diff --git a/RPM-GPG-KEY-openEuler-22.03-SP1 b/RPM-GPG-KEY-openEuler-compass-ci similarity index 100% rename from RPM-GPG-KEY-openEuler-22.03-SP1 rename to RPM-GPG-KEY-openEuler-compass-ci diff --git a/RPM-GPG-KEY-openEuler-22.03 b/RPM-GPG-KEY-openEuler-localobs similarity index 100% rename from RPM-GPG-KEY-openEuler-22.03 rename to RPM-GPG-KEY-openEuler-localobs diff --git a/kernel.spec b/kernel.spec index 577cdbb..bcd2a1e 100644 --- a/kernel.spec +++ b/kernel.spec @@ -12,7 +12,7 @@ %global upstream_sublevel 0 %global devel_release 146 %global maintenance_release .0.0 -%global pkg_release .76 +%global pkg_release .77 %define with_debuginfo 1 # Do not recompute the build-id of vmlinux in find-debuginfo.sh @@ -53,9 +53,9 @@ Source11: x509.genkey Source12: extra_certificates # openEuler RPM PGP certificates: # 1. openeuler -Source13: RPM-GPG-KEY-openEuler-22.03-SP1 +Source13: RPM-GPG-KEY-openEuler-compass-ci # 2. private OBS -Source14: RPM-GPG-KEY-openEuler-22.03 +Source14: RPM-GPG-KEY-openEuler-localobs Source15: process_pgp_certs.sh %if 0%{?with_kabichk} @@ -889,6 +889,9 @@ fi %endif %changelog +* Mon Sep 18 2023 luhuaxin - 5.10.0-146.0.0.77 +- Rename the PGP certificates + * Tue Jun 06 2023 zhoushuiqing - 5.10.0-146.0.0.76 - Process PGP certs before kernel building diff --git a/process_pgp_certs.sh b/process_pgp_certs.sh index ada3e08..87aae37 100644 --- a/process_pgp_certs.sh +++ b/process_pgp_certs.sh @@ -2,35 +2,35 @@ # from: https://repo.openeuler.org/openEuler-22.03-LTS/source/RPM-GPG-KEY-openEuler # sh256: b09bf8bf7dae9aa6b24b170b6b85dd1717e14e674f270d14da0436e8dfc4260e -CERT_2203="RPM-GPG-KEY-openEuler-22.03" -# from: https://repo.openeuler.org/openEuler-22.03-LTS-SP1/source/RPM-GPG-KEY-openEuler +CERT_2203="RPM-GPG-KEY-openEuler-localobs" +# from: https://repo.openeuler.org/openEuler-22.03-LTS-SPx/source/RPM-GPG-KEY-openEuler # sha256: 006e79d37c10e74c24df6d07c4efc4176515cec009daa5ed493b06f5b6ef39c1 -CERT_2203_SP1="RPM-GPG-KEY-openEuler-22.03-SP1" +CERT_2203_SPx="RPM-GPG-KEY-openEuler-compass-ci" # process result for kernel building CERT_OUT="pubring.gpg" # base64 decode with removing prefix and suffix -for cert in $CERT_2203 $CERT_2203_SP1; do +for cert in $CERT_2203 $CERT_2203_SPx; do cat $cert | head -n -2 | tail -n +2 | base64 -d > $cert.gpg done -# 22.03 SP1 use subkey to sign, but kernel can only parse main key. So we need to +# 22.03 SPx use subkey to sign, but kernel can only parse main key. So we need to # extract subkey information and wrap to a main key format. # The PGP data can be parsered with https://cirw.in/gpg-decoder/ # Extra User ID Packet # start: 400; length: 38 -dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.userid.gpg skip=400 bs=1c count=38 +dd if=$CERT_2203_SPx.gpg of=$CERT_2203_SPx.userid.gpg skip=400 bs=1c count=38 # Extra Public-Subkey Packet # start: 902 + 1(wrap cipherTypeByte); length: 400 - 1 # cipherTypeByte: 0x99 = 10 0110(wrap to a main key) 01 -echo -en "\x99" > $CERT_2203_SP1.subkey.gpg -dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.subkey.gpg skip=903 bs=1c count=399 seek=1 +echo -en "\x99" > $CERT_2203_SPx.subkey.gpg +dd if=$CERT_2203_SPx.gpg of=$CERT_2203_SPx.subkey.gpg skip=903 bs=1c count=399 seek=1 # 22.03 use main key to sign, so we dont need to deal it. # merge all cert information -cat $CERT_2203_SP1.subkey.gpg $CERT_2203_SP1.userid.gpg $CERT_2203.gpg > $CERT_OUT +cat $CERT_2203_SPx.subkey.gpg $CERT_2203_SPx.userid.gpg $CERT_2203.gpg > $CERT_OUT # cleanup rm -f RPM-GPG-KEY-openEuler-*