| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pesign-obs-integration | Distribution: SUSE Linux 16 |
| Version: 10.2+git20250219.c99462c | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 160000.2.2 | Build date: Wed Feb 19 14:44:04 2025 |
| Group: Development/Tools/Other | Build host: reproducible |
| Size: 95565 | Source RPM: pesign-obs-integration-10.2+git20250219.c99462c-160000.2.2.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools | |
| Summary: Macros and scripts to sign the kernel and bootloader | |
This package provides scripts and rpm macros to automate signing of the boot loader, kernel and kernel modules in the openSUSE Buildservice.
GPL-2.0-or-later
* Wed Feb 19 2025 dmueller@suse.com
- Update to version 10.2+git20250219.c99462c:
* query_array: Convert None to empty string
* Add filecaps support
* Mon Feb 17 2025 dmueller@suse.com
- Update to version 10.2+git20250217.98df3ef:
* Fix quoting of filename extensions
* spec: suse-module-tools is for SUSE only
* repackage spec: mozilla-nss-tools is for SUSE distros, on Fedora/etc it's nss-tools
* Fri Feb 14 2025 dmueller@suse.com
- Update to version 10.2+git20250214.54864ba:
* Update brp-99-pesign
* pesign-gen-repackage-spec: Quote filenames.
* quote password as it has shellchars
* use a stronger password that passes strength cehck in FIPS mode bsc#1228433
* Tue Feb 11 2025 dmueller@suse.com
- Update to version 10.2+git20250211.88dd0a3:
* Add BRP_PESIGN_PACKAGES to filter package(s) to repack
* Set Getopt no ignore case
* Mon Feb 10 2025 dmueller@suse.com
- Update to version 10.2+git20250116.e734a3f:
* spec: mozilla-nss-tools is for SUSE distros, on Fedora/etc it's nss-tools
* spec: fix Fedora builds
* Add Fedora-specific workarounds to pesign-repackage.spec
* debian: add Provides dh-sequence-signobs
* dh_signobs: fix json input for pre-configured template
* dh_signobs: fix parsing of pesign hashing output
* Sat Dec 21 2024 dmueller@suse.com
- Update to version 10.2+git20241221.c85eada:
* Move the rpm-420 compatibility section from %install to %build
* Fix README reference after a17ffb01430468f411acc5488cc9a6d27ceb1428
* Fri Dec 20 2024 dmueller@suse.com
- Update to version 10.2+git20241220.e0461ad:
* Fix repackaging of scriptlets with rpm-4.20
* Thu Dec 19 2024 dmueller@suse.com
- Update to version 10.2+git20241219.042a454:
* Make the repackage work with rpm-4.20
* Tue Jul 23 2024 jlee@suse.com
- Update to version 10.2+git20240723.d344d91:
* Quote % signs in scripts
* Export also a VCS tag
* specfile: Change license to OR-LATER
* specfile: Update rpm constructs
* spec.in: Add changelog tag
* spec.in: Don't copy changes to OTHER
* spec.in: Use SPDX license
* Fri Feb 16 2024 jlee@suse.com
- Update to version 10.2+git20240216.1e15ef4:
* Create changes file for reproducible build
* Add support for authenticated uefi variables
* Allow to dump the pkcs7 signed data as well
* Add -N option to add a NULL param to the digest algo definitions
* Add -C option to include certificates in the PKCS7 signature
* spec.in: fix rpmlint warnings
* Thu Jun 22 2023 jlee@suse.com
- Modify pesign-obs-integration.changes, add bsc#1211849 to changelog.
The supporting of filetriggers and transfiletriggers in
pesign-gen-repackage-spec in 10.2+git20230612.4699910 is for
bsc#1211849.
* Mon Jun 12 2023 jlee@suse.com
- Update to version 10.2+git20230612.4699910:
* pesign-gen-repackage-spec: support filetriggers and transfiletriggers (bsc#1211849)
* Add support for dependency generators
* pesign-gen-repackage-spec: fix the filename issue in the scripts of generated ueficert package
* Verfiy the signatures before attaching them
* Don't copy rpmlintrc to OTHER
* Fix %attr issues
* Support %lang
* Support OrderWithRequires
* pesign-repackage.spec.in: Add description for footer_size
- Removed the following patches becuase they are merged to
10.2+git20230612.4699910:
Patch: order.patch
Patch1: attr.patch
Patch2: lang.patch
Patch3: rpmlintrc.patch
Patch4: verify-sig.patch
Patch5: dependency-generators.patch
- Use README.md instead of README in pesign-obs-integration.spec.
