Hello community, here is the log from the commit of package pesign-obs-integration for openSUSE:Factory checked in at 2014-07-10 14:54:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign-obs-integration (Old) and /work/SRC/openSUSE:Factory/.pesign-obs-integration.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pesign-obs-integration" Changes: -------- --- /work/SRC/openSUSE:Factory/pesign-obs-integration/pesign-obs-integration.changes 2014-05-02 09:51:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pesign-obs-integration.new/pesign-obs-integration.changes 2014-07-10 14:54:58.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Jul 3 14:01:24 UTC 2014 - mmarek@suse.cz + +- Drop support for signing firmware files (bnc#867199) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ README ++++++ --- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200 +++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200 @@ -22,7 +22,6 @@ pesign-gen-repackage-spec script to generate another specfile, which builds new RPMs with signed files. The supported file types are: -/lib/firmware/* - Detached signature in $file.sig *.ko - Signature appended to the module efi binaries - Signature embedded in a header. If a HMAC checksum named .$file.hmac exists, it is regenerated ++++++ brp-99-pesign ++++++ --- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200 +++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200 @@ -22,7 +22,7 @@ set -e -files="*.ko /lib/firmware" +files="*.ko" if test -n "${BRP_PESIGN_FILES+x}"; then files=${BRP_PESIGN_FILES} fi ++++++ kernel-sign-file ++++++ --- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200 +++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200 @@ -4,11 +4,8 @@ # my $USAGE = -"Usage: scripts/sign-file [-v] [-f] <hash algo> <key> <x509> <module> [<dest>]\n" . -" scripts/sign-file [-v] [-f] -s <raw sig> <hash algo> <x509> <module> [<dest>]\n" . -" -v verbose output\n" . -" -f create a firmware signature file\n"; - +"Usage: scripts/sign-file [-v] <hash algo> <key> <x509> <module> [<dest>]\n" . +" scripts/sign-file [-v] -s <raw sig> <hash algo> <x509> <module> [<dest>]\n"; use strict; use FileHandle; @@ -16,10 +13,9 @@ use Getopt::Std; my %opts; -getopts('vfs:', \%opts) or die $USAGE; +getopts('vs:', \%opts) or die $USAGE; my $verbose = $opts{'v'}; my $signature_file = $opts{'s'}; -my $sign_fw = $opts{'f'}; die $USAGE if ($#ARGV > 4); die $USAGE if (!$signature_file && $#ARGV < 3 || $signature_file && $#ARGV < 2); @@ -35,18 +31,14 @@ if (@ARGV) { $dest = $ARGV[0]; $keep_orig = 1; -} elsif ($sign_fw) { - $dest = $module . ".sig"; - $keep_orig = 1; } else { $dest = $module . "~"; } -my $mode_name = $sign_fw ? "firmware" : "module"; die "Can't read private key\n" if (!$signature_file && !-r $private_key); die "Can't read signature file\n" if ($signature_file && !-r $signature_file); die "Can't read X.509 certificate\n" unless (-r $x509); -die "Can't read $mode_name\n" unless (-r $module); +die "Can't read module\n" unless (-r $module); # # Function to read the contents of a file into a variable. @@ -377,14 +369,12 @@ my $unsigned_module = read_file($module); -my $magic_number = $sign_fw ? - "~Linux firmware signature~\n" : - "~Module signature appended~\n"; +my $magic_number = "~Module signature appended~\n"; my $magic_len = length($magic_number); my $info_len = 12; # Truncate existing signarure, if any -if (!$sign_fw && substr($unsigned_module, -$magic_len) eq $magic_number) { +if (substr($unsigned_module, -$magic_len) eq $magic_number) { my $info = substr($unsigned_module, -$magic_len - $info_len, $info_len); my ($name_len, $key_len, $sig_len) = unpack("xxxCCxxxN", $info); my $subtract = $name_len + $key_len + $sig_len + $info_len + $magic_len; @@ -428,7 +418,7 @@ } if ($verbose) { - print "Size of unsigned $mode_name: ", length($unsigned_module), "\n"; + print "Size of unsigned module: ", length($unsigned_module), "\n"; print "Size of signer's name : ", length($signers_name), "\n"; print "Size of key identifier : ", length($key_identifier), "\n"; print "Size of signature : ", length($signature), "\n"; @@ -440,16 +430,7 @@ open(FD, ">$dest") || die $dest; binmode FD; -if ($sign_fw) { - print FD - $magic_number, - $info, - $signers_name, - $key_identifier, - $signature - ; -} else { - print FD +print FD $unsigned_module, $signers_name, $key_identifier, @@ -457,7 +438,6 @@ $info, $magic_number ; -} close FD || die $dest; if (!$keep_orig) { ++++++ pesign-repackage.spec.in ++++++ --- /var/tmp/diff_new_pack.t59pPc/_old 2014-07-10 14:54:59.000000000 +0200 +++ /var/tmp/diff_new_pack.t59pPc/_new 2014-07-10 14:54:59.000000000 +0200 @@ -109,9 +109,6 @@ *.ko.sig) /usr/lib/rpm/pesign/kernel-sign-file -s "$sig" sha256 "$cert" "$f" ;; - /lib/firmware/*.sig) - /usr/lib/rpm/pesign/kernel-sign-file -f -s "$sig" sha256 "$cert" "$f" - ;; /boot/* | *.efi.sig) infile=${sig%.sig} cpio -i --to-stdout ${infile#./} <%_sourcedir/@NAME@.cpio.rsasign > ${infile}.sattrs -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org