Accepting request 258749 from home:gary_lin:branches:Base:System

- Update to version 0.110
- Enable aarch64

OBS-URL: https://build.opensuse.org/request/show/258749
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=29

pesign-0.109.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545
-size 96921

pesign-0.110.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
+size 87420

pesign-clear-padding-bits.patch

@@ -1,28 +0,0 @@
-From edd9cc0e677b35498e974d9a4137feac5bd4b323 Mon Sep 17 00:00:00 2001
-From: Gary Ching-Pang Lin <glin@suse.com>
-Date: Tue, 26 Mar 2013 18:30:58 +0800
-Subject: [PATCH] Clear the space for the certificate list
-
-Make sure the aligned bytes are '\0'
-
-Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
----
- src/wincert.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/wincert.c b/src/wincert.c
-index 942fa26..5e23b04 100644
---- a/src/wincert.c
-+++ b/src/wincert.c
-@@ -37,7 +37,7 @@ generate_cert_list(SECItem **signatures, int num_signatures,
- 		cl_size += ALIGNMENT_PADDING(cl_size, 8);
- 	}
- 
--	uint8_t *data = malloc(cl_size);
-+	uint8_t *data = calloc(1, cl_size);
- 	if (!data)
- 		return -1;
- 
--- 
-1.8.1.4
-

pesign-fix-authvar-write-loop.patch

@@ -0,0 +1,72 @@
+From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 1 Jul 2014 14:43:35 +0800
+Subject: [PATCH] authvar: fix the write loop
+
+I forgot to move the pointer...
+
+Also use offsetof() instead of the wordsize check.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/authvar_context.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/src/authvar_context.c b/src/authvar_context.c
+index c988e96..675967c 100644
+--- a/src/authvar_context.c
++++ b/src/authvar_context.c
+@@ -18,6 +18,7 @@
+  */
+ 
+ #include <unistd.h>
++#include <stddef.h>
+ #include <sys/mman.h>
+ 
+ #include <prerror.h>
+@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
+ 	if (rc < 0)
+ 		cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
+ 
+-#if __WORDSIZE == 64
+-	offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data;
+-#else
+-	offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data;
+-#endif
++	offset = offsetof(win_cert_uefi_guid_t, data);
+ 	authinfo = calloc(offset + sd_der.len, 1);
+ 	if (!authinfo)
+ 		cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
+@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
+ 	void *buffer, *ptr;
+ 	size_t buf_len, des_len, remain;
+ 	ssize_t wlen;
++	off_t offset;
+ 
+ 	if (!ctx->authinfo)
+ 		cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
+@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx)
+ 	if (ctx->value_size > 0)
+ 		memcpy(ptr, ctx->value, ctx->value_size);
+ 
+-	if (!ctx->to_firmware) {
+-		ftruncate(ctx->exportfd, buf_len);
++	if (!ctx->to_firmware)
+ 		lseek(ctx->exportfd, 0, SEEK_SET);
+-	}
+ 
+ 	remain = buf_len;
++	offset = 0;
+ 	do {
+-		wlen = write(ctx->exportfd, buffer, remain);
++		wlen = write(ctx->exportfd, buffer + offset, remain);
+ 		if (wlen < 0)
+ 			cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
+ 		remain -= wlen;
++		offset += wlen;
+ 	} while (remain > 0);
+ 
+ 	return 0;
+-- 
+1.8.4.5
+

