pool/mokutil
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 150393 from home:gary_lin:branches:Base:System

Browse Source 
- Merge patches for FATE#314506
  + Add mokutil-support-crypt-hash-methods.patch to support the
    password hashes from /etc/shadow
  + Add mokutil-update-man-page.patch to update man page for the
    new added options
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS

OBS-URL: https://build.opensuse.org/request/show/150393
OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=6
This commit is contained in:
Gary Ching-Pang Lin 2013-01-30 09:56:06 +00:00 committed by Git OBS Bridge
parent 5d0e0f3e36
commit 747dfe4b95
6 changed files with 2095 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
mokutil-lcrypt-ldflag.patch Normal file
View File

@ -0,0 +1,29 @@
From aa48dc644fbf775970d01a368c532d0668015f18 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 30 Jan 2013 16:30:23 +0800
Subject: [PATCH] Include lcrypt in LDFLAGS
---
src/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index afe1752..de7ddca 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,10 +1,10 @@
bin_PROGRAMS = mokutil
mokutil_CFLAGS = $(OPENSSL_CFLAGS) \
- -lcrypt \
$(WARNINGFLAGS_C)
-mokutil_LDADD = $(OPENSSL_LIBS)
+mokutil_LDADD = $(OPENSSL_LIBS) \
+ -lcrypt
mokutil_SOURCES = efi.h \
efilib.c \
--
1.7.10.4

