT
--	export RPM_PACKAGE_NAME="digest-list-tools"
--	export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
-+export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
-+export RPM_BUILD_ROOT
-+export RPM_PACKAGE_NAME="digest-list-tools"
-+export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
+ if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
+       ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
+ 	# Generate digest list for the user space parsers
+ 	LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \
+-		$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
+-		-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
+-		-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
++	$RPM_BUILD_ROOT/usr/bin/gen_digest_lists \
++	-d $DIGEST_LIST_DIR -t parser -f compact -m immutable \
++	-i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i:
  
--	if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
--		/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
--	fi
-+if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
-+	/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
- fi
-+#fi
+ 	f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec"
+ 	[ -f $f ] || exit 0
 diff --git a/brp-ebs-sign b/brp-ebs-sign
 new file mode 100644
-index 0000000..a7a83e5
+index 0000000..885d7aa
 --- /dev/null
 +++ b/brp-ebs-sign
 @@ -0,0 +1,238 @@
diff --git a/openEuler-rpm-config.spec b/openEuler-rpm-config.spec
index 7b4c908..14685f5 100644
--- a/openEuler-rpm-config.spec
+++ b/openEuler-rpm-config.spec
@@ -3,7 +3,7 @@
 
 Name:		%{vendor}-rpm-config
 Version:	30
-Release:	57
+Release:	58
 License:	GPL+
 Summary:	specific rpm configuration files
 URL:		https://gitee.com/openeuler/openEuler-rpm-config
@@ -150,6 +150,9 @@ sed -i "s/__vendor/%{vendor}/g" `grep "__vendor" -rl %{buildroot}%{_rpmconfigdir
 %{rpmvdir}/find-requires.ksyms
 
 %changelog
+* Thu Dec 19 2024 luhuaxin <luhuaxin1@huawei.com> - 30-58
+- ima: keep the process of OBS signing same as previous version
+
 * Tue Aug 6 2024 liyunfei <liyunfei33@huawei.com> - 30-57
 - Fix for "%undefine _auto_set_build_XX" usage
 
-- 
Gitee