Accepting request 258749 from home:gary_lin:branches:Base:System
- Update to version 0.110 - Enable aarch64 OBS-URL: https://build.opensuse.org/request/show/258749 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=29
This commit is contained in:
parent
4c96fbc74b
commit
f4ca0bfbd9
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545
|
|
||||||
size 96921
|
|
3
pesign-0.110.tar.bz2
Normal file
3
pesign-0.110.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
|
||||||
|
size 87420
|
@ -1,28 +0,0 @@
|
|||||||
From edd9cc0e677b35498e974d9a4137feac5bd4b323 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
||||||
Date: Tue, 26 Mar 2013 18:30:58 +0800
|
|
||||||
Subject: [PATCH] Clear the space for the certificate list
|
|
||||||
|
|
||||||
Make sure the aligned bytes are '\0'
|
|
||||||
|
|
||||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
||||||
---
|
|
||||||
src/wincert.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/wincert.c b/src/wincert.c
|
|
||||||
index 942fa26..5e23b04 100644
|
|
||||||
--- a/src/wincert.c
|
|
||||||
+++ b/src/wincert.c
|
|
||||||
@@ -37,7 +37,7 @@ generate_cert_list(SECItem **signatures, int num_signatures,
|
|
||||||
cl_size += ALIGNMENT_PADDING(cl_size, 8);
|
|
||||||
}
|
|
||||||
|
|
||||||
- uint8_t *data = malloc(cl_size);
|
|
||||||
+ uint8_t *data = calloc(1, cl_size);
|
|
||||||
if (!data)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
72
pesign-fix-authvar-write-loop.patch
Normal file
72
pesign-fix-authvar-write-loop.patch
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
Date: Tue, 1 Jul 2014 14:43:35 +0800
|
||||||
|
Subject: [PATCH] authvar: fix the write loop
|
||||||
|
|
||||||
|
I forgot to move the pointer...
|
||||||
|
|
||||||
|
Also use offsetof() instead of the wordsize check.
|
||||||
|
|
||||||
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
---
|
||||||
|
src/authvar_context.c | 16 +++++++---------
|
||||||
|
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/authvar_context.c b/src/authvar_context.c
|
||||||
|
index c988e96..675967c 100644
|
||||||
|
--- a/src/authvar_context.c
|
||||||
|
+++ b/src/authvar_context.c
|
||||||
|
@@ -18,6 +18,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <stddef.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
|
||||||
|
#include <prerror.h>
|
||||||
|
@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
|
||||||
|
if (rc < 0)
|
||||||
|
cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
|
||||||
|
|
||||||
|
-#if __WORDSIZE == 64
|
||||||
|
- offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data;
|
||||||
|
-#else
|
||||||
|
- offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data;
|
||||||
|
-#endif
|
||||||
|
+ offset = offsetof(win_cert_uefi_guid_t, data);
|
||||||
|
authinfo = calloc(offset + sd_der.len, 1);
|
||||||
|
if (!authinfo)
|
||||||
|
cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
|
||||||
|
@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
|
||||||
|
void *buffer, *ptr;
|
||||||
|
size_t buf_len, des_len, remain;
|
||||||
|
ssize_t wlen;
|
||||||
|
+ off_t offset;
|
||||||
|
|
||||||
|
if (!ctx->authinfo)
|
||||||
|
cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
|
||||||
|
@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx)
|
||||||
|
if (ctx->value_size > 0)
|
||||||
|
memcpy(ptr, ctx->value, ctx->value_size);
|
||||||
|
|
||||||
|
- if (!ctx->to_firmware) {
|
||||||
|
- ftruncate(ctx->exportfd, buf_len);
|
||||||
|
+ if (!ctx->to_firmware)
|
||||||
|
lseek(ctx->exportfd, 0, SEEK_SET);
|
||||||
|
- }
|
||||||
|
|
||||||
|
remain = buf_len;
|
||||||
|
+ offset = 0;
|
||||||
|
do {
|
||||||
|
- wlen = write(ctx->exportfd, buffer, remain);
|
||||||
|
+ wlen = write(ctx->exportfd, buffer + offset, remain);
|
||||||
|
if (wlen < 0)
|
||||||
|
cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
|
||||||
|
remain -= wlen;
|
||||||
|
+ offset += wlen;
|
||||||
|
} while (remain > 0);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
@ -1,20 +1,8 @@
|
|||||||
From 4e03c90bb48e6f9c9d9c9aed491fbcc5be684e7b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
||||||
Date: Tue, 9 Jul 2013 12:17:31 +0800
|
|
||||||
Subject: [PATCH] Fix build errors
|
|
||||||
|
|
||||||
---
|
|
||||||
src/daemon.c | 36 +++++++++++++++++++++++++++++-------
|
|
||||||
src/efikeygen.c | 3 ++-
|
|
||||||
src/password.c | 3 ++-
|
|
||||||
src/pesign.c | 10 ++++++++--
|
|
||||||
4 files changed, 41 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/daemon.c b/src/daemon.c
|