1911
mokutil-support-crypt-hash-methods.patch Normal file
View File

File diff suppressed because it is too large Load Diff

355
mokutil-support-new-pw-hash.patch
View File

@ -1,7 +1,7 @@
From bd29992e580e9a48dc698e2e108c73b51a98f05f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 15:44:42 +0800
Subject: [PATCH 01/10] Use getopt() to parse options
Subject: [PATCH 1/9] Use getopt() to parse options
---
src/mokutil.c | 259 +++++++++++++++++++++++++++------------------------------
@ -350,7 +350,7 @@ index ea8481a..2ab005c 100644
From 32a919cd2ca89ea0dfcc7644c05a3cf88cbb13c4 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 17:37:30 +0800
Subject: [PATCH 02/10] Adopt new password hash format
Subject: [PATCH 2/9] Adopt new password hash format
old format: MokNew + sha256sum(MokNew + password)
new format: salt + sha256sum(salt + password)
@ -555,7 +555,7 @@ index 2ab005c..61c432d 100644
From 326082d300337b347ae2cc42808ce905dd92eb3b Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 17:59:01 +0800
Subject: [PATCH 03/10] Close the key file
Subject: [PATCH 3/9] Close the key file
---
src/mokutil.c | 2 ++
@ -581,7 +581,7 @@ index 61c432d..86d5328 100644
From 97d977246991f750827764fb48662c8be4b40f78 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 17:07:36 +0800
Subject: [PATCH 04/10] Get rid of misused while statement
Subject: [PATCH 4/9] Get rid of misused while statement
---
src/mokutil.c | 4 ++--
@ -616,7 +616,7 @@ index 86d5328..36783cb 100644
From ca1978555253562c4ad39ff8b050cbbbe485474b Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 17:24:58 +0800
Subject: [PATCH 05/10] Read the password hash from the file
Subject: [PATCH 5/9] Read the password hash from the file
---
src/mokutil.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++-----------
@ -916,7 +916,7 @@ index 36783cb..4b9002e 100644
From c45ffc0d42c0564cf817a1682c0cbd5be164197d Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 18:29:17 +0800
Subject: [PATCH 06/10] Add a new command to generate the password hash
Subject: [PATCH 6/9] Add a new command to generate the password hash
---
src/mokutil.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
@ -1053,7 +1053,7 @@ index 4b9002e..fdb1a2b 100644
From ba347d456e80101b7c4306e7b30465c47c0fbea6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 15 Jan 2013 16:14:32 +0800
Subject: [PATCH 07/10] Amend help
Subject: [PATCH 7/9] Amend help
---
src/mokutil.c | 59 ++++++++++++++++++++++-----------------------------------
@ -1136,7 +1136,7 @@ index fdb1a2b..72a651a 100644
From f1a1c7abd8fde13afcb5196c599c662109936d49 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 15 Jan 2013 17:48:04 +0800
Subject: [PATCH 08/10] New commands to revoke the import or delete request
Subject: [PATCH 8/9] New commands to revoke the import or delete request
---
src/mokutil.c | 58 +++++++++++++++++++++++++++++++++++----------------------
@ -1254,7 +1254,7 @@ index 72a651a..7392845 100644
From 5cd7872982361be10755e3c8e7ecf228da92e164 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 16 Jan 2013 15:12:28 +0800
Subject: [PATCH 09/10] Apply stricter permissions to some variables
Subject: [PATCH 9/9] Apply stricter permissions to some variables
The UEFI variables which contain the password or the password hash
should not be accessed by normal users.
@ -1340,340 +1340,3 @@ index 7392845..c1a0ffc 100644
--
1.7.10.4
From 47645170396e2800980044c7054bcd1078bbba93 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 18 Jan 2013 17:47:04 +0800
Subject: [PATCH 10/10] Extend the password hash format
Several new fields were added to support hash from /etc/shadow.
[Hash Method][Interation Count][Salt Size][Salt][hash]
