From 48bd98c0d315d586f5aed080fd22fb7f7bfa66b28b1e714d334c387ab5736fed Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 24 Oct 2013 02:13:34 +0000 Subject: [PATCH] Accepting request 204436 from home:posophe:branches:Base:System Update and some improvements OBS-URL: https://build.opensuse.org/request/show/204436 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=22 --- pesign-0.106.tar.bz2 | 3 --- pesign-0.109.tar.gz | 3 +++ pesign-allow-no-issuer-cert.patch | 44 ------------------------------- pesign-suse-build.patch | 40 ---------------------------- pesign.changes | 13 +++++++++ pesign.spec | 41 ++++------------------------ use-standard-pid-location.patch | 9 +++++++ 7 files changed, 30 insertions(+), 123 deletions(-) delete mode 100644 pesign-0.106.tar.bz2 create mode 100644 pesign-0.109.tar.gz delete mode 100644 pesign-allow-no-issuer-cert.patch create mode 100644 use-standard-pid-location.patch diff --git a/pesign-0.106.tar.bz2 b/pesign-0.106.tar.bz2 deleted file mode 100644 index 8c272a2..0000000 --- a/pesign-0.106.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e99e59abfd6bde19c97867105fa0a30ce39f195bb930a44803607c3fd5c34c9c -size 82751 diff --git a/pesign-0.109.tar.gz b/pesign-0.109.tar.gz new file mode 100644 index 0000000..7143b9a --- /dev/null +++ b/pesign-0.109.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545 +size 96921 diff --git a/pesign-allow-no-issuer-cert.patch b/pesign-allow-no-issuer-cert.patch deleted file mode 100644 index 0f0a0bf..0000000 --- a/pesign-allow-no-issuer-cert.patch +++ /dev/null @@ -1,44 +0,0 @@ -From be564827927e9845b61807b1355467df9d8115e6 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Mon, 4 Mar 2013 16:25:08 +0800 -Subject: [PATCH] Include the issuer's certificate only when available - ---- - src/cms_common.c | 2 +- - src/signed_data.c | 7 +------ - 2 files changed, 2 insertions(+), 7 deletions(-) - -diff --git a/src/cms_common.c b/src/cms_common.c -index 7cca21b..755dd31 100644 ---- a/src/cms_common.c -+++ b/src/cms_common.c -@@ -588,7 +588,7 @@ find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert) - if (!strcmp(node->cert->subjectName, name)) - break; - } -- if (!node) { -+ if (CERT_LIST_END(node,certlist)) { - PK11_DestroySlotListElement(slots, &psle); - PK11_FreeSlotList(slots); - CERT_DestroyCertList(certlist); -diff --git a/src/signed_data.c b/src/signed_data.c -index fc1d137..97bf8b5 100644 ---- a/src/signed_data.c -+++ b/src/signed_data.c -@@ -96,12 +96,7 @@ generate_certificate_list(cms_context *cms, SECItem ***certificate_list_p) - CERTCertificate *signer = NULL; - int rc = find_named_certificate(cms, cms->cert->issuerName, - &signer); -- if (rc < 0) { -- PORT_ArenaRelease(cms->arena, mark); -- return -1; -- } -- -- if (signer) { -+ if (rc == 0 && signer) { - if (signer->derCert.len != cms->cert->derCert.len || - memcmp(signer->derCert.data, - cms->cert->derCert.data, --- -1.7.10.4 - diff --git a/pesign-suse-build.patch b/pesign-suse-build.patch index 98a9e38..1412108 100644 --- a/pesign-suse-build.patch +++ b/pesign-suse-build.patch @@ -43,33 +43,6 @@ %.o: %.c $(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ ---- a/src/Makefile -+++ b/src/Makefile -@@ -9,6 +9,7 @@ STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a - LDFLAGS = - CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) - CFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror -+UNITDIR = /lib/systemd/system - - TARGETS = pesign authvar client efisiglist efikeygen - -@@ -70,12 +71,12 @@ clean : depclean - install_systemd: - $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/ - $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf -- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/ -- $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/ -+ $(INSTALL) -d -m 755 $(INSTALLROOT)/$(UNITDIR) -+ $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/$(UNITDIR) - - install_sysvinit: -- $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/ -- $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign -+ $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/init.d/ -+ $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/init.d/pesign - - install : - $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ --- a/util/Makefile +++ b/util/Makefile @@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/.. @@ -124,16 +97,3 @@ RETVAL=$? echo touch /var/lock/subsys/pesign ---- a/Makefile -+++ b/Makefile -@@ -16,8 +16,8 @@ clean : - - install : - @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done -- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ -- $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ -+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ -+ $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ - - install_systemd: - @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done diff --git a/pesign.changes b/pesign.changes index 497123e..1f86889 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com + +- Update to version 0.109 +- Remove sysvinit related old stuff +- Remove redundant %clean section +- Add use-standard-pid-location.patch + Use the good location to stock pidfile +- Use download Url as source +- Rebase pesign-suse-build.patch to upstream changes as it has been + partially merged on upstream +- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream + ------------------------------------------------------------------- Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com diff --git a/pesign.spec b/pesign.spec index 3895568..d75fb16 100644 --- a/pesign.spec +++ b/pesign.spec @@ -17,13 +17,13 @@ Name: pesign -Version: 0.106 +Version: 0.109 Release: 0 Summary: Signing tool for PE-COFF binaries License: GPL-2.0 Group: Productivity/Security Url: https://github.com/vathpela/pesign -Source: %{name}-%{version}.tar.bz2 +Source: https://github.com/vathpela/pesign/archive/%{name}-%{version}.tar.gz # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings @@ -32,18 +32,14 @@ Patch2: pesign-fix-build-errors.patch Patch3: pesign-privkey_unneeded.diff # PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list Patch4: pesign-clear-padding-bits.patch -# PATCH-FIX-UPSTREAM pesign-allow-no-issuer-cert.patch glin@suse.com -- Don't crash if the issuer's certificate is not available -Patch5: pesign-allow-no-issuer-cert.patch +# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile +Patch6: use-standard-pid-location.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel -%if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) %{?systemd_requires} -%define has_systemd 1 -%endif PreReq: pwdutils -BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: ia64 %ix86 x86_64 %description @@ -62,7 +58,7 @@ Authors: %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 +%patch6 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" @@ -72,48 +68,26 @@ make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign mkdir -p $RPM_BUILD_ROOT%{_sbindir} -%if 0%{?has_systemd} make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd -ln -sf /sbin/service $RPM_BUILD_ROOT/%{_sbindir}/rcpesign -%else -make INSTALLROOT=%{buildroot} install_sysvinit -ln -sf %{_sysconfdir}/init.d/pesign $RPM_BUILD_ROOT/%{_sbindir}/rcpesign -%endif # there's some stuff that's not really meant to be shipped yet rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}%{_libdir}/libdpe* -%clean -%{?buildroot:%__rm -rf "%{buildroot}"} - %pre getent group pesign >/dev/null || groupadd -r pesign getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign -%if 0%{?has_systemd} %service_add_pre pesign.service -%endif %preun -%if 0%{?has_systemd} %service_del_preun pesign.service -%else -%stop_on_removal pesign -%endif %post -%if 0%{?has_systemd} %service_add_post pesign.service systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf -%endif %postun -%if 0%{?has_systemd} %service_del_preun pesign.service -%else -%restart_on_update pesign -%insserv_cleanup -%endif %files %defattr(-,root,root) @@ -127,13 +101,8 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf %config %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man?/* /var/lib/pesign -%if 0%{?has_systemd} %{_unitdir}/pesign.service /usr/lib/tmpfiles.d/pesign.conf -%else -%{_sysconfdir}/init.d/pesign -%endif -%{_sbindir}/rcpesign %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} diff --git a/use-standard-pid-location.patch b/use-standard-pid-location.patch new file mode 100644 index 0000000..a581412 --- /dev/null +++ b/use-standard-pid-location.patch @@ -0,0 +1,9 @@ +--- a/src/pesign.service ++++ b/src/pesign.service +@@ -4,5 +4,5 @@ + [Service] + PrivateTmp=true + Type=forking +-PIDFile=/var/run/pesign.pid ++PIDFile=/run/pesign.pid + ExecStart=/usr/bin/pesign --daemonize