pool/pesign
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 346961 from home:gary_lin:branches:Base:System

Browse Source 
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
  + pesign-efivar-pkgconfig.patch
  + pesign-make-efi_guid_t-const.patch
  + pesign-fix-import-sig-check.patch
  + pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
  and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch

OBS-URL: https://build.opensuse.org/request/show/346961
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=36
This commit is contained in:
Gary Ching-Pang Lin 2015-12-01 09:03:35 +00:00 committed by Git OBS Bridge
parent 8b2e52b508
commit 3e44889555
14 changed files with 260 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pesign-0.110.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
size 87420

3
pesign-0.111.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b11951d06c999c5d7b0e98e6bdc50368b3a9878844b68631e3ef98780f677096
size 90725

28
pesign-efivar-pkgconfig.patch
View File

@ -1,28 +0,0 @@
From 2a1de2b6535161b1bd600ec2262e81e9f7aeffcc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 26 May 2015 09:43:10 -0400
Subject: [PATCH] Make efivar compiler parameters come from pkg-config.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 007505c..dd69425 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -3,8 +3,8 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
-PKLIBS = nss
-LIBS = popt uuid efivar
+PKLIBS = nss efivar
+LIBS = popt uuid
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
LDFLAGS =
CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
--
2.1.4

40
pesign-fix-build-errors.patch
View File

@ -1,7 +1,7 @@
diff --git a/src/daemon.c b/src/daemon.c Index: pesign-0.111/src/daemon.c
index c14b64b..5652ba1 100644 ===================================================================
--- a/src/daemon.c --- pesign-0.111.orig/src/daemon.c
+++ b/src/daemon.c +++ pesign-0.111/src/daemon.c
@@ -544,7 +544,11 @@ malformed: @@ -544,7 +544,11 @@ malformed:
if (rc < 0) { if (rc < 0) {
err_attached: err_attached:
@ -55,7 +55,7 @@ index c14b64b..5652ba1 100644
} }
finish: finish:
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork) @@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce
exit(1); exit(1);
} }
@ -69,11 +69,11 @@ index c14b64b..5652ba1 100644
if (getuid() == 0) { if (getuid() == 0) {
/* process is running as root, drop privileges */ /* process is running as root, drop privileges */
diff --git a/src/password.c b/src/password.c Index: pesign-0.111/src/password.c
index 43186df..9a9c911 100644 ===================================================================
--- a/src/password.c --- pesign-0.111.orig/src/password.c
+++ b/src/password.c +++ pesign-0.111/src/password.c
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, @@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input
echoOff(infd); echoOff(infd);
} }
@ -83,10 +83,10 @@ index 43186df..9a9c911 100644
if (isTTY) { if (isTTY) {
fprintf(output, "\n"); fprintf(output, "\n");
diff --git a/src/pesign.c b/src/pesign.c Index: pesign-0.111/src/pesign.c
index ff4f2bf..40a1e43 100644 ===================================================================
--- a/src/pesign.c --- pesign-0.111.orig/src/pesign.c
+++ b/src/pesign.c +++ pesign-0.111/src/pesign.c
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx) @@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
addr = pe_rawfile(ctx->inpe, &size); addr = pe_rawfile(ctx->inpe, &size);
@ -98,18 +98,18 @@ index ff4f2bf..40a1e43 100644
+ } + }
lseek(ctx->outfd, 0, SEEK_SET); lseek(ctx->outfd, 0, SEEK_SET);
- write(ctx->outfd, addr, size); - write(ctx->outfd, addr, size);
+ if (write(ctx->outfd, addr, size) != size) { + if ((size_t)write(ctx->outfd, addr, size) != size) {
+ fprintf(stderr, "pesign: could not write output file: %m\n"); + fprintf(stderr, "pesign: could not write output file: %m\n");
+ exit(1); + exit(1);
+ } + }
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
diff --git a/src/signed_data.c b/src/signed_data.c Index: pesign-0.111/src/signed_data.c
index 2fa1cdd..247ec57 100644 ===================================================================
--- a/src/signed_data.c --- pesign-0.111.orig/src/signed_data.c
+++ b/src/signed_data.c +++ pesign-0.111/src/signed_data.c
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S @@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm
SpcSignerInfo **signerInfo_list; SpcSignerInfo **signerInfo_list;
int err, rc; int err, rc;