Besides, the salt is hashed with the 8-bit char password instead of
an efi_char16_t password array.
---
src/PasswordHash.h | 33 ++++++++++++++++
src/mokutil.c | 106 +++++++++++++++++++++++++++++-----------------------
2 files changed, 93 insertions(+), 46 deletions(-)
create mode 100644 src/PasswordHash.h
diff --git a/src/PasswordHash.h b/src/PasswordHash.h
new file mode 100644
index 0000000..2aeded6
--- /dev/null
+++ b/src/PasswordHash.h
@@ -0,0 +1,33 @@
+#ifndef __PASSWORD_HASH_H__
+#define __PASSWORD_HASH_H__
+
+#include <sys/types.h>
+
+#define PASSWORD_HASH_SIZE 88
+
+/* The max salt size (in bits) */
+#define T_DES_SALT_MAX 12
+#define E_BSI_DES_SALT_MAX 24
+#define MD5_SALT_MAX 48
+#define SHA256_SALT_MAX 96
+#define SHA512_SALT_MAX 96
+#define BLOWFISH_SALT_MAX 128
+
+enum HashMethod {
+ Tranditional_DES = 0,
+ Extend_BSDI_DES,
+ MD5_BASED,
+ SHA256_BASED,
+ SHA512_BASED,
+ BLOWFISH_BASED
+};
+
+typedef struct {
+ uint16_t method;
+ uint32_t iter_count;
+ uint16_t salt_size;
+ uint8_t salt[16];
+ uint8_t hash[64];
+} __attribute__ ((packed)) pw_hash_t;
+
+#endif /* __PASSWORD_HASH_H__ */
diff --git a/src/mokutil.c b/src/mokutil.c
index c1a0ffc..38039b9 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -13,6 +13,7 @@
#include "efi.h"
#include "signature.h"
+#include "PasswordHash.h"
#define SHIM_LOCK_GUID \
EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
@@ -20,8 +21,6 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
#define PASSWORD_MAX 16
#define PASSWORD_MIN 8
-#define SALT_SIZE 16
-
#define HELP 0x1
#define LIST_ENROLLED 0x2
#define LIST_NEW 0x4
@@ -359,37 +358,35 @@ error:
return ret;
}
-static void
-generate_salt (uint8_t salt[], unsigned int salt_len)
+static unsigned int
+generate_salt (uint8_t salt[], unsigned int max_size, unsigned int min_size)
{
+ unsigned int salt_len = max_size / 8;
int i;
srand (time (NULL));
for (i = 0; i < salt_len; i++)
salt[i] = rand() % 256;
+
+ return max_size;
}
static int
generate_hash (void *salt, unsigned int salt_len, char *password,
int pw_len, uint8_t *auth)
{
- efi_char16_t efichar_pass[PASSWORD_MAX+1];
- unsigned long efichar_len;
SHA256_CTX ctx;
if (!password || !auth)
return -1;
- efichar_len = efichar_from_char (efichar_pass, password,
- (PASSWORD_MAX+1)*sizeof(efi_char16_t));
-
SHA256_Init (&ctx);
if (salt)
SHA256_Update (&ctx, salt, salt_len);
- SHA256_Update (&ctx, efichar_pass, efichar_len);
+ SHA256_Update (&ctx, password, pw_len);
SHA256_Final (auth, &ctx);
@@ -412,7 +409,7 @@ char_to_int (const char c)
}
static int
-read_hex_array (const char *string, char *out, int len)
+read_hex_array (const char *string, uint8_t *out, unsigned int len)
{
int i, digit_1, digit_2;
@@ -422,17 +419,18 @@ read_hex_array (const char *string, char *out, int len)
if (digit_1 < 0 || digit_2 < 0)
return -1;
- out[i] = (char)digit_1 * 16 + (char)digit_2;
+ out[i] = (uint8_t)digit_1 * 16 + (uint8_t)digit_2;
}
return 0;
}
static int
-get_hash_from_file (const char *file, void *salt, void *hash)
+get_hash_from_file (const char *file, pw_hash_t *pw_hash)
{
FILE *fptr;
- char salt_string[2*SALT_SIZE];
+ unsigned int method, iter_count, salt_size;
+ char salt_string[2*(SHA256_SALT_MAX/8)];
char hash_string[2*SHA256_DIGEST_LENGTH];
fptr = fopen (file, "r");
@@ -441,19 +439,24 @@ get_hash_from_file (const char *file, void *salt, void *hash)
return -1;
}
- memset (salt_string, 0, 2*SALT_SIZE);
+ memset (salt_string, 0, 2*(SHA256_SALT_MAX/8));
memset (hash_string, 0, 2*SHA256_DIGEST_LENGTH);
- fscanf (fptr, "%32c.%64c", salt_string, hash_string);
+ fscanf (fptr, "%x.%x.%x.%24c.%64c", &method, &iter_count, &salt_size,
+ salt_string, hash_string);
fclose (fptr);
