packages/kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename the PGP certificates

Browse Source
This commit is contained in:
Huaxin Lu 2023-09-18 11:17:31 +08:00
parent f6fa0b3832
commit 5dbcca216a
4 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
RPM-GPG-KEY-openEuler-22.03-SP1 → RPM-GPG-KEY-openEuler-compass-ci
View File

0
RPM-GPG-KEY-openEuler-22.03 → RPM-GPG-KEY-openEuler-localobs
View File

9
kernel.spec
View File

@ -12,7 +12,7 @@
%global upstream_sublevel 0
%global devel_release 146
%global maintenance_release .0.0
%global pkg_release .76
%global pkg_release .77
%define with_debuginfo 1
# Do not recompute the build-id of vmlinux in find-debuginfo.sh
@ -53,9 +53,9 @@ Source11: x509.genkey
Source12: extra_certificates
# openEuler RPM PGP certificates:
# 1. openeuler <openeuler@compass-ci.com>
Source13: RPM-GPG-KEY-openEuler-22.03-SP1
Source13: RPM-GPG-KEY-openEuler-compass-ci
# 2. private OBS <defaultkey@localobs>
Source14: RPM-GPG-KEY-openEuler-22.03
Source14: RPM-GPG-KEY-openEuler-localobs
Source15: process_pgp_certs.sh
%if 0%{?with_kabichk}
@ -889,6 +889,9 @@ fi
%endif
%changelog
* Mon Sep 18 2023 luhuaxin <luhuxin1@huawei.com> - 5.10.0-146.0.0.77
- Rename the PGP certificates
* Tue Jun 06 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 5.10.0-146.0.0.76
- Process PGP certs before kernel building

18
process_pgp_certs.sh
View File

@ -2,35 +2,35 @@
# from: https://repo.openeuler.org/openEuler-22.03-LTS/source/RPM-GPG-KEY-openEuler
# sh256: b09bf8bf7dae9aa6b24b170b6b85dd1717e14e674f270d14da0436e8dfc4260e
CERT_2203="RPM-GPG-KEY-openEuler-22.03"
# from: https://repo.openeuler.org/openEuler-22.03-LTS-SP1/source/RPM-GPG-KEY-openEuler
CERT_2203="RPM-GPG-KEY-openEuler-localobs"
# from: https://repo.openeuler.org/openEuler-22.03-LTS-SPx/source/RPM-GPG-KEY-openEuler
# sha256: 006e79d37c10e74c24df6d07c4efc4176515cec009daa5ed493b06f5b6ef39c1
CERT_2203_SP1="RPM-GPG-KEY-openEuler-22.03-SP1"
CERT_2203_SPx="RPM-GPG-KEY-openEuler-compass-ci"
# process result for kernel building
CERT_OUT="pubring.gpg"
# base64 decode with removing prefix and suffix
for cert in $CERT_2203 $CERT_2203_SP1; do
for cert in $CERT_2203 $CERT_2203_SPx; do
cat $cert | head -n -2 | tail -n +2 | base64 -d > $cert.gpg
done
# 22.03 SP1 use subkey to sign, but kernel can only parse main key. So we need to
# 22.03 SPx use subkey to sign, but kernel can only parse main key. So we need to
# extract subkey information and wrap to a main key format.
# The PGP data can be parsered with https://cirw.in/gpg-decoder/
# Extra User ID Packet
# start: 400; length: 38
dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.userid.gpg skip=400 bs=1c count=38
dd if=$CERT_2203_SPx.gpg of=$CERT_2203_SPx.userid.gpg skip=400 bs=1c count=38
# Extra Public-Subkey Packet
# start: 902 + 1(wrap cipherTypeByte); length: 400 - 1
# cipherTypeByte: 0x99 = 10 0110(wrap to a main key) 01
echo -en "\x99" > $CERT_2203_SP1.subkey.gpg
dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.subkey.gpg skip=903 bs=1c count=399 seek=1
echo -en "\x99" > $CERT_2203_SPx.subkey.gpg
dd if=$CERT_2203_SPx.gpg of=$CERT_2203_SPx.subkey.gpg skip=903 bs=1c count=399 seek=1
# 22.03 use main key to sign, so we dont need to deal it.
# merge all cert information
cat $CERT_2203_SP1.subkey.gpg $CERT_2203_SP1.userid.gpg $CERT_2203.gpg > $CERT_OUT
cat $CERT_2203_SPx.subkey.gpg $CERT_2203_SPx.userid.gpg $CERT_2203.gpg > $CERT_OUT
# cleanup
rm -f RPM-GPG-KEY-openEuler-*