pesign-fix-build-errors.patch

@@ -1,20 +1,8 @@
-From 4e03c90bb48e6f9c9d9c9aed491fbcc5be684e7b Mon Sep 17 00:00:00 2001
-From: Gary Ching-Pang Lin <glin@suse.com>
-Date: Tue, 9 Jul 2013 12:17:31 +0800
-Subject: [PATCH] Fix build errors
-
----
- src/daemon.c    | 36 +++++++++++++++++++++++++++++-------
- src/efikeygen.c |  3 ++-
- src/password.c  |  3 ++-
- src/pesign.c    | 10 ++++++++--
- 4 files changed, 41 insertions(+), 11 deletions(-)
-
 diff --git a/src/daemon.c b/src/daemon.c
-index b2801b9..832a0ea 100644
+index c14b64b..5652ba1 100644
 --- a/src/daemon.c
 +++ b/src/daemon.c
-@@ -432,7 +432,11 @@ malformed:
+@@ -544,7 +544,11 @@ malformed:
  		if (rc < 0) {
  err_attached:
  			pe_end(outpe);
@@ -27,7 +15,7 @@ index b2801b9..832a0ea 100644
  			goto finish;
  		}
  		ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
-@@ -450,21 +454,34 @@ err_attached:
+@@ -562,21 +566,34 @@ err_attached:
  				ctx->cms->num_signatures, outpe);
  		pe_end(outpe);
  	} else {
@@ -67,7 +55,7 @@ index b2801b9..832a0ea 100644
  	}
  
  finish:
-@@ -996,7 +1013,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
+@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
  		exit(1);
  	}
  
@@ -81,23 +69,6 @@ index b2801b9..832a0ea 100644
  
  	if (getuid() == 0) {
  		/* process is running as root, drop privileges */
-diff --git a/src/efikeygen.c b/src/efikeygen.c
-index ac27acc..8c3e814 100644
---- a/src/efikeygen.c
-+++ b/src/efikeygen.c
-@@ -330,10 +330,11 @@ populate_extensions(cms_context *cms, CERTCertificate *cert,
- {
- 	CERTAttribute *attr = NULL;
- 	SECOidData *oid;
-+	int i;
- 
- 	oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
- 
--	for (int i; crq->attributes[i]; i++) {
-+	for (i = 0; crq->attributes[i]; i++) {
- 		attr = crq->attributes[i];
- 		if (attr->attrType.len != oid->oid.len)
- 			continue;
 diff --git a/src/password.c b/src/password.c
 index 43186df..9a9c911 100644
 --- a/src/password.c
@@ -113,7 +84,7 @@ index 43186df..9a9c911 100644
  	if (isTTY) {
  	    fprintf(output, "\n");
 diff --git a/src/pesign.c b/src/pesign.c
-index 890ebfc..fe77c9d 100644
+index ff4f2bf..40a1e43 100644
 --- a/src/pesign.c
 +++ b/src/pesign.c
 @@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
@@ -134,6 +105,15 @@ index 890ebfc..fe77c9d 100644
  
  	Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
  	ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
--- 
-1.8.1.4
-
+diff --git a/src/signed_data.c b/src/signed_data.c
+index 2fa1cdd..247ec57 100644
+--- a/src/signed_data.c
++++ b/src/signed_data.c
+@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
+ 	SpcSignerInfo **signerInfo_list;
+ 	int err, rc;
+ 
++	err = 0;
+ 	if (!signerInfo_list_p)
+ 		return -1;
+ 

pesign-install-supplementary-programs.patch

@@ -0,0 +1,23 @@
+diff --git a/src/Makefile b/src/Makefile
+index 4c86a2a..062b544 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -79,14 +79,16 @@ install :
+ 	$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
+ 	$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
+ 	$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
+-	#$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
+ 	$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
+-	#$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
++	$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
+ 	$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
+ 