* Mon Jan 23 2023 gmbr3@opensuse.org
- Add dependency-generators.patch to support copying source files
and macros to the re-package build (jsc#PED-2658)
* Wed Sep 28 2022 glin@suse.com
- Add verify-sig.patch to verify the signatures before attaching
them (bsc#1200108, bsc#1203679)
* Sat Jul 09 2022 gmbr3@opensuse.org
- Update attr.patch to fix ghost symlinks still being affected
- Add rpmlintrc.patch to stop copying it to the build output
* Wed Jun 22 2022 gmbr3@opensuse.org
- Add attr.patch to fix:
* Avoid assigning %attr's to symlinks which causes rpmbuild spam
* Change perms mask to 07777 to ensure SUID/SGID is copied over
- Add lang.patch to support %lang
* Wed Jun 15 2022 gmbr3@opensuse.org
- Update to version 10.2+git20220504.8690743:
* Don't repackage aarch64_ilp32 *-64bit packages
* Use pesign for signing on riscv64
* Add padding to grub signature correctly (jsc#SLE-18271 bsc#1192764).
* kernel-sign-file: Support appending verbatim PKCS#7 signature.
* kernel-sign-file: Move x509 parsing into a function.
* Support ppc grub signing (jsc#SLE-18271 bsc#1192764).
* Handle packages with epochs as well
* Turn off rpm fatal warnings for noarch packages
- Upstreamed patches:
* 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch
* 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch
* 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch
* 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch
- Added patches:
* order.patch - support OrderWithRequires
* Fri Jan 21 2022 msuchanek@suse.com
- Support signing grub on powerpc (jsc#SLE-18271 bsc#1192764).
+ 0001-Support-ppc-grub-signing-jsc-SLE-18271-bsc-1192764.patch
+ 0002-kernel-sign-file-Move-x509-parsing-into-a-function.patch
+ 0003-kernel-sign-file-Support-appending-verbatim-PKCS-7-s.patch
+ 0004-Add-padding-to-grub-signature-correctly-jsc-SLE-1827.patch
* Wed Aug 04 2021 lnussel@suse.de
- Update to version 10.2+git20210804.ff18da1:
* brp-99-pesign: fix that the signature of shim be broken
* Fri Jul 30 2021 lnussel@suse.de
- Update to version 10.2+git20210730.0cb100c:
* Sign kernel also in module dir (boo#1184804)
(replaces pesign-kernel-in-lib.diff)
- switch package to obs_scm to avoid recompression
* Fri Jul 23 2021 dmueller@suse.com
- Update to version git master (10.2):
* Add support for GZIP and ZSTD module compression (bsc#1188636)
* Always pad the EFI image when calculating the hash
* Version bump to 10.2
* approach issue#22 false noarch subpackage
- drop pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
pesign-obs-integration-support-gzip-zstd-compression.patch (merged)
* Mon Jun 21 2021 glin@suse.com
- Add pesign-obs-integration-support-gzip-zstd-compression.patch
to support gzip and zstd module compression
* Fri Apr 23 2021 lnussel@suse.de
- find kernel also in /lib (boo#1184804, pesign-kernel-in-lib.diff)
* Fri Mar 19 2021 glin@suse.com
- Add pesign-obs-integration-bsc1183747-always-pad-efi-images.patch
to fix the potential hash mismatching (bsc#1183747)
* Mon Dec 21 2020 glin@suse.com
- Update to version 10.2:
* Fix the wrongly created noarch subpackages
(issue#22, bsc#1180242)
* Wed Oct 21 2020 dmueller@suse.com
- Update to version 10.1+1602850462:
* Compress kernel modules in batch and in parallel (bsc#1188636)
* Forward _binary_payload to the repackaged rpm (bsc#1175882)
- remove 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch,
parallel-compression.patch (upstream)
* Thu Oct 15 2020 dmueller@suse.com
- Sync from git master directly
- drop 0001-Add-support-for-kernel-module-compression.patch
0001-Enable-find_provides-and-requires.patch
0001-Initialize-compress-variable.patch
0001-Keep-the-files-in-the-OTHER-directory.patch
0001-Passthrough-license-tag.patch
0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
pesign-sign-s390x-kernel.patch (upstream)
- add parallel-compression.patch
* Wed Sep 02 2020 glin@suse.com
- Add 0001-Forward-_binary_payload-to-the-repackaged-rpm.patch to
forward _binary_payload to the repackaged rpm (bsc#1175882)
* Fri Jul 17 2020 glin@suse.com
- Add 0001-Enable-find_provides-and-requires.patch
(bsc#1114605, bsc#1180279)
+ Enable this patch again since virtualbox-kmp is split from
the main package so the customized %find_provides for
virtualbox-x11-guest won't be affected anymore.
