Accepting request 227281 from home:gary_lin:branches:Base:System

- Add mokutil-more-details-for-skipped-keys.patch to show the reason to skip the key - Add mokutil-check-secure-boot-support.patch to check whether the system supports Secure Boot or not OBS-URL: https://build.opensuse.org/request/show/227281 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=20
2014-03-24 09:36:23 +00:00 · 2014-03-24 09:36:23 +00:00 · 1ac1ba5fd6
commit 1ac1ba5fd6
parent c2f76ab77d
4 changed files with 227 additions and 0 deletions
--- a/mokutil-check-secure-boot-support.patch
+++ b/mokutil-check-secure-boot-support.patch
@ -0,0 +1,49 @@
+From e8899f1f26a77dfd870388156381489d53e5548c Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 24 Mar 2014 15:20:27 +0800
+Subject: [PATCH] Check whether the system supports Secure Boot or not
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index cd039f0..149df2b 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -2211,6 +2211,23 @@ main (int argc, char *argv[])
+ 	if (hash_file && use_root_pw)
+ 		command |= HELP;
+ 
+	if (!(command & HELP)) {
+		/* Check whether the machine supports Secure Boot or not */
+		efi_variable_t var;
+		efi_status_t status;
+
+		memset (&var, 0, sizeof(var));
+		var.VariableName = "SecureBoot";
+		var.VendorGuid = EFI_GLOBAL_VARIABLE;
+		status = read_variable (&var);
+		if (status != EFI_SUCCESS) {
+			fprintf (stderr, "This system doesn't support Secure Boot\n");
+			ret = -1;
+			goto out;
+		}
+		free (var.Data);
+	}
+
+ 	switch (command) {
+ 		case LIST_ENROLLED:
+ 		case LIST_ENROLLED | MOKX:
+@@ -2331,6 +2348,7 @@ main (int argc, char *argv[])
+ 			break;
+ 	}
+ 
+out:
+ 	if (files) {
+ 		for (i = 0; i < total; i++)
+ 			free (files[i]);
+-- 
+1.8.4.5
+
--- a/mokutil-more-details-for-skipped-keys.patch
+++ b/mokutil-more-details-for-skipped-keys.patch
@ -0,0 +1,164 @@
+From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 13 Feb 2014 14:32:18 +0800
+Subject: [PATCH 1/3] Be more verbose while skipping a key
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index 1c32313..3655b92 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
+ 			printf ("Removed %s from %s\n", files[i], reverse_req);
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		} else {
+-			printf ("Skip %s\n", files[i]);
+			printf ("%s is already enrolled or in %s request\n", files[i],
+				import?"an enrollment":"a deletion");
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		}
+ 
+-- 
+1.8.4.5
+
+
+From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 24 Mar 2014 14:48:53 +0800
+Subject: [PATCH 2/3] Show more details when skipping a key
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index 3655b92..cd039f0 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
+ 	return 0;
+ }
+ 
+static void
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+		    uint8_t import)
+{
+	if (import) {
+		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in PK\n", filename);
+		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in KEK\n", filename);
+		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+			printf ("SKIP: %s is already in db\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already enrolled\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the enrollement request\n", filename);
+	} else {
+		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is not in MokList\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the deletion request\n", filename);
+	}
+}
+
+ static int
+ issue_mok_request (char **files, uint32_t total, MokRequest req,
+ 		   const char *hash_file, const int root_pw)
+@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
+ 			printf ("Removed %s from %s\n", files[i], reverse_req);
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		} else {
+-			printf ("%s is already enrolled or in %s request\n", files[i],
+-				import?"an enrollment":"a deletion");
+			print_skip_message (files[i], ptr, sizes[i], import);
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		}
+ 
+-- 
+1.8.4.5
+
+
+From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 24 Mar 2014 16:27:06 +0800
+Subject: [PATCH 3/3] Merge MokX for print_skip_message()
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
+ 1 file changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index cd039f0..492dffc 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
+ 
+ static void
+ print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+-		    uint8_t import)
+		    MokRequest req)
+ {
+-	if (import) {
+-		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+	efi_guid_t type = EfiCertX509Guid;
+
+	switch (req) {
+	case ENROLL_MOK:
+		if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))
+ 			printf ("SKIP: %s is already in PK\n", filename);
+-		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+		else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))
+ 			printf ("SKIP: %s is already in KEK\n", filename);
+-		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+		else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
+ 			printf ("SKIP: %s is already in db\n", filename);
+-		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
+ 			printf ("SKIP: %s is already enrolled\n", filename);
+-		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))
+ 			printf ("SKIP: %s is already in the enrollement request\n", filename);
+-	} else {
+-		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		break;
+	case DELETE_MOK:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
+ 			printf ("SKIP: %s is not in MokList\n", filename);
+-		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))
+ 			printf ("SKIP: %s is already in the deletion request\n", filename);
+		break;
+	case ENROLL_BLACKLIST:
+		if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is already in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))
+			printf ("SKIP: %s is already in the MokX enrollment request\n", filename);
+		break;
+	case DELETE_BLACKLIST:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is not in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))
+			printf ("SKIP: %s is already in the MokX deletion request\n", filename);
+		break;
+ 	}
+ }
+ 
+@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
+ 			printf ("Removed %s from %s\n", files[i], reverse_req);
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		} else {
+-			print_skip_message (files[i], ptr, sizes[i], import);
+			print_skip_message (files[i], ptr, sizes[i], req);
+ 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
+ 		}
+ 
+-- 
+1.8.4.5
+
--- a/mokutil.changes
+++ b/mokutil.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Mar 24 07:37:39 UTC 2014 - glin@suse.com
+
+- Add mokutil-more-details-for-skipped-keys.patch to show the
+  reason to skip the key
+- Add mokutil-check-secure-boot-support.patch to check whether the
+  system supports Secure Boot or not
+
 -------------------------------------------------------------------
 Fri Feb 21 10:10:15 UTC 2014 - glin@suse.com

--- a/mokutil.spec
+++ b/mokutil.spec
@ -32,6 +32,10 @@ Patch2:         mokutil-mokx-support.patch
 Patch3:         mokutil-fix-hash-list-size.patch
 # PATCH-FIX-UPSTREAM mokutil-clean-request.patch glin@suse.com -- Clear the request if all keys are removed
 Patch4:         mokutil-clean-request.patch
+# PATCH-FIX-UPSTREAM mokutil-more-details-for-skipped-keys.patch glin@suse.com -- Be more verbose while skipping a key
+Patch5:         mokutil-more-details-for-skipped-keys.patch
+# PATCH-FIX-UPSTREAM mokutil-check-secure-boot-support.patch glin@suse.com -- Check whether the system supports secure boot or not
+Patch6:         mokutil-check-secure-boot-support.patch
 # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate
 Patch100:       mokutil-support-revoke-builtin-cert.patch
 BuildRequires:  autoconf
@ -57,6 +61,8 @@ Authors:
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 %patch100 -p1

 %build