From mdomonko at redhat.com Fri Jul 1 13:54:57 2022 From: mdomonko at redhat.com (Michal Domonkos) Date: Fri, 1 Jul 2022 15:54:57 +0200 Subject: RPM 4.17.1 released! Message-ID: This is primarily a bug fix release, with select minor enhancements. Highlights include: * New %bcond macro for a nicer way to define build conditionals * New %{verbose:...} macro for verbose mode expansion * Separate warning summary in rpmbuild(8) * OpenPGP parser and IMA security fixes (CVE-2021-3521) * Buildroot policy fixes * Various other important and regression fixes Details and download info at https://rpm.org/wiki/Releases/4.17.1 -- Michal Domonkos / RPM dev team / Red Hat, Inc. From Tim.Mooney at ndsu.edu Tue Jul 26 23:59:52 2022 From: Tim.Mooney at ndsu.edu (Tim Mooney) Date: Tue, 26 Jul 2022 18:59:52 -0500 (CDT) Subject: signing a variable list of packages Message-ID: Hi! With older versions of rpmbuild, I've always used '--sign' with rpmbuild, to sign the packages immediately after they're generated. This has the great advantage that rpmbuild knows all the paths to the list of packages it generates, so it has the information it needs to sign them all. With rpmbuild from RHEL 9, that's no longer possible. It appears to be necessary to run 'rpmsign' as a separate step. My question is whether there's a programmatic way to determine all of the packages that would be generated from a single run of rpmbuild with a particular set of --define, --with-, --without-, etc. I generally use a wrapper script when building RPMs, and now that generating the packages and signing them are separate steps, I need a way to know what packages would be generated via an rpmbuild run so that I can be certain to sign them all immediately afterward. Thanks, Tim -- Tim Mooney Tim.Mooney at ndsu.edu Enterprise Computing & Infrastructure / Division of Information Technology / 701-231-1076 (Voice) North Dakota State University, Fargo, ND 58105-5164 From stuart at gathman.org Wed Jul 27 17:35:01 2022 From: stuart at gathman.org (Stuart D Gathman) Date: Wed, 27 Jul 2022 13:35:01 -0400 (EDT) Subject: signing a variable list of packages In-Reply-To: References: Message-ID: <1de817e9-aa10-e99c-56d-4cc344245e5b@gathman.org> On Tue, 26 Jul 2022, Tim Mooney wrote: > My question is whether there's a programmatic way to determine all of > the packages that would be generated from a single run of rpmbuild with I always use mock to build rpms. When it's done, all the rpms to be signed are collected in the results directory. This also ensure the BuildRequires are correct, that no secret network access to online repos is made, etc, and is slightly more protected against buggy build scripts (rm -rf * tmp) being inside a container (of course any competent malware would simply infect the output applications). Put /var/lib/mock on a tmpfs for best performance. From msuchy at redhat.com Thu Jul 28 07:38:31 2022 From: msuchy at redhat.com (=?UTF-8?Q?Miroslav_Such=c3=bd?=) Date: Thu, 28 Jul 2022 09:38:31 +0200 Subject: signing a variable list of packages In-Reply-To: <1de817e9-aa10-e99c-56d-4cc344245e5b@gathman.org> References: <1de817e9-aa10-e99c-56d-4cc344245e5b@gathman.org> Message-ID: <00dbfec6-4e86-1f80-229d-2b7fadd5294e@redhat.com> Dne 27. 07. 22 v 19:35 Stuart D Gathman napsal(a): >> My question is whether there's a programmatic way to determine all of >> the packages that would be generated from a single run of rpmbuild with > > I always use mock to build rpms.? When it's done, all the rpms to be > signed are collected in the results directory. I will just link documentation https://rpm-software-management.github.io/mock/Plugin-Sign Miroslav -------------- next part -------------- An HTML attachment was scrubbed... URL: