File 0001-Only-extract-RPMs-that-contain-files-to-sign.patch of Package pesign-obs-integration
From 0b1e8e70bb1a98c37a6d2e1e15d76293652f3914 Mon Sep 17 00:00:00 2001
From: vlefebvre <valentin.lefebvre@suse.com>
Date: Wed, 18 Mar 2026 12:04:24 +0100
Subject: [PATCH] Only extract RPMs that contain files to sign
pesign-repackage.spec.in: build a lookup table of files to be signed
from the rsasign cpio archive before the extraction loop. Skip any RPM
whose file list has no match in that table, copying it to OTHER as-is.
modsign-repackage: skip RPMs that contain no .ko file, copying them to
the RPMS output directory unchanged.
This ensures that only packages actually requiring signing are unpacked
into the shared buildroot, avoiding potential conflicts between packages
installing files at the same destination path.
---
modsign-repackage | 9 +++++++++
pesign-repackage.spec.in | 32 ++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/modsign-repackage b/modsign-repackage
index 0e04eae..b24b5f4 100755
--- a/modsign-repackage
+++ b/modsign-repackage
@@ -104,6 +104,15 @@ for rpm; do
cp "$rpm" "$_"
continue
esac
+ # Only extract RPMs that contain kernel modules (.ko) to be signed.
+ # RPMs without .ko files are passed through to the output directory
+ # unchanged to avoid buildroot conflicts with RemovePathPostfixes.
+ if ! rpm -qp --qf '[%{filenames}\n]' "$rpm" 2>/dev/null | grep -q '\.ko$'; then
+ dir="$rpmdir/$(rpm -qp --qf '%{arch}' "$rpm")"
+ mkdir -p "$dir"
+ cp "$rpm" "$dir"
+ continue
+ fi
rpm2cpio "$rpm" | (cd "$buildroot"; cpio -idm --quiet) || exit
d=$(rpm -qp --qf '%{disturl}' "$rpm")
if test -z "$disturl"; then
diff --git a/pesign-repackage.spec.in b/pesign-repackage.spec.in
index 017fcf6..282dc66 100644
--- a/pesign-repackage.spec.in
+++ b/pesign-repackage.spec.in
@@ -56,6 +56,21 @@ pushd %buildroot
disturl=
rpms_filter=@PESIGN_PACKAGES@
rpms=()
+# Collect the set of files scheduled for signing from the rsasign cpio
+# archive. Only RPMs that contain at least one of those files will be
+# extracted into the shared buildroot; all others are forwarded to OTHER
+# unchanged. This preserves the RPM RemovePathPostfixes feature: two
+# sub-packages that install different source files (e.g. foo and
+# foo.standalone) to the same final path no longer conflict during the
+# unpack phase because only the package that actually needs signing is
+# unpacked.
+declare -A files_to_sign=()
+if test -e %_sourcedir/@NAME@.cpio.rsasign.sig; then
+ while IFS= read -r _sigf; do
+ [[ "$_sigf" == *.sig ]] || continue
+ files_to_sign["/${_sigf%.sig}"]=1
+ done < <(cpio -t < %_sourcedir/@NAME@.cpio.rsasign.sig 2>/dev/null)
+fi
for rpm in %_sourcedir/*.rpm; do
case "$rpm" in
*.src.rpm | *.nosrc.rpm)
@@ -85,6 +100,23 @@ for rpm in %_sourcedir/*.rpm; do
cp "$rpm" "$_"
continue
fi
+ # Skip RPMs that do not contain any file scheduled for signing so that
+ # packages using RemovePathPostfixes on the same destination path can
+ # coexist in the buildroot without cpio conflicts.
+ if [ ${#files_to_sign[@]} -gt 0 ]; then
+ _needs_signing=0
+ while IFS= read -r _f; do
+ if [ -n "${files_to_sign["$_f"]+x}" ]; then
+ _needs_signing=1
+ break
+ fi
+ done < <(rpm -qp --qf '[%%{filenames}\n]' "$rpm" 2>/dev/null)
+ if [ "$_needs_signing" -eq 0 ]; then
+ mkdir -p "%_topdir/OTHER"
+ cp "$rpm" "%_topdir/OTHER/"
+ continue
+ fi
+ fi
rpm2cpio "$rpm" | cpio -idm
d=$(rpm -qp --qf '%%{disturl}' "$rpm")
if test -z "$disturl"; then
--
2.52.0