* Wed Feb 26 2020 meissner@suse.com
- pesign-sign-s390x-kernel.patch: Sign also the non-PE (e.g. s390x)
kernels with just kernel-sign-file (bsc#1163524)
* Wed Feb 19 2020 meissner@suse.com
- 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
Hard code signing of stage3.bin of s390-tools (bsc#1163524)
* Wed Nov 06 2019 jslaby@suse.com
- 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
to support xz-compressed vmlinux (bnc#1155921)
* Wed Nov 06 2019 glin@suse.com
- 0001-Keep-the-files-in-the-OTHER-directory.patch to keep the
files in the OTHER directory (boo#1155474)
* Wed Sep 04 2019 msuchanek@suse.com
- Require pesign on arm (boo#1134303).
* Thu Aug 01 2019 glin@suse.com
- Add 0001-Initialize-compress-variable.patch to initialize
$compress in pesign-gen-repackage-spec to avoid warning
* Wed May 29 2019 glin@suse.com
- Add 0001-Add-support-for-kernel-module-compression.patch to
support kernel module compression (bsc#1135854, jsc#SLE-16661)
* Fri May 17 2019 guillaume.gardet@opensuse.org
- pesign is also available on %arm (boo#1134303).
* Tue Apr 16 2019 glin@suse.com
- Drop 0002-Enable-find_provides-and-requires.patch due to the
build failure of virtualbox-guest-x11
* Thu Apr 11 2019 glin@suse.com
- rpm: forward the missing rpm bits (bsc#1114605, bsc#1180279)
+ 0001-Passthrough-license-tag.patch
+ 0002-Enable-find_provides-and-requires.patch
* Tue Dec 11 2018 glin@suse.com
- Version 10.1
- Add modsign-verify for the signature verification (bsc#1118953)
* Wed Oct 31 2018 glin@suse.com
- rpm: properly forward dep flags (bsc#1114605)
- Fix new Lintian Error from Debian 10
* Tue Jun 12 2018 glin@suse.com
- debhelper: restrict wildcard package unpacking
* Mon Jun 11 2018 glin@suse.com
- debhelper: fix conffiles corner case
* Fri Jun 08 2018 glin@suse.com
- Remove the unstable source url
- Update the debian scripts
* Mon Jun 04 2018 glin@suse.com
- Switch to tarball release
* Thu Feb 22 2018 glin@suse.com
- Provide password file for 'certutil -A' due to the change in
mozilla-nss 3.35 (boo#1082235)
* Wed Nov 08 2017 jlee@suse.com
- Modified modsign-repackage, using certificate to try to decrypt
the signature of kernel module. It can be used to verify the
integrity of signature.
* Wed Sep 27 2017 jlee@suse.com
- Michael Schröder improved the original kernel-sign-file script to
support PKCS#7 kernel module signing. Replacing sign-file.c with
new kernel-sign-file script. (bsc#1049122)
* Sun Sep 24 2017 coolo@suse.com
- escape regexp in pesign-gen-repackage-spec for perl 5.26
* Wed Sep 06 2017 jlee@suse.com
- To support PKCS#7 kernel module signing, copy sign-file.c from
SLE-15 v4.12 kernel source to replace the kernel-sign-file script
to align upstream. (bsc#1049122)
* Tue Nov 29 2016 mmarek@suse.cz
- Copy over any *.log files from the first build (bsc#1012422)
* Thu Mar 03 2016 glin@suse.com
- Add aarch64 support since pesign also build on aarch64
* Thu Jan 22 2015 mmarek@suse.cz
- Add support for file verify flags (bnc#905420).
* Thu Jan 22 2015 mmarek@suse.cz
- Sort the parts of the repackage spec file for easier debugging.
* Tue Sep 16 2014 mls@suse.de
- fall back to project cert in the followup spec if it
exists
* Tue Sep 02 2014 ro@suse.de
- sanitize release line in specfile
* Wed Aug 20 2014 mmarek@suse.cz
- brp-99-compress-vmlinux: Compress the vmlinux image after
find-debuginfo (bnc#880848, bnc#884459)
* Tue Aug 12 2014 meissner@suse.com
- switch gen-hmac to use fipscheck instead of sha256hmac
* Mon Aug 04 2014 mmarek@suse.cz
- Set BRP_PESIGN_FILES="" in the repackage build to avoid loops.
* Wed Jul 30 2014 mmarek@suse.cz
- Accept also rpmlintrc files without any <package>- prefix.
* Mon Jul 28 2014 mmarek@suse.cz
- Use package's rpmlintrc files in the second build.
* Thu Jul 03 2014 mmarek@suse.cz
- Drop support for signing firmware files (bnc#867199)
* Thu Apr 24 2014 mmarek@suse.cz
- Fix matching /boot and /lib/firmware in pesign-repackage.spec
* Wed Apr 23 2014 mmarek@suse.com
- Do not store the buildroot in the .*.hmac file.
