#3 Rebase to 2.5.4 post-release snapshot
Merged 2 years ago by msuchy. Opened 2 years ago by ngompa.
rpms/ ngompa/obs-signd update-to-2.5.4-postrel-snapshot  into  master

file modified
+1 -2
@@ -1,3 +1,2 @@ 

- /0001-Rename-option-files-are-digests-to-file-is-digest.patch

- /0002-fixes-user-id-matching-to-provide-unique-results.patch

  /obs-sign-c3d5984.tar.gz

+ /obs-sign-5675e23.tar.gz

@@ -1,4 +1,4 @@ 

- From 8903fa0f189147c8d53093eceb308309d13d8ba0 Mon Sep 17 00:00:00 2001

+ From f4713b1094031d7c71b69579d555c0537280f5c5 Mon Sep 17 00:00:00 2001

  From: Josef Stribny <jstribny@redhat.com>

  Date: Tue, 27 May 2014 12:20:35 +0200

  Subject: [PATCH 1/2] Rename option --files-are-digests to --file-is-digest
@@ -9,24 +9,24 @@ 

   2 files changed, 3 insertions(+), 3 deletions(-)

  

  diff --git a/signd b/signd

- index 9478a7b..b6615b5 100755

+ index eeb68f5..3033466 100755

  --- a/signd

  +++ b/signd

- @@ -820,7 +820,7 @@ sub cmd_privsign {

+ @@ -828,7 +828,7 @@ sub cmd_privsign {

         $classtime = $1;

         $args[0] = substr($args[0], 0, -10)."0000000000";

       }

- -    ($status, $lout, $lerr) = rungpg('/dev/null', undef, $gpg, "--batch", "--force-v3-sigs", "--files-are-digests", "--allow-non-selfsigned-uid", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-sbo", "-", $args[0]);

- +    ($status, $lout, $lerr) = rungpg('/dev/null', undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--allow-non-selfsigned-uid", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-sbo", "-", $args[0]);

+ -    ($status, $lout, $lerr) = rungpg('/dev/null', undef, $gpg, "--batch", "--force-v3-sigs", "--files-are-digests", "--allow-non-selfsigned-uid", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-sbo", "-", $args[0]);

+ +    ($status, $lout, $lerr) = rungpg('/dev/null', undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--allow-non-selfsigned-uid", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-sbo", "-", $args[0]);

       $lout = patchclasstime($lout, $classtime) if $classtime && !$status;

       shift @args;

       push @out, $lout;

- @@ -846,7 +846,7 @@ sub cmd_sign {

+ @@ -854,7 +854,7 @@ sub cmd_sign {

         $classtime = $1;

         $args[0] = substr($args[0], 0, -10)."0000000000";

       }

- -    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--files-are-digests", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

- +    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

+ -    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--files-are-digests", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

+ +    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

       $lout = patchclasstime($lout, $classtime) if $classtime && !$status;

       shift @args;

       push @out, $lout;
@@ -44,5 +44,5 @@ 

   .SH SECURITY

   Unless the allow-unprivileged-ports option is set to true in

  -- 

- 2.21.0

+ 2.23.0

  

@@ -1,4 +1,4 @@ 

- From 03130f8295b5efbd700abf6b60b190df98e54b9b Mon Sep 17 00:00:00 2001

+ From 242015e49c2050d8d3ab276140d3551dbfb7a025 Mon Sep 17 00:00:00 2001

  From: clime <clime@redhat.com>

  Date: Mon, 2 May 2016 21:05:43 +0200

  Subject: [PATCH 2/2] fixes user-id matching to provide unique results
@@ -50,19 +50,19 @@ 

   1 file changed, 4 insertions(+), 4 deletions(-)

  

  diff --git a/signd b/signd

- index b6615b5..2564a87 100755

+ index 3033466..8607569 100755

  --- a/signd

  +++ b/signd

- @@ -702,7 +702,7 @@ sub cmd_keygen {

-  

+ @@ -710,7 +710,7 @@ sub cmd_keygen {

     rungpg_fatal("$phrases/$user", $tdir, $gpg, '--batch', '--no-secmem-warning',

+          @pinentrymode,

           "--passphrase-fd=0", "--yes",

  -        "-u", $user,

  +        "-u", "<$user>",

           '--default-cert-level', '3',

           "--keyring", $pubring,

           '--edit-key', $keyid,

- @@ -722,7 +722,7 @@ sub cmd_keygen {

+ @@ -730,7 +730,7 @@ sub cmd_keygen {

     close(F) || die("privkey close error\n");

   

     $ENV{GNUPGHOME} = $org_gnupghome;
@@ -71,7 +71,7 @@ 

     remove_tree($tdir);

   