30
pesign-fix-import-sig-check.patch
View File

@ -1,30 +0,0 @@
From b5f822be1da9c8e4f6e04286b4b7ab73165478ab Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 25 Nov 2014 15:28:40 +0800
Subject: [PATCH] Correct the signature size check
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/actions.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/actions.c b/src/actions.c
index 74a34e3..44c9675 100644
--- a/src/actions.c
+++ b/src/actions.c
@@ -416,10 +416,9 @@ check_signature_space(pesign_context *ctx)
ssize_t available = available_cert_space(ctx->outpe);
ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
- if (available == target)
- return;
+ target += ALIGNMENT_PADDING(target, 8);
- if (target + 8 > available)
+ if (available >= target)
return;
fprintf(stderr, "Could not add new signature: insufficient space.\n");
--
2.1.2

71
pesign-fix-signness.patch Normal file
View File

@ -0,0 +1,71 @@
From ae2520e013caf4f5d0dae89623dc08925d6cd472 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 28 Oct 2015 15:58:07 -0400
Subject: [PATCH] Fix one more -Wsign-compare problem I missed.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/daemon.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c
index 02b7352..175c874 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -194,7 +194,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -202,10 +202,10 @@ malformed:
goto malformed;
pesignd_string *tp = pesignd_string_next(tn);
- if (n < (long long)sizeof(tp->size))
+ if ((size_t)n < sizeof(tp->size))
goto malformed;
n -= sizeof(tp->size);
- if (n < tp->size)
+ if ((size_t)n < tp->size)
goto malformed;
n -= tp->size;
@@ -298,7 +298,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -487,7 +487,7 @@ malformed:
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -497,11 +497,11 @@ malformed:
if (!ctx->cms->tokenname)
goto oom;
- if (n < (long long)sizeof(tn->size))
+ if ((size_t)n < sizeof(tn->size))
goto malformed;
pesignd_string *cn = pesignd_string_next(tn);
n -= sizeof(cn->size);
- if (n < cn->size)
+ if ((size_t)n < cn->size)
goto malformed;
ctx->cms->certname = PORT_ArenaStrdup(ctx->cms->arena,
--
2.6.2

23
pesign-install-supplementary-programs.patch
View File

@ -1,23 +0,0 @@
diff --git a/src/Makefile b/src/Makefile
index 4c86a2a..062b544 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -79,14 +79,16 @@ install :
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/

107
pesign-make-efi_guid_t-const.patch
View File

@ -1,107 +0,0 @@
From 727f93f8ea3dc467694d541d28ba4f1ed0e0a671 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 7 Nov 2014 14:09:41 -0500
Subject: [PATCH] make efi_guid_t's const.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/cms_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index a360961..7e032c8 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -45,7 +45,7 @@ struct digest_param {
SECOidTag digest_tag;
SECOidTag signature_tag;
SECOidTag digest_encryption_tag;
- efi_guid_t *efi_guid;
+ const efi_guid_t *efi_guid;
int size;
};
--
2.1.4
From ac9de615112114e222527b2eabc9b7f2642f01fe Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 26 May 2015 09:42:32 -0400
Subject: [PATCH] Propogate some "const" declarations better.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/efisiglist.c | 2 +-
src/siglist.c | 8 ++++----
src/siglist.h | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/efisiglist.c b/src/efisiglist.c
index aedfc4c..a078640 100644
--- a/src/efisiglist.c
+++ b/src/efisiglist.c
@@ -32,7 +32,7 @@
struct hash_param {
char *name;
- efi_guid_t *guid;
+ const efi_guid_t *guid;
int size;
};
diff --git a/src/siglist.c b/src/siglist.c
index 38a9a2a..a7154aa 100644
--- a/src/siglist.c
+++ b/src/siglist.c
@@ -51,7 +51,7 @@ struct efi_signature_list {
};
struct signature_list {
- efi_guid_t *SignatureType;
+ const efi_guid_t *SignatureType;
uint32_t SignatureListSize;
uint32_t SignatureHeaderSize;
uint32_t SignatureSize;
@@ -60,7 +60,7 @@ struct signature_list {
};
struct sig_type {
- efi_guid_t *type;
+ const efi_guid_t *type;
uint32_t size;
};
@@ -78,7 +78,7 @@ static struct sig_type sig_types[] = {
static int num_sig_types = sizeof (sig_types) / sizeof (struct sig_type);
static int32_t
-get_sig_type_size(efi_guid_t *sig_type)
+get_sig_type_size(const efi_guid_t *sig_type)
{
for (int i = 0; i < num_sig_types; i++) {
if (!memcmp(sig_type, sig_types[i].type, sizeof (*sig_type)))
@@ -88,7 +88,7 @@ get_sig_type_size(efi_guid_t *sig_type)
}
signature_list *
-signature_list_new(efi_guid_t *SignatureType)
+signature_list_new(const efi_guid_t *SignatureType)
{
int32_t size = get_sig_type_size(SignatureType);
if (size < 0)
diff --git a/src/siglist.h b/src/siglist.h
index e789264..2b72a27 100644
--- a/src/siglist.h
+++ b/src/siglist.h
@@ -21,7 +21,7 @@
typedef struct signature_list signature_list;
-extern signature_list *signature_list_new(efi_guid_t *SignatureType);
+extern signature_list *signature_list_new(const efi_guid_t *SignatureType);
extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
uint8_t *sig, uint32_t sigsize);
extern int signature_list_realize(signature_list *sl,
--
2.1.4

