From 38f89fe38eb3d445663c3181fa5fde9802cecfab Mon Sep 17 00:00:00 2001 From: ExtinctFire Date: Sat, 17 Dec 2022 18:55:08 +0800 Subject: [PATCH] Add DIM support Signed-off-by: ExtinctFire (cherry picked from commit 543466a819bb5ec58087623eb343c98def7515ad) --- Add-support-for-DIM.patch | 27 +++++++++++++++++++++++++++ pesign-obs-integration.spec | 8 +++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 Add-support-for-DIM.patch diff --git a/Add-support-for-DIM.patch b/Add-support-for-DIM.patch new file mode 100644 index 0000000..f250cf6 --- /dev/null +++ b/Add-support-for-DIM.patch @@ -0,0 +1,27 @@ +From 47d79f48c0f5d4b5ce02e33d54fb1954df41fb2f Mon Sep 17 00:00:00 2001 +From: zhangyiru330 +Date: Mon, 7 Mar 2022 14:32:49 +0800 +Subject: [PATCH] Add support for DIM + +--- + pesign-repackage.spec.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in +index 6dae3a9..8b4b550 100644 +--- a/pesign-repackage.spec.in ++++ b/pesign-repackage.spec.in +@@ -138,6 +138,10 @@ for sig in "${sigs[@]}"; do + mkdir -p %buildroot/etc/ima/digest_lists.sig + cp $sig %buildroot/etc/ima/digest_lists.sig + ;; ++ */etc/dim/digest_list/*) ++ mkdir -p %buildroot/etc/dim/digest_list ++ cp $sig %buildroot/etc/dim/digest_list ++ ;; + *.ko.sig) + /usr/lib/rpm/pesign/kernel-sign-file -i pkcs7 -s "$sig" sha256 "$cert" "$f" + ;; +-- +1.8.3.1 + diff --git a/pesign-obs-integration.spec b/pesign-obs-integration.spec index 3eabdc7..48be0c8 100644 --- a/pesign-obs-integration.spec +++ b/pesign-obs-integration.spec @@ -23,7 +23,7 @@ Summary: Macros and scripts to sign the kernel and bootloader License: GPL-2.0-only Group: Development/Tools/Other Version: 10.1 -Release: 2 +Release: 4 Requires: fipscheck %if 0%{?suse_version} Requires: mozilla-nss-tools @@ -43,6 +43,9 @@ Patch2: Skip-processing-of-ghost-files-as-they-are-not-extra.patch Patch3: Add-support-for-digest-lists.patch Patch4: Don-t-set-files-variable-in-brp-99-pesign.patch Patch5: Disable-building-debug-packages.patch + +Patch9000: Add-support-for-DIM.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} # suse-module-tools <= 15.0.10 contains modsign-verify @@ -87,6 +90,9 @@ fi /usr/lib/rpm/* %changelog +* Sat Dec 17 2022 ExtinctFire - 10.1-4 +- Add DIM support + * Wed Jul 22 2020 Roberto Sassu - 10.1-2 - Add Require-nss-util-for-building-in-pesign-repackage.sp.patch