pesign/pesign.spec

#
# spec file for package pesign
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           pesign
Version:        0.112
Release:        0
Summary:        Signing tool for PE-COFF binaries
License:        GPL-2.0
Group:          Productivity/Security
Url:            https://github.com/rhinstaller/pesign
Source:         https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch1:         pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
Patch2:         pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
Patch3:         pesign-privkey_unneeded.diff
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
Patch5:         pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
Patch6:         pesign-fix-authvar-write-loop.patch
# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch glin@suse.com -- Fix the argument list parsing
Patch7:         pesign-fix-argument-list.patch
BuildRequires:  efivar-devel
BuildRequires:  libuuid-devel
BuildRequires:  mozilla-nss-devel
BuildRequires:  pkg-config
BuildRequires:  popt-devel
BuildRequires:  pkgconfig(systemd)
Requires(pre):  pwdutils
%{?systemd_requires}
ExclusiveArch:  ia64 %ix86 x86_64 aarch64

%description
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
with the PE and Authenticode specifications.

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1

%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"

%install
make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign

mkdir -p %{buildroot}%{_sbindir}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir} install_systemd

# create rcsymlink
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

# there's some stuff that's not really meant to be shipped yet
rm -rf %{buildroot}/boot %{buildroot}%{_prefix}/include
rm -rf %{buildroot}%{_libdir}/libdpe*

%pre
getent group pesign >/dev/null || groupadd -r pesign
getent passwd pesign >/dev/null || useradd -r -g pesign -d %{_localstatedir}/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign
%service_add_pre pesign.service

%preun
%service_del_preun pesign.service

%post
%service_add_post pesign.service
systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :

%postun
%service_del_postun pesign.service

%files
%defattr(-,root,root)
%doc COPYING
%{_bindir}/pesign
%{_bindir}/pesign-client
%{_bindir}/efikeygen
%{_bindir}/pesigcheck
%{_bindir}/efisiglist
%{_bindir}/authvar
%{_sbindir}/rcpesign
%dir %{_sysconfdir}/pesign
%{_sysconfdir}/pesign/*
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/
%config %{_sysconfdir}/rpm/macros.pesign
%{_mandir}/man?/*
%{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf
%dir %{_libexecdir}/pesign
%{_libexecdir}/pesign/pesign-authorize-*
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}

%changelog