* Wed Apr 23 2014 mmarek@suse.com
- Regenerate the HMAC checksum when signing and EFI binary with
a checksum (fate#316930, bnc#856310).
* Wed Apr 23 2014 mmarek@suse.com
- Update README.
* Wed Apr 23 2014 mmarek@suse.cz
- Add /usr/lib/rpm/pesign/gen-hmac tool to generate a hmac checksum
for a given file (fate#316930, bnc#856310).
* Thu Apr 03 2014 ro@suse.de
- pesign-gen-repackage-spec: switch to new rpm style handling
of weak dependencies
* Thu Jan 16 2014 mmarek@suse.cz
- Do not sign any files if BRP_PESIGN_FILES is set not an empty
string (bnc#857599).
* Tue Jan 07 2014 mmarek@suse.cz
- Fix a typo in the last change.
* Mon Jan 06 2014 mmarek@suse.cz
- Default to BRP_PESIGN_FILES="*.ko /lib/firmware" (bnc#857599).
* Mon Jan 06 2014 mmarek@suse.cz
- Add --signatures=<directory> option to modsign-repackage
(bnc#841627).
* Fri Jun 14 2013 mmarek@suse.cz
- Put debuginfo packages to %_topdir/OTHER (bnc#824971).
* Thu Mar 28 2013 mmarek@suse.cz
- Version 10
- Add modsign-repackage tool to repackage RPMs outside the buildservice
* Tue Mar 26 2013 glin@suse.com
- Calculate the digest of the padded data section to be consistent
with the output file (bnc#808594, bnc#811325)
* Fri Mar 15 2013 coolo@suse.com
- correct the license of the generated package to fix build
* Tue Mar 05 2013 mmarek@suse.cz
- Do not repackage debuginfo package (bnc#806637)
* Mon Mar 04 2013 mmarek@suse.cz
- Version 9
- Add support for triggers (bnc#806737)
* Wed Feb 20 2013 mmarek@suse.cz
- Do not fail the build if %_topdir/OTHER cannot be created
* Wed Feb 13 2013 mmarek@suse.cz
- Version 8
- Hide baselibs from post-build-checks
* Wed Feb 13 2013 mmarek@suse.cz
- Do not repackage baselibs
* Wed Feb 13 2013 mmarek@suse.cz
- Version 7
- Fix for scriptlets with empty body
* Tue Feb 12 2013 mls@suse.de
- reduce debugging as pesign is now fixed
* Tue Feb 12 2013 mls@suse.de
- add a bit of debug output to find out why the kernel signatures
are bad
* Wed Feb 06 2013 mls@suse.de
- switch to normal brp hook
- mv stuff in pesign directory instead of cluttering /usr/lib/rpm
* Fri Feb 01 2013 mls@suse.de
- fix pesign calls
* Fri Feb 01 2013 mmarek@suse.cz
- Add some preliminary code to sign EFI binaries, marked with
FIXMEs.
* Wed Jan 30 2013 mmarek@suse.cz
- Version 6
- Fix handling packages with NoSource
- Fix for multiple patterns in %sign_files
* Tue Jan 29 2013 mmarek@suse.cz
- Version 5
- Use newc-style cpio archives, as required by the buildservice.
- Use signing certificates provided by the buildservice.
- Minor fixes.
* Mon Jan 28 2013 mmarek@suse.cz
- Version 4
- Support for firmware signatures.
- Expect the correct archive with signatures (<name>.cpio.rsasign.sig).
- Minor fixes.
* Wed Jan 23 2013 mmarek@suse.cz
- Version 3
- Switch to storing whole files in the *.cpio.rsasign archive.
- Append the signatures to kernel modules.
* Fri Jan 18 2013 mmarek@suse.cz
- Version 2
- Generates another specfile in pesign-repackage.spec to
be able to copy nearly all RPM tags from the original packages.
- Changed to only store sha256 hashes in the *.cpio.rsasign file,
instead of whole files.
* Thu Dec 13 2012 mmarek@suse.com
- Created package with macros and scripts to integrate kernel and
bootloader signing into OBS (fate#314552).
/usr/bin/modsign-repackage /usr/bin/modsign-verify /usr/lib/rpm/brp-suse.d /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux /usr/lib/rpm/brp-suse.d/brp-99-pesign /usr/lib/rpm/pesign /usr/lib/rpm/pesign/gen-hmac /usr/lib/rpm/pesign/kernel-sign-file /usr/lib/rpm/pesign/pesign-gen-repackage-spec /usr/lib/rpm/pesign/pesign-repackage.spec.in /usr/share/doc/packages/pesign-obs-integration /usr/share/doc/packages/pesign-obs-integration/README.md /usr/share/licenses/pesign-obs-integration /usr/share/licenses/pesign-obs-integration/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 23:01:15 2025