pesign-no-db.patch

@@ -1,142 +0,0 @@
-From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
-From: Gary Ching-Pang Lin <glin@suse.com>
-Date: Thu, 7 Nov 2013 16:58:04 +0800
-Subject: [PATCH] Allow some commands to proceed without a NSS db
-
-The NSS db is not necessary to calculate the hash, to show the
-signature or to export the signed attributes.
-
-Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
----
- src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
- 1 file changed, 53 insertions(+), 38 deletions(-)
-
-diff --git a/src/pesign.c b/src/pesign.c
-index c7313a6..0cd47a8 100644
---- a/src/pesign.c
-+++ b/src/pesign.c
-@@ -405,6 +405,7 @@ main(int argc, char *argv[])
- 	int daemon = 0;
- 	int fork = 1;
- 	int padding = 0;
-+	int need_db = 0;
- 
- 	char *digest_name = "sha256";
- 	char *tokenname = "NSS Certificate DB";
-@@ -526,8 +527,59 @@ main(int argc, char *argv[])
- 		}
- 	}
- 
-+	int action = 0;
-+	if (daemon)
-+		action |= DAEMONIZE;
-+
-+	if (ctxp->rawsig) {
-+		action |= IMPORT_RAW_SIGNATURE;
-+		need_db = 1;
-+	}
-+
-+	if (ctxp->insattrs)
-+		action |= IMPORT_SATTRS;
-+
-+	if (ctxp->outsattrs)
-+		action |= EXPORT_SATTRS;
-+
-+	if (ctxp->insig)
-+		action |= IMPORT_SIGNATURE;
-+
-+	if (ctxp->outkey) {
-+		action |= EXPORT_PUBKEY;
-+		need_db = 1;
-+	}
-+
-+	if (ctxp->outcert) {
-+		action |= EXPORT_CERT;
-+		need_db = 1;
-+	}
-+
-+	if (ctxp->outsig)
-+		action |= EXPORT_SIGNATURE;
-+
-+	if (remove != 0)
-+		action |= REMOVE_SIGNATURE;
-+
-+	if (list != 0)
-+		action |= LIST_SIGNATURES;
-+
-+	if (ctxp->sign) {
-+		action |= GENERATE_SIGNATURE;
-+		if (!(action & EXPORT_SIGNATURE))
-+			action |= IMPORT_SIGNATURE;
-+		need_db = 1;
-+	}
-+
-+	if (ctxp->hash)
-+		action |= GENERATE_DIGEST|PRINT_DIGEST;
-+
- 	if (!daemon) {
--		SECStatus status = NSS_Init(certdir);
-+		SECStatus status;
-+		if (need_db)
-+			status = NSS_Init(certdir);
-+		else
-+			status = NSS_NoDB_Init(NULL);
- 		if (status != SECSuccess) {
- 			fprintf(stderr, "Could not initialize nss: %s\n",
- 				PORT_ErrorToString(PORT_GetError()));
-@@ -571,42 +623,8 @@ main(int argc, char *argv[])
- 	if (certname)
- 		free(certname);
- 
--	int action = 0;
--	if (daemon)
--		action |= DAEMONIZE;
--
--	if (ctxp->rawsig)
--		action |= IMPORT_RAW_SIGNATURE;
--
--	if (ctxp->insattrs)
--		action |= IMPORT_SATTRS;
--
--	if (ctxp->outsattrs)
--		action |= EXPORT_SATTRS;
--
--	if (ctxp->insig)
--		action |= IMPORT_SIGNATURE;
--
--	if (ctxp->outkey)
--		action |= EXPORT_PUBKEY;
--
--	if (ctxp->outcert)
--		action |= EXPORT_CERT;
--
--	if (ctxp->outsig)
--		action |= EXPORT_SIGNATURE;
--
--	if (remove != 0)
--		action |= REMOVE_SIGNATURE;
--
--	if (list != 0)
--		action |= LIST_SIGNATURES;
- 
- 	if (ctxp->sign) {
--		action |= GENERATE_SIGNATURE;
--		if (!(action & EXPORT_SIGNATURE))
--			action |= IMPORT_SIGNATURE;
--
- 		if (!ctxp->cms_ctx->certname) {
- 			fprintf(stderr, "pesign: signing requested but no "
- 				"certificate nickname provided\n");
-@@ -614,9 +632,6 @@ main(int argc, char *argv[])
- 		}
- 	}
- 
--	if (ctxp->hash)
--		action |= GENERATE_DIGEST|PRINT_DIGEST;
--
- 	ssize_t sigspace = 0;
- 
- 	switch (action) {
--- 
-1.8.1.4
-

