From a895e9e125eff9d662b3bdb139995efca599fd60 Mon Sep 17 00:00:00 2001
From: yugozhang <yugozhang@tencent.com>
Date: Fri, 20 Mar 2026 16:38:04 +0800
Subject: [PATCH] add requires openssl-devel, and add sign retry mode.

---
 dkms-custom-sign-file | 59 +++++++++++++++++++++++++++++++------------
 dkms.spec             |  8 ++++--
 2 files changed, 49 insertions(+), 18 deletions(-)

diff --git a/dkms-custom-sign-file b/dkms-custom-sign-file
index 9193e38..d306267 100755
--- a/dkms-custom-sign-file
+++ b/dkms-custom-sign-file
@@ -152,26 +152,53 @@ custom_sign() {
 
     log "模块 hash: $kmod_hash"
 
-    # 5. 调用签名平台 API
+    # 4. 调用签名平台 API（含重试机制）
     log "请求签名平台..."
     local temp_response
     temp_response=$(mktemp)
-    
     local http_code
-    http_code=$(curl -s -w "%{http_code}" -o "$temp_response" \
-        -X POST \
-        -H "Content-Type: application/json" \
-        -d "{\"data\": \"${kmod_hash}\", \"certificate_id\": \"${certificate_id}\", \"data_type\": \"HASH_VALUE\", \"hash_algorithm\": \"SHA256\"}" \
-        "${signing_api_url}/certificates/sign")
-        
-    if [[ "$http_code" != "200" ]]; then
-        log_error "签名平台返回错误: HTTP $http_code"
-        echo "--- 签名平台响应内容 ---" >> "$LOG_FILE"
-        cat "$temp_response" >> "$LOG_FILE"
-        echo "" >> "$LOG_FILE"
-        rm -f "$temp_response"
-        return 1
-    fi
+    local retry_intervals=(1 3 5)
+    local max_retries=${#retry_intervals[@]}
+    local attempt=0
+    local success=0
+
+    while true; do
+        http_code=$(curl -s -w "%{http_code}" -o "$temp_response" \
+            -X POST \
+            -H "Content-Type: application/json" \
+            -d "{\"data\": \"${kmod_hash}\", \"certificate_id\": \"${certificate_id}\", \"data_type\": \"HASH_VALUE\", \"hash_algorithm\": \"SHA256\"}" \
+            "${signing_api_url}/certificates/sign")
+
+        if [[ "$http_code" == "200" ]]; then
+            success=1
+            break
+        fi
+
+        # 4xx: 客户端错误，不可重试
+        if [[ "$http_code" =~ ^4[0-9]{2}$ ]]; then
+            log_error "签名平台返回客户端错误: HTTP $http_code (不可重试)"
+            echo "--- 签名平台响应内容 ---" >> "$LOG_FILE"
+            cat "$temp_response" >> "$LOG_FILE"
+            echo "" >> "$LOG_FILE"
+            rm -f "$temp_response"
+            return 1
+        fi
+
+        # 其他错误码：重试
+        if [[ $attempt -ge $max_retries ]]; then
+            log_error "签名平台返回错误: HTTP $http_code, 已重试 $max_retries 次仍失败"
+            echo "--- 签名平台响应内容 ---" >> "$LOG_FILE"
+            cat "$temp_response" >> "$LOG_FILE"
+            echo "" >> "$LOG_FILE"
+            rm -f "$temp_response"
+            return 1
+        fi
+
+        local wait_sec=${retry_intervals[$attempt]}
+        log "签名平台返回 HTTP $http_code, ${wait_sec}s 后第 $((attempt + 1))/$max_retries 次重试..."
+        sleep "$wait_sec"
+        ((attempt++))
+    done
     
     # 5. 提取 PKCS#7 签名
     log "提取签名数据..."
diff --git a/dkms.spec b/dkms.spec
index ad26ad9..ddd724d 100644
--- a/dkms.spec
+++ b/dkms.spec
@@ -1,7 +1,7 @@
 Summary:        Dynamic Kernel Module Support Framework
 Name:           dkms
 Version:        3.2.2
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        GPLv2+
 URL:            http://linux.dell.com/dkms
 Source0:        https://github.com/dell/%{name}/archive/v%{version}.tar.gz
@@ -23,7 +23,7 @@ Requires(post):     systemd
 Requires(preun):    systemd
 Requires(postun):   systemd
 
-Requires:       curl openssl jq
+Requires:       curl openssl openssl-devel jq
 
 %description
 This package provides the framework for the Dynamic Kernel Module Support (DKMS)
@@ -175,6 +175,10 @@ echo "=== All build verification checks passed ==="
 
 
 %changelog
+* Fri Mar 20 2026 yugozhang <yugozhang@tencent.com> - 3.2.2-6
+- [type] sync
+- Added `openssl-devel` as a runtime dependency, added a signature retry mechanism.
+
 * Mon Mar 09 2026 yugozhang <yugozhang@tencent.com> - 3.2.2-5
 - [type] sync
 - add custom signing support: use /etc/dkms/token to detect internal machines
-- 
Gitee