30
pesign-privkey_unneeded.diff
View File

@ -4,9 +4,11 @@
src/pesign.c | 1 + src/pesign.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-) 3 files changed, 12 insertions(+), 2 deletions(-)
--- a/src/cms_common.c Index: pesign-0.111/src/cms_common.c
+++ b/src/cms_common.c ===================================================================
@@ -272,6 +272,7 @@ struct cbdata { --- pesign-0.111.orig/src/cms_common.c
+++ pesign-0.111/src/cms_common.c
@@ -280,6 +280,7 @@ struct cbdata {
CERTCertificate *cert; CERTCertificate *cert;
PK11SlotListElement *psle; PK11SlotListElement *psle;
secuPWData *pwdata; secuPWData *pwdata;
@ -14,7 +16,7 @@
}; };
static SECStatus static SECStatus
@@ -283,6 +284,12 @@ is_valid_cert(CERTCertificate *cert, voi @@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
void *pwdata = cbdata->pwdata; void *pwdata = cbdata->pwdata;
SECKEYPrivateKey *privkey = NULL; SECKEYPrivateKey *privkey = NULL;
@ -27,7 +29,7 @@
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) { if (privkey != NULL) {
cbdata->cert = cert; cbdata->cert = cert;
@@ -413,7 +420,7 @@ find_certificate(cms_context *cms, int n @@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
} }
SECStatus status; SECStatus status;
@ -36,7 +38,7 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) { if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle); PK11_DestroySlotListElement(slots, &psle);
@@ -442,6 +449,7 @@ find_certificate(cms_context *cms, int n @@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
.cert = NULL, .cert = NULL,
.psle = psle, .psle = psle,
.pwdata = pwdata, .pwdata = pwdata,
@ -44,7 +46,7 @@
}; };
if (needs_private_key) { if (needs_private_key) {
@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms, @@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
} }
SECStatus status; SECStatus status;
@ -53,8 +55,10 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) { if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle); PK11_DestroySlotListElement(slots, &psle);
--- a/src/cms_common.h Index: pesign-0.111/src/cms_common.h
+++ b/src/cms_common.h ===================================================================
--- pesign-0.111.orig/src/cms_common.h
+++ pesign-0.111/src/cms_common.h
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct @@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context { typedef struct cms_context {
PRArenaPool *arena; PRArenaPool *arena;
@ -63,9 +67,11 @@
char *tokenname; char *tokenname;
char *certname; char *certname;
--- a/src/pesign.c Index: pesign-0.111/src/pesign.c
+++ b/src/pesign.c ===================================================================
@@ -626,6 +626,7 @@ main(int argc, char *argv[]) --- pesign-0.111.orig/src/pesign.c
+++ pesign-0.111/src/pesign.c
@@ -651,6 +651,7 @@ main(int argc, char *argv[])
*/ */
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp); check_inputs(ctxp);