diff --git a/src/daemon.c b/src/daemon.c
|
||||||
index b2801b9..832a0ea 100644
|
index c14b64b..5652ba1 100644
|
||||||
--- a/src/daemon.c
|
--- a/src/daemon.c
|
||||||
+++ b/src/daemon.c
|
+++ b/src/daemon.c
|
||||||
@@ -432,7 +432,11 @@ malformed:
|
@@ -544,7 +544,11 @@ malformed:
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
err_attached:
|
err_attached:
|
||||||
pe_end(outpe);
|
pe_end(outpe);
|
||||||
@ -27,7 +15,7 @@ index b2801b9..832a0ea 100644
|
|||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
|
ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
|
||||||
@@ -450,21 +454,34 @@ err_attached:
|
@@ -562,21 +566,34 @@ err_attached:
|
||||||
ctx->cms->num_signatures, outpe);
|
ctx->cms->num_signatures, outpe);
|
||||||
pe_end(outpe);
|
pe_end(outpe);
|
||||||
} else {
|
} else {
|
||||||
@ -67,7 +55,7 @@ index b2801b9..832a0ea 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
finish:
|
finish:
|
||||||
@@ -996,7 +1013,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -81,23 +69,6 @@ index b2801b9..832a0ea 100644
|
|||||||
|
|
||||||
if (getuid() == 0) {
|
if (getuid() == 0) {
|
||||||
/* process is running as root, drop privileges */
|
/* process is running as root, drop privileges */
|
||||||
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
|
||||||
index ac27acc..8c3e814 100644
|
|
||||||
--- a/src/efikeygen.c
|
|
||||||
+++ b/src/efikeygen.c
|
|
||||||
@@ -330,10 +330,11 @@ populate_extensions(cms_context *cms, CERTCertificate *cert,
|
|
||||||
{
|
|
||||||
CERTAttribute *attr = NULL;
|
|
||||||
SECOidData *oid;
|
|
||||||
+ int i;
|
|
||||||
|
|
||||||
oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
|
|
||||||
|
|
||||||
- for (int i; crq->attributes[i]; i++) {
|
|
||||||
+ for (i = 0; crq->attributes[i]; i++) {
|
|
||||||
attr = crq->attributes[i];
|
|
||||||
if (attr->attrType.len != oid->oid.len)
|
|
||||||
continue;
|
|
||||||
diff --git a/src/password.c b/src/password.c
|
diff --git a/src/password.c b/src/password.c
|
||||||
index 43186df..9a9c911 100644
|
index 43186df..9a9c911 100644
|
||||||
--- a/src/password.c
|
--- a/src/password.c
|
||||||
@ -113,7 +84,7 @@ index 43186df..9a9c911 100644
|
|||||||
if (isTTY) {
|
if (isTTY) {
|
||||||
fprintf(output, "\n");
|
fprintf(output, "\n");
|
||||||
diff --git a/src/pesign.c b/src/pesign.c
|
diff --git a/src/pesign.c b/src/pesign.c
|
||||||
index 890ebfc..fe77c9d 100644
|
index ff4f2bf..40a1e43 100644
|
||||||
--- a/src/pesign.c
|
--- a/src/pesign.c
|
||||||
+++ b/src/pesign.c
|
+++ b/src/pesign.c
|
||||||
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
|
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
|
||||||
@ -134,6 +105,15 @@ index 890ebfc..fe77c9d 100644
|
|||||||
|
|
||||||
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
|
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
|
||||||
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
|
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
|
||||||
--
|
diff --git a/src/signed_data.c b/src/signed_data.c
|
||||||
1.8.1.4
|
index 2fa1cdd..247ec57 100644
|
||||||
|
--- a/src/signed_data.c
|
||||||
|
+++ b/src/signed_data.c
|
||||||
|
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
|
||||||
|
SpcSignerInfo **signerInfo_list;
|
||||||
|
int err, rc;
|
||||||
|
|
||||||
|
+ err = 0;
|
||||||
|
if (!signerInfo_list_p)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
23
pesign-install-supplementary-programs.patch
Normal file
23
pesign-install-supplementary-programs.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
diff --git a/src/Makefile b/src/Makefile
|
||||||
|
index 4c86a2a..062b544 100644
|
||||||
|
--- a/src/Makefile
|
||||||
|
+++ b/src/Makefile
|
||||||
|
@@ -79,14 +79,16 @@ install :
|
||||||
|
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||||
|
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
|
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
|
||||||
|
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
|
||||||
|
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||||
|
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
|
||||||
|
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
||||||
|
|
@ -1,142 +0,0 @@
|
|||||||
From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
||||||
Date: Thu, 7 Nov 2013 16:58:04 +0800
|
|
||||||
Subject: [PATCH] Allow some commands to proceed without a NSS db
|
|
||||||
|
|
||||||
The NSS db is not necessary to calculate the hash, to show the
|
|
||||||
signature or to export the signed attributes.