pesign-run.patch

@@ -1,8 +1,14 @@
-Index: pesign-0.109/src/Makefile
-===================================================================
---- pesign-0.109.orig/src/Makefile
-+++ pesign-0.109/src/Makefile
-@@ -79,7 +79,7 @@ install_sysvinit:
+---
+ src/Makefile        |    2 +-
+ src/daemon.h        |    4 ++--
+ src/macros.pesign   |    2 +-
+ src/pesign.sysvinit |   14 +++++++-------
+ src/tmpfiles.conf   |    2 +-
+ 5 files changed, 12 insertions(+), 12 deletions(-)
+
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -74,7 +74,7 @@ install_sysvinit:
  
  install :
  	$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
@@ -11,25 +17,21 @@ Index: pesign-0.109/src/Makefile
  	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
  	$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
  	$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
-Index: pesign-0.109/src/daemon.h
-===================================================================
---- pesign-0.109.orig/src/daemon.h
-+++ pesign-0.109/src/daemon.h
-@@ -47,7 +47,7 @@ typedef enum {
+--- a/src/daemon.h
++++ b/src/daemon.h
+@@ -49,7 +49,7 @@ typedef enum {
  } pesignd_cmd;
  
- #define PESIGND_VERSION 0xa3cf41cb
+ #define PESIGND_VERSION 0x2a9edaf0
 -#define SOCKPATH	"/var/run/pesign/socket"
 -#define PIDFILE		"/var/run/pesign.pid"
 +#define SOCKPATH	"/run/pesign/socket"
 +#define PIDFILE		"/run/pesign.pid"
  
  #endif /* DAEMON_H */
-Index: pesign-0.109/src/macros.pesign
-===================================================================
---- pesign-0.109.orig/src/macros.pesign
-+++ pesign-0.109/src/macros.pesign
-@@ -34,7 +34,7 @@
+--- a/src/macros.pesign
++++ b/src/macros.pesign
+@@ -36,7 +36,7 @@
        %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i}			\\\
                   --certdir ${nss} -c signer %{-o}			\
        rm -rf ${sattrs} ${sattrs}.sig ${nss}				\
@@ -38,10 +40,8 @@ Index: pesign-0.109/src/macros.pesign
        %{_pesign_client} -t "OpenSC Card (Fedora Signer)"		\\\
                          -c "/CN=Fedora Secure Boot Signer"		\\\
                          %{-i} %{-o} %{-e} %{-s} %{-C}			\
-Index: pesign-0.109/src/pesign.sysvinit
-===================================================================
---- pesign-0.109.orig/src/pesign.sysvinit
-+++ pesign-0.109/src/pesign.sysvinit
+--- a/src/pesign.sysvinit
++++ b/src/pesign.sysvinit
 @@ -4,7 +4,7 @@
  #
  # chkconfig: - 50 50
@@ -81,10 +81,8 @@ Index: pesign-0.109/src/pesign.sysvinit
      RETVAL=$?
      echo
      rm -f /var/lock/subsys/pesign
-Index: pesign-0.109/src/tmpfiles.conf
-===================================================================
---- pesign-0.109.orig/src/tmpfiles.conf
-+++ pesign-0.109/src/tmpfiles.conf
+--- a/src/tmpfiles.conf
++++ b/src/tmpfiles.conf
 @@ -1 +1 @@
 -D /var/run/pesign 0770 pesign pesign -
 +D /run/pesign 0770 pesign pesign -

pesign-suse-build.patch

@@ -1,11 +1,9 @@
 ---
  Make.defaults       |    5 +++--
- Make.rules          |    4 ++--
- Makefile            |    4 ++--
- src/Makefile        |    9 +++++----
+ Make.rules          |    3 ++-
  src/pesign.sysvinit |   12 ++++++++----
  util/Makefile       |    6 +++---
- 6 files changed, 23 insertions(+), 17 deletions(-)
+ 4 files changed, 16 insertions(+), 10 deletions(-)
 
