From 25df242865bc5ae67087f5fec6c7ff0f96ee8afe Mon Sep 17 00:00:00 2001 From: luhuaxin Date: Wed, 15 Jan 2025 11:54:38 +0800 Subject: [PATCH] ima: keep the process of OBS signing same as previous version --- brp-digest-list | 38 ++++++++++++++++++++++++-------------- openEuler-rpm-config.spec | 5 ++++- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/brp-digest-list b/brp-digest-list index 2f0681d..645f5e4 100755 --- a/brp-digest-list +++ b/brp-digest-list @@ -68,10 +68,6 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam chmod 644 $DIGEST_LIST_TLV_PATH echo $DIGEST_LIST_TLV_PATH -#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \ -# ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then -# Generate digest list for the user space parsers - # do EBS sign export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}') export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}') @@ -85,14 +81,28 @@ if [[ -n "$PUBLISHER_HOST" && -n "$PUBLISHER_PORT" ]]; then fi # do OBS sign -[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0 - -export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*" -export RPM_BUILD_ROOT -export RPM_PACKAGE_NAME="digest-list-tools" -export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES" - -if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then - /usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null +if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \ + ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then + # Generate digest list for the user space parsers + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib64 \ + $RPM_BUILD_ROOT/usr/bin/gen_digest_lists \ + -d $DIGEST_LIST_DIR -t parser -f compact -m immutable \ + -i I:$RPM_BUILD_ROOT/usr/libexec -o add -p -1 -i i: + + f="$DIGEST_LIST_DIR/0-parser_list-compact-libexec" + [ -f $f ] || exit 0 + + chmod 644 $f + echo $f + + [ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0 + + export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*" + export RPM_BUILD_ROOT + export RPM_PACKAGE_NAME="digest-list-tools" + export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES" + + if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then + /usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null + fi fi -#fi diff --git a/openEuler-rpm-config.spec b/openEuler-rpm-config.spec index 07dc9f3..a36338f 100644 --- a/openEuler-rpm-config.spec +++ b/openEuler-rpm-config.spec @@ -3,7 +3,7 @@ Name: %{vendor}-rpm-config Version: 31 -Release: 11 +Release: 12 License: GPL+ Summary: specific rpm configuration files URL: https://gitee.com/src-openeuler/openEuler-rpm-config @@ -186,6 +186,9 @@ sed -i "s/@VENDOR@/%{vendor}/g" `grep "@VENDOR@" -rl %{buildroot}%{_rpmconfigdir %{rpmvdir}/find-requires.ksyms %changelog +* Wed Jan 15 2025 luhuaxin - 31-12 +- ima: keep the process of OBS signing same as previous version + * Sun Jan 12 2025 Funda Wang - 31-11 - support sw_64 arch -- Gitee