- if (read_hex_array (salt_string, salt, SALT_SIZE) < 0) {
+ pw_hash->method = (uint16_t)method;
+ pw_hash->iter_count = (uint32_t)iter_count;
+ pw_hash->salt_size = (uint16_t)salt_size;
+
+ if (read_hex_array (salt_string, pw_hash->salt, salt_size/8) < 0) {
fprintf (stderr, "Corrupted salt\n");
return -1;
}
- if (read_hex_array (hash_string, hash, SHA256_DIGEST_LENGTH) < 0) {
+ if (read_hex_array (hash_string, pw_hash->hash, SHA256_DIGEST_LENGTH) < 0) {
fprintf (stderr, "Corrupted hash\n");
return -1;
}
@@ -467,13 +470,16 @@ update_request (void *new_list, int list_len, uint8_t import,
{
efi_variable_t var;
const char *req_name, *auth_name;
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
- uint8_t auth[SALT_SIZE + SHA256_DIGEST_LENGTH];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len;
int ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (import) {
req_name = "MokNew";
auth_name = "MokAuth";
@@ -483,7 +489,7 @@ update_request (void *new_list, int list_len, uint8_t import,
}
if (hash_file) {
- if (get_hash_from_file (hash_file, salt, hash) < 0) {
+ if (get_hash_from_file (hash_file, &pw_hash) < 0) {
fprintf (stderr, "Failed to read hash\n");
goto error;
}
@@ -493,14 +499,13 @@ update_request (void *new_list, int list_len, uint8_t import,
goto error;
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
}
- memcpy (auth, salt, SALT_SIZE);
- memcpy (auth + SALT_SIZE, hash, SHA256_DIGEST_LENGTH);
if (new_list) {
/* Write MokNew*/
@@ -522,9 +527,9 @@ update_request (void *new_list, int list_len, uint8_t import,
test_and_delete_var (req_name);
}
- /* Write MokAuth */
- var.Data = auth;
- var.DataSize = SHA256_DIGEST_LENGTH + SALT_SIZE;
+ /* Write MokAuth or MokDelAuth */
+ var.Data = (void *)&pw_hash;
+ var.DataSize = PASSWORD_HASH_SIZE;
var.VariableName = auth_name;
var.VendorGuid = SHIM_LOCK_GUID;
@@ -848,15 +853,18 @@ static int
set_password (const char *hash_file)
{
efi_variable_t var;
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
- uint8_t auth[SHA256_DIGEST_LENGTH + SALT_SIZE];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len;
int ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (hash_file) {
- if (get_hash_from_file (hash_file, salt, hash) < 0) {
+ if (get_hash_from_file (hash_file, &pw_hash) < 0) {
fprintf (stderr, "Failed to read hash\n");
goto error;
}
@@ -866,17 +874,16 @@ set_password (const char *hash_file)
goto error;
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
}
- memcpy (auth, salt, SALT_SIZE);
- memcpy (auth + SALT_SIZE, hash, SHA256_DIGEST_LENGTH);
- var.Data = auth;
- var.DataSize = SHA256_DIGEST_LENGTH + SALT_SIZE;
+ var.Data = (void *)&pw_hash;
+ var.DataSize = PASSWORD_HASH_SIZE;
var.VariableName = "MokPW";
var.VendorGuid = SHIM_LOCK_GUID;
@@ -1044,11 +1051,15 @@ reset_moks (const char *hash_file)
static int
generate_pw_hash (const char *input_pw)
{
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len, i, ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (input_pw) {
pw_len = strlen (input_pw);
if (pw_len > PASSWORD_MAX || pw_len < PASSWORD_MIN) {
@@ -1070,19 +1081,22 @@ generate_pw_hash (const char *input_pw)
}
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
/* Print the salt and hash */
- for (i = 0; i < SALT_SIZE; i++) {
- printf ("%x%x", salt[i]/16, salt[i]%16);
+ printf ("%x.%x.%x.", pw_hash.method, pw_hash.iter_count,
+ pw_hash.salt_size);
+ for (i = 0; i < (SHA256_SALT_MAX/8); i++) {
+ printf ("%x%x", pw_hash.salt[i]/16, pw_hash.salt[i]%16);
}
putchar ('.');
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
- printf ("%x%x", hash[i]/16, hash[i]%16);
+ printf ("%x%x", pw_hash.hash[i]/16, pw_hash.hash[i]%16);
putchar ('\n');
ret = 0;
--
1.7.10.4