     # send back

- @@ -783,7 +783,7 @@ EOL

+ @@ -791,7 +791,7 @@ EOL

   sub cmd_pubkey {

     my ($cmd, $user, $hashalgo, @args) = @_;

     die("pubkey: one argument expected\n") if @args;
@@ -80,15 +80,15 @@ 

     return (0, '', $pubkey);

   }

   

- @@ -846,7 +846,7 @@ sub cmd_sign {

+ @@ -854,7 +854,7 @@ sub cmd_sign {

         $classtime = $1;

         $args[0] = substr($args[0], 0, -10)."0000000000";

       }

- -    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

- +    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", "--passphrase-fd=0", "-u", "<$user>", "-sbo", "-", $args[0]);

+ -    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-u", $user, "-sbo", "-", $args[0]);

+ +    ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", "-u", "<$user>", "-sbo", "-", $args[0]);

       $lout = patchclasstime($lout, $classtime) if $classtime && !$status;

       shift @args;

       push @out, $lout;

  -- 

- 2.21.0

+ 2.23.0

  

file modified
+14 -10
@@ -1,25 +1,24 @@ 

  # http://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#PIE

  %global _hardened_build 1

- %global commit c3d59841ac2457435c80b2f38e396512de37ae6d

+ %global commit 5675e2337d6a89876fa463f6474ce203c2e0198e

  %global shortcommit %(c=%{commit}; echo ${c:0:7})

- %global snapdate 20190613

+ %global snapdate 20190913

  %global snapshotrel .%{snapdate}git%{shortcommit}

+ # To make rpmdev-bumpspec work properly

+ %global baserelease 1

  

  Name:             obs-signd

  Summary:          The OBS sign daemon

  License:          GPLv2

- Url:              https://github.com/openSUSE/obs-sign

- Version:          2.5.3

- Release:          2%{?snapshotrel}%{?dist}

+ URL:              https://github.com/openSUSE/obs-sign

+ Version:          2.5.4

+ Release:          %{baserelease}%{?snapshotrel}%{?dist}

  Source0:          https://github.com/openSUSE/obs-sign/archive/%{commit}/obs-sign-%{shortcommit}.tar.gz

  # We renamed the option in gnupg2 to 'file-is-digest'

  Patch0:           0001-Rename-option-files-are-digests-to-file-is-digest.patch

  # https://github.com/openSUSE/obs-sign/pull/6

- Patch1:			  0002-fixes-user-id-matching-to-provide-unique-results.patch

+ Patch1:           0002-fixes-user-id-matching-to-provide-unique-results.patch

  Requires:         gnupg2

- Requires(post):   systemd

- Requires(preun):  systemd

- Requires(postun): systemd

  Requires(pre):    shadow-utils

  BuildRequires:    perl-generators

  BuildRequires:    systemd
@@ -77,12 +76,17 @@ 

  

  %files

  %config(noreplace) %{_sysconfdir}/sign.conf

- %verify(not mode) %attr(4750,root,obsrun) %{_bindir}/sign

+ %attr(4750,root,obsrun) %{_bindir}/sign

  %{_sbindir}/signd

  %{_unitdir}/signd.service

  %doc %{_mandir}/man*/*

  

  %changelog

+ * Thu Jan 02 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.4-1.20190913git5675e23

+ - Rebase to 2.5.4 post-release snapshot

+ - Drop systemd scriptlet requires per updated packaging policy

+ - Drop useless verification exception

+ 

  * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-2.20190613gitc3d5984

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

  

file modified
+1 -1
@@ -1,1 +1,1 @@ 

- SHA512 (obs-sign-c3d5984.tar.gz) = c5740ed98ceef2f7edae94c5c47729f55990e04b53686a7e40f3d277ae6ba97ec522460d5683e880d302e607deb0addd36d1c00b98b45b6cdb099703107be637

+ SHA512 (obs-sign-5675e23.tar.gz) = 9d199fae8e94ae057154bf7cee97df4b1a16a8ac05a8bfc35915e49c7944cc46bbcb295239084cd882b1fdbce415fa2f57d3a0fe30d0294cfc9d36039696d26e

  • Drop systemd scriptlet requires per updated packaging policy
  • Drop useless verification exception

@msuchy @frostyx Can you please review this to merge and push into F30, F31, and Rawhide?

I'm working on packaging OBS for Fedora, and an updated obs-signd is required.

Cf. https://github.com/openSUSE/open-build-service/pull/7872

(cc: @ignatenkobrain)

rebased onto 9095768

2 years ago

@msuchy @frostyx Also, I'd appreciate it if I could be added as a co-maintainer for obs-signd.

Pull-Request has been merged by msuchy

2 years ago

@ngompa I made you an admin. Co-maintainer is more than welcome. Feel free to do the build and file a bodhi update.