111
pesign-run.patch
View File

@ -6,19 +6,23 @@
src/tmpfiles.conf | 2 +- src/tmpfiles.conf | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-) 5 files changed, 12 insertions(+), 12 deletions(-)
--- a/src/Makefile Index: pesign-0.111/src/Makefile
+++ b/src/Makefile ===================================================================
@@ -74,7 +74,7 @@ install_sysvinit: --- pesign-0.111.orig/src/Makefile
+++ pesign-0.111/src/Makefile
@@ -65,7 +65,7 @@ install_sysvinit: pesign.sysvinit
install : install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/ - $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/ + $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client $(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
--- a/src/daemon.h Index: pesign-0.111/src/daemon.h
+++ b/src/daemon.h ===================================================================
--- pesign-0.111.orig/src/daemon.h
+++ pesign-0.111/src/daemon.h
@@ -49,7 +49,7 @@ typedef enum { @@ -49,7 +49,7 @@ typedef enum {
} pesignd_cmd; } pesignd_cmd;
@ -29,8 +33,10 @@
+#define PIDFILE "/run/pesign.pid" +#define PIDFILE "/run/pesign.pid"
#endif /* DAEMON_H */ #endif /* DAEMON_H */
--- a/src/macros.pesign Index: pesign-0.111/src/macros.pesign
+++ b/src/macros.pesign ===================================================================
--- pesign-0.111.orig/src/macros.pesign
+++ pesign-0.111/src/macros.pesign
@@ -36,7 +36,7 @@ @@ -36,7 +36,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\ %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \ --certdir ${nss} -c signer %{-o} \
@ -40,8 +46,17 @@
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\ %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\ -c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \ %{-i} %{-o} %{-e} %{-s} %{-C} \
--- a/src/pesign.sysvinit Index: pesign-0.111/src/tmpfiles.conf
+++ b/src/pesign.sysvinit ===================================================================
--- pesign-0.111.orig/src/tmpfiles.conf
+++ pesign-0.111/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -
Index: pesign-0.111/src/pesign.sysvinit.in
===================================================================
--- pesign-0.111.orig/src/pesign.sysvinit.in
+++ pesign-0.111/src/pesign.sysvinit.in
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
# #
# chkconfig: - 50 50 # chkconfig: - 50 50
@ -51,38 +66,44 @@
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: pesign # Provides: pesign
# Should-Start: $remote_fs # Should-Start: $remote_fs
@@ -19,7 +19,7 @@ Index: pesign-0.111/src/pesign.service.in
===================================================================
--- pesign-0.111.orig/src/pesign.service.in
+++ pesign-0.111/src/pesign.service.in
@@ -4,7 +4,7 @@ Description=Pesign signing daemon
[Service]
PrivateTmp=true
Type=forking
-PIDFile=/var/run/pesign.pid
+PIDFile=/run/pesign.pid
ExecStart=/usr/bin/pesign --daemonize
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
Index: pesign-0.111/src/pesign-authorize-groups
===================================================================
--- pesign-0.111.orig/src/pesign-authorize-groups
+++ pesign-0.111/src/pesign-authorize-groups
@@ -11,7 +11,7 @@
[ -f /usr/bin/pesign ] || exit 1 if [[ -r /etc/pesign/groups ]]; then
for group in $(cat /etc/pesign/groups); do
- setfacl -m g:${group}:rx /var/run/pesign
- setfacl -m g:${group}:rw /var/run/pesign/socket
+ setfacl -m g:${group}:rx /run/pesign
+ setfacl -m g:${group}:rw /run/pesign/socket
done
fi
Index: pesign-0.111/src/pesign-authorize-users
===================================================================
--- pesign-0.111.orig/src/pesign-authorize-users
+++ pesign-0.111/src/pesign-authorize-users
@@ -11,7 +11,7 @@
-PESIGN_PIDFILE=/var/run/pesign.pid if [[ -r /etc/pesign/users ]]; then
+PESIGN_PIDFILE=/run/pesign.pid for username in $(cat /etc/pesign/users); do
RETVAL=0 - setfacl -m u:${username}:rx /var/run/pesign
- setfacl -m u:${username}:rw /var/run/pesign/socket
start(){ + setfacl -m u:${username}:rx /run/pesign
@@ -28,15 +28,15 @@ start(){ + setfacl -m u:${username}:rw /run/pesign/socket
RETVAL=$? done
echo fi
touch /var/lock/subsys/pesign
- setfacl -m u:kojibuilder:x /var/run/pesign
- setfacl -m u:kojibuilder:rw /var/run/pesign/socket
- setfacl -m g:kojibuilder:x /var/run/pesign
- setfacl -m g:kojibuilder:rw /var/run/pesign/socket
+ setfacl -m u:kojibuilder:x /run/pesign
+ setfacl -m u:kojibuilder:rw /run/pesign/socket
+ setfacl -m g:kojibuilder:x /run/pesign
+ setfacl -m g:kojibuilder:rw /run/pesign/socket
}
stop(){
echo -n "Stopping pesign: "
- killproc -p /var/run/pesign.pid pesignd
+ killproc -p /run/pesign.pid pesignd
RETVAL=$?
echo
rm -f /var/lock/subsys/pesign
--- a/src/tmpfiles.conf
+++ b/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -

