From 68384826a6c05ac015ee77ca6479de807b19d2e7 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 28 Nov 2024 12:12:46 +0200
Subject: [PATCH] Sanitize %__foo_sign_cmd macros

These have been in this bizarre double-command format for passing
to execve(), but there's really no point. Just make it a regular
command and pass the same argument as the pathname and argv[0].
No functional changes.
---
 macros.in         | 4 ++--
 sign/rpmgensig.cc | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/macros.in b/macros.in
index 886d24c0bf..db5617d032 100644
--- a/macros.in
+++ b/macros.in
@@ -619,7 +619,7 @@ Supplements:   (%{name} = %{version}-%{release} and langpacks-%{1})\
 #
 %__gpg			@__GPG@
 %__gpg_sign_cmd			%{shescape:%{__gpg}} \
-	gpg --no-verbose --no-armor --no-secmem-warning \
+	--no-verbose --no-armor --no-secmem-warning \
 	%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
 	%{?_gpg_sign_cmd_extra_args} \
 	%{?_openpgp_sign_id:-u %{shescape:%{_openpgp_sign_id}}} \
@@ -628,7 +628,7 @@ Supplements:   (%{name} = %{version}-%{release} and langpacks-%{1})\
 
 %__sq @__SQ@
 %__sq_sign_cmd		%{shescape:%{__sq}} \
-	%{__sq} sign \
+	sign \
         %{?_openpgp_sign_id:--signer-key %{_openpgp_sign_id}} \
 	%{?_sq_sign_cmd_extra_args} \
         --detached --output %{shescape:%{?__signature_filename}} \
diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc
index 85a515e3bd..ad3cf38234 100644
--- a/sign/rpmgensig.cc
+++ b/sign/rpmgensig.cc
@@ -251,7 +251,7 @@ static int runGPG(sigTarget sigt, const char *sigfile)
 	dup2(pipefd[0], STDIN_FILENO);
 	close(pipefd[1]);
 
-	rc = execve(argv[0], argv+1, environ);
+	rc = execve(argv[0], argv, environ);
 
 	rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), argv[0],
 		strerror(errno));