Accepting request 204436 from home:posophe:branches:Base:System

Update and some improvements

OBS-URL: https://build.opensuse.org/request/show/204436
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=22

pesign-0.106.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e99e59abfd6bde19c97867105fa0a30ce39f195bb930a44803607c3fd5c34c9c
-size 82751

pesign-0.109.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545
+size 96921

pesign-allow-no-issuer-cert.patch

@@ -1,44 +0,0 @@
-From be564827927e9845b61807b1355467df9d8115e6 Mon Sep 17 00:00:00 2001
-From: Gary Ching-Pang Lin <glin@suse.com>
-Date: Mon, 4 Mar 2013 16:25:08 +0800
-Subject: [PATCH] Include the issuer's certificate only when available
-
----
- src/cms_common.c  |    2 +-
- src/signed_data.c |    7 +------
- 2 files changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/src/cms_common.c b/src/cms_common.c
-index 7cca21b..755dd31 100644
---- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -588,7 +588,7 @@ find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
- 		if (!strcmp(node->cert->subjectName, name))
- 			break;
- 	}
--	if (!node) {
-+	if (CERT_LIST_END(node,certlist)) {
- 		PK11_DestroySlotListElement(slots, &psle);
- 		PK11_FreeSlotList(slots);
- 		CERT_DestroyCertList(certlist);
-diff --git a/src/signed_data.c b/src/signed_data.c
-index fc1d137..97bf8b5 100644
---- a/src/signed_data.c
-+++ b/src/signed_data.c
-@@ -96,12 +96,7 @@ generate_certificate_list(cms_context *cms, SECItem ***certificate_list_p)
- 		CERTCertificate *signer = NULL;
- 		int rc = find_named_certificate(cms, cms->cert->issuerName,
- 						&signer);
--		if (rc < 0) {
--			PORT_ArenaRelease(cms->arena, mark);
--			return -1;
--		}
--
--		if (signer) {
-+		if (rc == 0 && signer) {
- 			if (signer->derCert.len != cms->cert->derCert.len ||
- 					memcmp(signer->derCert.data,
- 						cms->cert->derCert.data,
--- 
-1.7.10.4
-

pesign-suse-build.patch

@@ -43,33 +43,6 @@
  
  %.o: %.c
  	$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -9,6 +9,7 @@ STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
- LDFLAGS =
- CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib)))
- CFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror
-+UNITDIR = /lib/systemd/system
- 
- TARGETS = pesign authvar client efisiglist efikeygen
- 
-@@ -70,12 +71,12 @@ clean : depclean
- install_systemd:
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
- 	$(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
--	$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
--	$(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
-+	$(INSTALL) -d -m 755 $(INSTALLROOT)/$(UNITDIR)
-+	$(INSTALL) -m 644 pesign.service $(INSTALLROOT)/$(UNITDIR)
- 
- install_sysvinit:
--	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/
--	$(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign
-+	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/init.d/
-+	$(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/init.d/pesign
- 
- install :
- 	$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
 --- a/util/Makefile
 +++ b/util/Makefile
 @@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
@@ -124,16 +97,3 @@
      RETVAL=$?
      echo
      touch /var/lock/subsys/pesign
---- a/Makefile
-+++ b/Makefile
-@@ -16,8 +16,8 @@ clean :
- 
- install :
- 	@for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
--	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
--	$(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
-+	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/
-+	$(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/
- 
- install_systemd:
- 	@for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done

pesign.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 0.109
+- Remove sysvinit related old stuff
+- Remove redundant %clean section
+- Add use-standard-pid-location.patch
+  Use the good location to stock pidfile
+- Use download Url as source
+- Rebase pesign-suse-build.patch to upstream changes as it has been
+  partially merged on upstream
+- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
+
 -------------------------------------------------------------------
 Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com
 

pesign.spec

@@ -17,13 +17,13 @@
 
 
 Name:           pesign
-Version:        0.106
+Version:        0.109
 Release:        0
 Summary:        Signing tool for PE-COFF binaries
 License:        GPL-2.0
 Group:          Productivity/Security
 Url:            https://github.com/vathpela/pesign
-Source:         %{name}-%{version}.tar.bz2
+Source:         https://github.com/vathpela/pesign/archive/%{name}-%{version}.tar.gz
 # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
 Patch1:         pesign-suse-build.patch
 # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
@@ -32,18 +32,14 @@ Patch2:         pesign-fix-build-errors.patch
 Patch3:         pesign-privkey_unneeded.diff
 # PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list
 Patch4:         pesign-clear-padding-bits.patch
-# PATCH-FIX-UPSTREAM pesign-allow-no-issuer-cert.patch glin@suse.com -- Don't crash if the issuer's certificate is not available
+# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
-Patch5:         pesign-allow-no-issuer-cert.patch
+Patch6:         use-standard-pid-location.patch
 BuildRequires:  mozilla-nss-devel
 BuildRequires:  pkg-config
 BuildRequires:  popt-devel
-%if 0%{?suse_version} > 1140
 BuildRequires:  pkgconfig(systemd)
 %{?systemd_requires}
-%define has_systemd 1
-%endif
 PreReq:         pwdutils
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExclusiveArch:  ia64 %ix86 x86_64
 
 %description
@@ -62,7 +58,7 @@ Authors:
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
+%patch6 -p1
 
 %build
 make OPTFLAGS="$RPM_OPT_FLAGS"
@@ -72,48 +68,26 @@ make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign
 
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
-%if 0%{?has_systemd}
 make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
-ln -sf /sbin/service $RPM_BUILD_ROOT/%{_sbindir}/rcpesign
-%else
-make INSTALLROOT=%{buildroot} install_sysvinit
-ln -sf %{_sysconfdir}/init.d/pesign $RPM_BUILD_ROOT/%{_sbindir}/rcpesign
-%endif
 
 # there's some stuff that's not really meant to be shipped yet
 rm -rf %{buildroot}/boot %{buildroot}/usr/include
 rm -rf %{buildroot}%{_libdir}/libdpe*
 
-%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
-
 %pre
 getent group pesign >/dev/null || groupadd -r pesign
 getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign
-%if 0%{?has_systemd}
 %service_add_pre pesign.service
-%endif
 
 %preun
-%if 0%{?has_systemd}
 %service_del_preun pesign.service
-%else
-%stop_on_removal pesign
-%endif
 
 %post
-%if 0%{?has_systemd}
 %service_add_post pesign.service
 systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf
-%endif
 
 %postun
-%if 0%{?has_systemd}
 %service_del_preun pesign.service
-%else
-%restart_on_update pesign
-%insserv_cleanup
-%endif
 
 %files
 %defattr(-,root,root)
@@ -127,13 +101,8 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf
 %config %{_sysconfdir}/rpm/macros.pesign
 %{_mandir}/man?/*
 /var/lib/pesign
-%if 0%{?has_systemd}
 %{_unitdir}/pesign.service
 /usr/lib/tmpfiles.d/pesign.conf
-%else
-%{_sysconfdir}/init.d/pesign
-%endif
-%{_sbindir}/rcpesign
 %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
 %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name}
 %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}

use-standard-pid-location.patch

@@ -0,0 +1,9 @@
+--- a/src/pesign.service
++++ b/src/pesign.service
+@@ -4,5 +4,5 @@
+ [Service]
+ PrivateTmp=true
+ Type=forking
+-PIDFile=/var/run/pesign.pid
++PIDFile=/run/pesign.pid
+ ExecStart=/usr/bin/pesign --daemonize