127
pesign-suse-build.patch
View File

@ -1,67 +1,44 @@
diff --git a/Make.defaults b/Make.defaults Index: pesign-0.111/util/Makefile
index 95ba9d5..c03bf70 100644 ===================================================================
--- a/Make.defaults --- pesign-0.111.orig/util/Makefile
+++ b/Make.defaults +++ pesign-0.111/util/Makefile
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) @@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) include $(TOPDIR)/Make.defaults
INCDIR = -I$(TOPDIR)/include
CPPFLAGS = -DCONFIG_$(ARCH)
-CFLAGS = -g -O0
+OPTFLAGS = -g -O0
+CFLAGS = $(OPTFLAGS)
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
ASFLAGS = $(ARCH3264)
LDFLAGS = -nostdlib
@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
ifeq ($(ARCH),ia64) FORMAT=efi-app-$(HOSTARCH)
CFLAGS += -mfixed-range=f32-f127 -LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
- LIBDIR = $(PREFIX)/lib64 +LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
+ LIBDIR = $(PREFIX)/lib LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
endif CCLDFLAGS =
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
@@ -20,8 +20,8 @@ clean :
@rm -rfv *.o *.a *.so .*.d $(TARGETS)
ifeq ($(ARCH), ia32) install :
@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64) - $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
endif - $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
endif + $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ifeq ($(ARCH), aarch64) install_systemd:
+ LIBDIR := $(PREFIX)/lib64
+endif
diff --git a/Make.rules b/Make.rules
index 2749521..3553a03 100644
--- a/Make.rules
+++ b/Make.rules
@@ -2,10 +2,11 @@
$(AR) -cvqs $@ $^
% : %.o Index: pesign-0.111/src/pesign.sysvinit.in
- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread ===================================================================
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread --- pesign-0.111.orig/src/pesign.sysvinit.in
+++ pesign-0.111/src/pesign.sysvinit.in
%.so : @@ -6,21 +6,24 @@
$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
%.o: %.c
$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
index ea37c58..120a49c 100644
--- a/src/pesign.sysvinit
+++ b/src/pesign.sysvinit
@@ -6,21 +6,25 @@
# processname: /usr/bin/pesign # processname: /usr/bin/pesign
# pidfile: /var/run/pesign.pid # pidfile: /var/run/pesign.pid
### BEGIN INIT INFO ### BEGIN INIT INFO
-# Provides: pesign -# Provides: pesign
-# Default-Start: -# Default-Start:
-# Default-Stop:
+# Provides: pesign +# Provides: pesign
+# Should-Start: $remote_fs +# Should-Start: $remote_fs
+# Should-Stop: $remote_fs +# Should-Stop: $remote_fs
+# Required-Start: +# Required-Start:
+# Required-Stop: +# Required-Stop:
+# Default-Start: 2 3 5 +# Default-Start: 2 3 5
# Default-Stop:
# Short-Description: The pesign PE signing daemon # Short-Description: The pesign PE signing daemon
# Description: The pesign PE signing daemon # Description: The pesign PE signing daemon
### END INIT INFO ### END INIT INFO
@ -79,27 +56,37 @@ index ea37c58..120a49c 100644
RETVAL=$? RETVAL=$?
echo echo
touch /var/lock/subsys/pesign touch /var/lock/subsys/pesign
diff --git a/util/Makefile b/util/Makefile @@ -30,7 +33,7 @@ start(){
index ff11cb8..5d4cebb 100644
--- a/util/Makefile
+++ b/util/Makefile
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
FORMAT=efi-app-$(HOSTARCH) stop(){
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) echo -n "Stopping pesign: "
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) - killproc -p /var/run/pesign.pid pesignd
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name) + killproc -p /run/pesign.pid pesignd
CCLDFLAGS = RETVAL=$?
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration echo
@@ -17,8 +17,8 @@ clean : rm -f /var/lock/subsys/pesign
@rm -rfv *.o *.a *.so $(TARGETS) Index: pesign-0.111/Make.defaults
===================================================================
--- pesign-0.111.orig/Make.defaults
+++ pesign-0.111/Make.defaults
@@ -55,7 +55,7 @@ efi_cflags = $(cflags)
ASFLAGS = $(ARCH3264)
CPPFLAGS ?=
-LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
+LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
ifeq ($(ARCH),ia64)
efi_cflags += -mfixed-range=f32-f127
Index: pesign-0.111/Makefile
===================================================================
--- pesign-0.111.orig/Makefile
+++ pesign-0.111/Makefile
@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src
install : install :
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/ - $(INSTALL) -pm 644 COPYING $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/ @set -e ; for x in $(SUBDIRS) ; do \
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/ $(MAKE) -C $$x $@ ; \
done
.PHONY: all clean install

