代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/openEuler-rpm-config 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 0449160c84daff8c557dee47a970e4f4837ff81d Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Mon, 12 Dec 2022 00:16:01 +0800
Subject: [PATCH] support EBS sign for IMA digest list
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
brp-digest-list | 16 ++++++++++++++++
brp-ebs-sign | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+)
create mode 100644 brp-ebs-sign
diff --git a/brp-digest-list b/brp-digest-list
index e698b7a..9ec50a2 100644
--- a/brp-digest-list
+++ b/brp-digest-list
@@ -84,6 +84,22 @@ if [[ "$(basename $BIN_PKG_FILES)" =~ "digest-list-tools" && \
chmod 644 $f
echo $f
+ # do EBS sign
+ export PUBLISHER_HOST=$(grep PUBLISHER_HOST /lkp/scheduled/job.yaml | awk '{print $2}')
+ export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
+ if [[ -n "$PUBLISHER_HOST" && -n "$PUBLISHER_PORT" ]]; then
+ [ -f /usr/lib/rpm/brp-ebs-sign ] || exit 0
+ for f in $(ls $DIGEST_LIST_DIR); do
+ sh /usr/lib/rpm/brp-ebs-sign $DIGEST_LIST_DIR/$f &> /dev/null
+ [ -f $DIGEST_LIST_DIR/$f.sig ] || exit 0
+ chmod 644 $DIGEST_LIST_DIR/$f.sig
+ mv $DIGEST_LIST_DIR/$f.sig $DIGEST_LIST_DIR.sig/$f.sig
+ echo $DIGEST_LIST_DIR.sig/$f.sig
+ done
+ exit 0
+ fi
+
+ # do OBS sign
[ -f /usr/lib/rpm/brp-suse.d/brp-99-pesign ] || exit 0
export BRP_PESIGN_FILES="$2/etc/ima/digest_lists/*"
diff --git a/brp-ebs-sign b/brp-ebs-sign
new file mode 100644
index 0000000..662a9f7
--- /dev/null
+++ b/brp-ebs-sign
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# config
+PUBLISHER_ADDR="http://${PUBLISHER_HOST}:${PUBLISHER_PORT}/sign-files"
+POST_KEY_BASE64="encoded_file_content"
+POST_KEY_MD5="file_md5"
+REQ_KEY_BASE64="signed_file_content"
+REQ_KEY_MD5="signed_file_md5"
+
+# function definition
+get_json_value(){
+ echo "$1" | awk -F "[{,:}]" '{for(i=1;i<NF;i++){if($i~"'$2'"){print $(i+1)}}}' | sed 's/\"//g'
+}
+
+file="$1"
+file_base64="$(base64 -w0 $file)"
+file_md5="$(md5sum $file | awk '{printf $1}')"
+json="{\"$POST_KEY_BASE64\":\"$file_base64\", \"$POST_KEY_MD5\":\"$file_md5\"}"
+
+req="$(curl -X POST "$PUBLISHER_ADDR" -H 'Content-Type: application/json' -d "$json")"
+[ $? -eq 0 ] || { echo "Fail to post sign service, REQ="; echo "req"; exit 1; }
+
+sig_base64=$(get_json_value "$req" "$REQ_KEY_BASE64")
+[ $? -eq 0 ] || { echo "Fail to parser $REQ_KEY_BASE64"; exit 1; }
+echo -e "$sig_base64" | base64 -d > $file.sig
+[ $? -eq 0 ] || { echo "Fail to decode value of $key"; exit 1; }
+
+sig_md5=$(get_json_value "$req" "$REQ_KEY_MD5")
+[ $? -eq 0 ] || { echo "Fail to parser $REQ_KEY_MD5"; exit 1; }
+md5sum $file.sig | grep "$sig_md5"
+[ $? -eq 0 ] || { echo "Fail to check md5 of $file.sig"; exit 1; }
+
+echo "Sign $file ok!"
+exit 0
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。