124
mokutil-update-man-page.patch Normal file
View File

@ -0,0 +1,124 @@
From 53a40965390cfa3b99d636874c6b9d968380f312 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 30 Jan 2013 14:16:16 +0800
Subject: [PATCH] Update man page
---
man/mokutil.1 | 59 +++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 43 insertions(+), 16 deletions(-)
diff --git a/man/mokutil.1 b/man/mokutil.1
index 7a70d3e..fabd7a9 100644
--- a/man/mokutil.1
+++ b/man/mokutil.1
@@ -1,27 +1,41 @@
-.TH MOKUTIL 1 "Wed Nov 07 2012"
+.TH MOKUTIL 1 "Wed Jan 30 2013"
.SH NAME
mokutil \- utility to manipulate machine owner keys
.SH SYNOPSIS
-\fBmokutil\fR [--list-enrolled | -le]
+\fBmokutil\fR [--list-enrolled]
.br
-\fBmokutil\fR [--list-new | -ln]
+\fBmokutil\fR [--list-new]
.br
-\fBmokutil\fR [--import | -i] ...
+\fBmokutil\fR [--import \fIkeylist\fR| -i \fIkeylist\fR]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
-\fBmokutil\fR [--delete-all | -D]
+\fBmokutil\fR [--delete \fIkeylist\fR | -d \fIkeylist\fR]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
-\fBmokutil\fR [--revoke | -r]
+\fBmokutil\fR [--revoke-import]
+.br
+\fBmokutil\fR [--revoke-delete]
.br
\fBmokutil\fR [--export | -x]
.br
\fBmokutil\fR [--password | -p]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
\fBmokutil\fR [--disable-validation]
.br
\fBmokutil\fR [--enable-validation]
.br
+\fBmokutil\fR [--sb-state]
+.br
+\fBmokutil\fR [--test-key | -t] ...
+.br
+\fBmokutil\fR [--reset]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
+.br
+\fBmokutil\fR [--generate-hash=\fIpassword\fR | -g\fIpassword\fR]
+.br
.SH DESCRIPTION
\fBmokutil\fR is a tool to import or delete the machines owner keys
@@ -31,36 +45,49 @@ mokutil \- utility to manipulate machine owner keys
.TP
\fB--list-enrolled\fR
List the keys the already stored in the database
-
.TP
\fB--list-new\fR
List the keys to be enrolled
-
.TP
\fB--import\fR
Collect the followed files and form a request to shim. The files must be in DER
format.
-
.TP
\fB--delete-all\fR
Request shim to delete all stored keys
-
.TP
-\fB--revoke\fR
-Revoke the current request
-
+\fB--revoke-import\fR
+Revoke the current import request (MokNew)
+.TP
+\fB--revoke-delete\fR
+Revoke the current delete request (MokDel)
.TP
\fB--export\fR
Export the keys stored in MokListRT
-
.TP
\fB--password\fR
Setup the password for MokManager
-
.TP
\fB--disable-validation\fR
Disable the validation process in shim
-
.TP
\fB--enrolled-validation\fR
Enable the validation process in shim
+.TP
+\fB--sb-state\fR
+Show SecureBoot State
+.TP
+\fB--test-key\fR
+Test if the key is enrolled or not
+.TP
+\fB--reset\fR
+Reset MOK list
+.TP
+\fB--generate-hash\fR
+Generate the password hash
+.TP
+\fB--hash-file\fR
+Use the password hash from a specific file
+.TP
+\fB--root-pw\fR
+Use the root password hash from /etc/shadow
--
1.7.10.4

10
mokutil.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Jan 30 08:00:22 UTC 2013 - glin@suse.com
- Merge patches for FATE#314506
+ Add mokutil-support-crypt-hash-methods.patch to support the
password hashes from /etc/shadow
+ Add mokutil-update-man-page.patch to update man page for the
new added options
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS
-------------------------------------------------------------------
Fri Jan 18 10:05:27 UTC 2013 - glin@suse.com

12
mokutil.spec
View File

@ -34,6 +34,14 @@ Patch3: mokutil-allow-password-from-pipe.patch
Patch4: mokutil-support-delete-keys.patch
# PATCH-FIX-UPSTREAM mokutil-support-new-pw-hash.patch glin@suse.com -- Support the new password hash format
Patch5: mokutil-support-new-pw-hash.patch
# PATCH-FIX-UPSTREAM mokutil-support-crypt-hash-methods.patch glin@suse.com -- Support the hash methods used for /etc/shadow
Patch6: mokutil-support-crypt-hash-methods.patch
# PATCH-FIX-UPSTREAM mokutil-update-man-page.patch glin@suse.com -- Update man page
Patch7: mokutil-update-man-page.patch
# PATCH-FIX-UPSTREAM mokutil-lcrypt-ldflag.patch glin@suse.com -- Add -lcrpyt correctly
Patch8: mokutil-lcrypt-ldflag.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libopenssl-devel >= 0.9.8
BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -56,8 +64,12 @@ Authors:
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build
autoreconf -i -f
%configure
make