diff --git a/pesign-fix-import-sig-check.patch b/pesign-fix-import-sig-check.patch new file mode 100644 index 0000000..f1e9afa --- /dev/null +++ b/pesign-fix-import-sig-check.patch @@ -0,0 +1,30 @@ +From b5f822be1da9c8e4f6e04286b4b7ab73165478ab Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 25 Nov 2014 15:28:40 +0800 +Subject: [PATCH] Correct the signature size check + +Signed-off-by: Gary Ching-Pang Lin +--- + src/actions.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/actions.c b/src/actions.c +index 74a34e3..44c9675 100644 +--- a/src/actions.c ++++ b/src/actions.c +@@ -416,10 +416,9 @@ check_signature_space(pesign_context *ctx) + ssize_t available = available_cert_space(ctx->outpe); + ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate); + +- if (available == target) +- return; ++ target += ALIGNMENT_PADDING(target, 8); + +- if (target + 8 > available) ++ if (available >= target) + return; + + fprintf(stderr, "Could not add new signature: insufficient space.\n"); +-- +2.1.2 + diff --git a/pesign.changes b/pesign.changes index cb3b2ee..afc3ab1 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Nov 26 09:46:50 UTC 2014 - glin@suse.com + +- Add pesign-fix-import-sig-check.patch to fix the signature size + check while importing a signature +- Amend the spec file with spec-cleaner + ------------------------------------------------------------------- Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com diff --git a/pesign.spec b/pesign.spec index 68b4a13..96df24e 100644 --- a/pesign.spec +++ b/pesign.spec @@ -38,14 +38,16 @@ Patch5: pesign-run.patch Patch6: pesign-fix-authvar-write-loop.patch # PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs Patch7: pesign-install-supplementary-programs.patch +# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch glin@suse.com -- Fix the signature size check while importing a signature +Patch8: pesign-fix-import-sig-check.patch BuildRequires: efivar-devel BuildRequires: libuuid-devel BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel BuildRequires: pkgconfig(systemd) +Requires(pre): pwdutils %{?systemd_requires} -PreReq: pwdutils ExclusiveArch: ia64 %ix86 x86_64 aarch64 %description @@ -67,24 +69,25 @@ Authors: %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build -make OPTFLAGS="$RPM_OPT_FLAGS" +make %{?_smp_mflags} OPTFLAGS="%{optflags}" %install make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign +mkdir -p %{buildroot}%{_localstatedir}/lib/pesign -mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p %{buildroot}%{_sbindir} make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd # there's some stuff that's not really meant to be shipped yet -rm -rf %{buildroot}/boot %{buildroot}/usr/include +rm -rf %{buildroot}/boot %{buildroot}%{_prefix}/include rm -rf %{buildroot}%{_libdir}/libdpe* %pre getent group pesign >/dev/null || groupadd -r pesign -getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign +getent passwd pesign >/dev/null || useradd -r -g pesign -d %{_localstatedir}/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign %service_add_pre pesign.service %preun @@ -92,7 +95,7 @@ getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /b %post %service_add_post pesign.service -systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf +systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf %postun %service_del_preun pesign.service @@ -111,9 +114,9 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf %{_sysconfdir}/pki/ %config %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man?/* -/var/lib/pesign +%{_localstatedir}/lib/pesign %{_unitdir}/pesign.service -/usr/lib/tmpfiles.d/pesign.conf +%{_libexecdir}/tmpfiles.d/pesign.conf %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %ghost %dir %attr(0770,pesign,pesign) /run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}