15
pesign.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Nov 10 07:59:48 UTC 2015 - glin@suse.com
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
+ pesign-efivar-pkgconfig.patch
+ pesign-make-efi_guid_t-const.patch
+ pesign-fix-import-sig-check.patch
+ pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org

28
pesign.spec
View File

@ -17,7 +17,7 @@
Name: pesign Name: pesign
Version: 0.110 Version: 0.111
Release: 0 Release: 0
Summary: Signing tool for PE-COFF binaries Summary: Signing tool for PE-COFF binaries
License: GPL-2.0 License: GPL-2.0
@ -30,20 +30,12 @@ Patch1: pesign-suse-build.patch
Patch2: pesign-fix-build-errors.patch Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff Patch3: pesign-privkey_unneeded.diff
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
Patch4: use-standard-pid-location.patch
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
Patch5: pesign-run.patch Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar # PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch Patch6: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs # PATCH-FIX-UPSTREAM pesign-fix-signness.patch glin@suse.com -- Fix the signness comparison
Patch7: pesign-install-supplementary-programs.patch Patch7: pesign-fix-signness.patch
# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch glin@suse.com -- Fix the signature size check while importing a signature
Patch8: pesign-fix-import-sig-check.patch
# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch glin@suse.com -- Make efivar compiler parameters come from pkg-config
Patch9: pesign-efivar-pkgconfig.patch
# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch glin@suse.com -- make efi_guid_t's const
Patch10: pesign-make-efi_guid_t-const.patch
BuildRequires: efivar-devel BuildRequires: efivar-devel
BuildRequires: libuuid-devel BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel BuildRequires: mozilla-nss-devel
@ -63,23 +55,19 @@ with the PE and Authenticode specifications.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build %build
make %{?_smp_mflags} OPTFLAGS="%{optflags}" make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
%install %install
make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages install make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_sbindir}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir} install_systemd
# create rcsymlink # create rcsymlink
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
@ -113,6 +101,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
%{_bindir}/efisiglist %{_bindir}/efisiglist
%{_bindir}/authvar %{_bindir}/authvar
%{_sbindir}/rcpesign %{_sbindir}/rcpesign
%dir %{_sysconfdir}/pesign
%{_sysconfdir}/pesign/*
%dir %{_sysconfdir}/popt.d %dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt %config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/ %{_sysconfdir}/pki/
@ -121,6 +111,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
%{_localstatedir}/lib/pesign %{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service %{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf %{_libexecdir}/tmpfiles.d/pesign.conf
%dir %{_libexecdir}/pesign
%{_libexecdir}/pesign/pesign-authorize-*
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name} %ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}

9
use-standard-pid-location.patch
View File

@ -1,9 +0,0 @@
--- a/src/pesign.service
+++ b/src/pesign.service
@@ -4,5 +4,5 @@
[Service]
PrivateTmp=true
Type=forking
-PIDFile=/var/run/pesign.pid
+PIDFile=/run/pesign.pid
ExecStart=/usr/bin/pesign --daemonize