automatic import of openEuler-rpm-config

1 files changed, 98 insertions, 0 deletions

diff --git a/brp-digest-list b/brp-digest-list
new file mode 100755
index 0000000..2f0681d
--- /dev/null
+++ b/brp-digest-list
@@ -0,0 +1,98 @@
+#!/usr/bin/sh
+
+# Get build root
+RPM_BUILD_ROOT="${1}"
+
+# If using normal root, avoid changing anything.
+if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
+	exit 0
+fi
+
+# Create temporary file listing files in the manifest
+TMPDIR="/tmp"
+BIN_PKG_FILES=${TMPDIR}/${3%%.rpm}
+cat - > $BIN_PKG_FILES
+
+# Ensure temporary file is cleaned up when we exit
+trap "rm -f \"${BIN_PKG_FILES}\"" 0 2 3 5 10 13 15
+
+# File empty, exit
+if [ -L $BIN_PKG_FILES ] || [ -z $(head -c 1 $BIN_PKG_FILES) ]; then
+	exit 0
+fi
+
+# Create directory for digest lists
+DIGEST_LIST_DIR=$RPM_BUILD_ROOT/$2/etc/ima/digest_lists
+mkdir -p $DIGEST_LIST_DIR
+mkdir -p $DIGEST_LIST_DIR.tlv
+
+# Generate digest list for the kernel
+gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
+	-i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \
+	-A $RPM_BUILD_ROOT -i e: \
+	-i E:/usr/src \
+	-i E:/boot/efi \
+	-i F:/lib \
+	-i F:/usr/lib \
+	-i F:/lib64 \
+	-i F:/usr/lib64 \
+	-i F:/lib/modules \
+	-i F:/usr/lib/modules \
+	-i F:/lib/firmware \
+	-i F:/usr/lib/firmware
+
+DIGEST_LIST_PATH="$DIGEST_LIST_DIR/0-metadata_list-compact-$(basename $BIN_PKG_FILES)"
+[ -f $DIGEST_LIST_PATH ] || exit 0
+
+chmod 644 $DIGEST_LIST_PATH
+echo $DIGEST_LIST_PATH
+
+# Generate TLV digest list to check metadata
+gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR.tlv \
+	-i l:policy -i i: -o add -p -1 -m immutable -i L:$BIN_PKG_FILES -i u: \
+	-T -A $RPM_BUILD_ROOT -i e: \
+	-i E:/usr/src \
+	-i E:/boot/efi \
+	-i F:/lib \
+	-i F:/usr/lib \
+	-i F:/lib64 \
+	-i F:/usr/lib64 \
+	-i F:/lib/modules \
+	-i F:/usr/lib/modules \
+	-i F:/lib/firmware \
+	-i F:/usr/lib/firmware
+
+DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basename $BIN_PKG_FILES)"
+[ -f $DIGEST_LIST_TLV_PATH ] || exit 0
+
+chmod 644 $DIGEST_LIST_TLV_PATH
+echo $DIGEST_LIST_TLV_PATH
+
+#if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
+#      ! $(basename $BIN_PKG_FILES) =~ "debug" ]]; then
+# Generate digest list for the user space parsers
+
+# do EBS sign
+export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
+export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
+if [[ -n "$PUBLISHER_HOST" && -n "$PUBLISHER_PORT" ]]; then
+	[ -f /usr/lib/rpm/brp-ebs-sign ] || exit 0
+	sh /usr/lib/rpm/brp-ebs-sign --ima-digestlist $DIGEST_LIST_PATH 1>&2
+	[ -f $DIGEST_LIST_PATH.sig ] || exit 0
+	chmod 644 $DIGEST_LIST_PATH.sig
+	mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
+	exit 0
+fi
+
+# do OBS sign
+[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
+
+export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
+export RPM_BUILD_ROOT
+export RPM_PACKAGE_NAME="digest-list-tools"
+export RPM_SOURCE_DIR="$(rpm --eval %_topdir)/SOURCES"
+
+if [ -f "/usr/lib/rpm/brp-suse.d/brp-99-pesign" ]; then
+	/usr/lib/rpm/brp-suse.d/brp-99-pesign &> /dev/null
+fi
+#fi