 --- a/Make.defaults
 +++ b/Make.defaults
@@ -13,13 +11,13 @@
  ARCH	   := $(shell uname -m | sed s,i[3456789]86,ia32,)
  INCDIR	   = -I$(TOPDIR)/include
  CPPFLAGS   = -DCONFIG_$(ARCH)
--CFLAGS	   = $(ARCH3264) -g -O0 -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
-+OPTFLAGS   = -O0 -g
-+CFLAGS	   = $(ARCH3264) $(OPTFLAGS) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
+-CFLAGS     = -g -O0
++OPTFLAGS   = -g -O0
++CFLAGS     = $(OPTFLAGS)
+ BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
  ASFLAGS    = $(ARCH3264)
  LDFLAGS	   = -nostdlib
- CCLDFLAGS  = -shared
-@@ -22,7 +23,7 @@ OBJCOPY       = $(bindir)objcopy
+@@ -23,7 +24,7 @@ OBJCOPY       = $(bindir)objcopy
  
  ifeq ($(ARCH),ia64)
    CFLAGS += -mfixed-range=f32-f127
@@ -30,7 +28,7 @@
  ifeq ($(ARCH), ia32)
 --- a/Make.rules
 +++ b/Make.rules
-@@ -2,10 +2,10 @@
+@@ -2,10 +2,11 @@
  	$(AR) -cvqs $@ $^
  
  % : %.o
@@ -38,11 +36,11 @@
 +	$(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
  
  %.so : 
--	$(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
-+	$(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
+ 	$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
++	$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
  
  %.o: %.c
- 	$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+ 	$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
 --- a/util/Makefile
 +++ b/util/Makefile
 @@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
@@ -53,7 +51,7 @@
 +LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
  LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
  CCLDFLAGS =
- CFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
+ BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
 @@ -17,8 +17,8 @@ clean :
  	@rm -rfv *.o *.a *.so $(TARGETS)
  

pesign.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
+
+- Update to version 0.110
+- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
+  authvar
+- Add pesign-install-supplementary-programs.patch to install the
+  supplementary programs
+- Refresh patches
+  + pesign-fix-build-errors.patch
+  + pesign-run.patch
+  + pesign-suse-build.patch
+- Drop upstreamed patches
+  + pesign-clear-padding-bits.patch
+  + pesign-enable-supplementary-programs.patch
+  + pesign-no-db.patch
+- Enable aarch64
+
 -------------------------------------------------------------------
 Tue Jul  1 06:46:13 UTC 2014 - glin@suse.com
 

pesign.spec

@@ -17,36 +17,36 @@
 
 
 Name:           pesign
-Version:        0.109
+Version:        0.110
 Release:        0
 Summary:        Signing tool for PE-COFF binaries
 License:        GPL-2.0
 Group:          Productivity/Security
 Url:            https://github.com/vathpela/pesign
-Source:         %{name}-%{version}.tar.gz
+Source:         %{name}-%{version}.tar.bz2
 # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
 Patch1:         pesign-suse-build.patch
 # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
 Patch2:         pesign-fix-build-errors.patch
 # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
 Patch3:         pesign-privkey_unneeded.diff
-# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list
-Patch4:         pesign-clear-padding-bits.patch
 # PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
-Patch6:         use-standard-pid-location.patch
-# PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database
-Patch7:         pesign-no-db.patch
+Patch4:         use-standard-pid-location.patch
 # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
-Patch8:         pesign-run.patch
-# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch glin@suse.com -- Fix and enable the supplementary programs
-Patch9:         pesign-enable-supplementary-programs.patch
+Patch5:         pesign-run.patch
+# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
+Patch6:         pesign-fix-authvar-write-loop.patch
+# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs
+Patch7:         pesign-install-supplementary-programs.patch
+BuildRequires:  efivar-devel
+BuildRequires:  libuuid-devel
 BuildRequires:  mozilla-nss-devel
 BuildRequires:  pkg-config
 BuildRequires:  popt-devel
 BuildRequires:  pkgconfig(systemd)
 %{?systemd_requires}
 PreReq:         pwdutils
-ExclusiveArch:  ia64 %ix86 x86_64
+ExclusiveArch:  ia64 %ix86 x86_64 aarch64
 
 %description
 Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
@@ -64,10 +64,9 @@ Authors:
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch9 -p1
 
 %build
 make OPTFLAGS="$RPM_OPT_FLAGS"