|
|
||||||
|
|
||||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
||||||
---
|
|
||||||
src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
|
|
||||||
1 file changed, 53 insertions(+), 38 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/pesign.c b/src/pesign.c
|
|
||||||
index c7313a6..0cd47a8 100644
|
|
||||||
--- a/src/pesign.c
|
|
||||||
+++ b/src/pesign.c
|
|
||||||
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
|
|
||||||
int daemon = 0;
|
|
||||||
int fork = 1;
|
|
||||||
int padding = 0;
|
|
||||||
+ int need_db = 0;
|
|
||||||
|
|
||||||
char *digest_name = "sha256";
|
|
||||||
char *tokenname = "NSS Certificate DB";
|
|
||||||
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ int action = 0;
|
|
||||||
+ if (daemon)
|
|
||||||
+ action |= DAEMONIZE;
|
|
||||||
+
|
|
||||||
+ if (ctxp->rawsig) {
|
|
||||||
+ action |= IMPORT_RAW_SIGNATURE;
|
|
||||||
+ need_db = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (ctxp->insattrs)
|
|
||||||
+ action |= IMPORT_SATTRS;
|
|
||||||
+
|
|
||||||
+ if (ctxp->outsattrs)
|
|
||||||
+ action |= EXPORT_SATTRS;
|
|
||||||
+
|
|
||||||
+ if (ctxp->insig)
|
|
||||||
+ action |= IMPORT_SIGNATURE;
|
|
||||||
+
|
|
||||||
+ if (ctxp->outkey) {
|
|
||||||
+ action |= EXPORT_PUBKEY;
|
|
||||||
+ need_db = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (ctxp->outcert) {
|
|
||||||
+ action |= EXPORT_CERT;
|
|
||||||
+ need_db = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (ctxp->outsig)
|
|
||||||
+ action |= EXPORT_SIGNATURE;
|
|
||||||
+
|
|
||||||
+ if (remove != 0)
|
|
||||||
+ action |= REMOVE_SIGNATURE;
|
|
||||||
+
|
|
||||||
+ if (list != 0)
|
|
||||||
+ action |= LIST_SIGNATURES;
|
|
||||||
+
|
|
||||||
+ if (ctxp->sign) {
|
|
||||||
+ action |= GENERATE_SIGNATURE;
|
|
||||||
+ if (!(action & EXPORT_SIGNATURE))
|
|
||||||
+ action |= IMPORT_SIGNATURE;
|
|
||||||
+ need_db = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (ctxp->hash)
|
|
||||||
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
|
|
||||||
+
|
|
||||||
if (!daemon) {
|
|
||||||
- SECStatus status = NSS_Init(certdir);
|
|
||||||
+ SECStatus status;
|
|
||||||
+ if (need_db)
|
|
||||||
+ status = NSS_Init(certdir);
|
|
||||||
+ else
|
|
||||||
+ status = NSS_NoDB_Init(NULL);
|
|
||||||
if (status != SECSuccess) {
|
|
||||||
fprintf(stderr, "Could not initialize nss: %s\n",
|
|
||||||
PORT_ErrorToString(PORT_GetError()));
|
|
||||||
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
|
|
||||||
if (certname)
|
|
||||||
free(certname);
|
|
||||||
|
|
||||||
- int action = 0;
|
|
||||||
- if (daemon)
|
|
||||||
- action |= DAEMONIZE;
|
|
||||||
-
|
|
||||||
- if (ctxp->rawsig)
|
|
||||||
- action |= IMPORT_RAW_SIGNATURE;
|
|
||||||
-
|
|
||||||
- if (ctxp->insattrs)
|
|
||||||
- action |= IMPORT_SATTRS;
|
|
||||||
-
|
|
||||||
- if (ctxp->outsattrs)
|
|
||||||
- action |= EXPORT_SATTRS;
|
|
||||||
-
|
|
||||||
- if (ctxp->insig)
|
|
||||||
- action |= IMPORT_SIGNATURE;
|
|
||||||
-
|
|
||||||
- if (ctxp->outkey)
|
|
||||||
- action |= EXPORT_PUBKEY;
|
|
||||||
-
|
|
||||||
- if (ctxp->outcert)
|
|
||||||
- action |= EXPORT_CERT;
|
|
||||||
-
|
|
||||||
- if (ctxp->outsig)
|
|
||||||
- action |= EXPORT_SIGNATURE;
|
|
||||||
-
|
|
||||||
- if (remove != 0)
|
|
||||||
- action |= REMOVE_SIGNATURE;
|
|
||||||
-
|
|
||||||
- if (list != 0)
|
|
||||||
- action |= LIST_SIGNATURES;
|
|
||||||
|
|
||||||
if (ctxp->sign) {
|
|
||||||
- action |= GENERATE_SIGNATURE;
|
|
||||||
- if (!(action & EXPORT_SIGNATURE))
|
|
||||||
- action |= IMPORT_SIGNATURE;
|
|
||||||
-
|
|
||||||
if (!ctxp->cms_ctx->certname) {
|
|
||||||
fprintf(stderr, "pesign: signing requested but no "
|
|
||||||
"certificate nickname provided\n");
|
|
||||||
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (ctxp->hash)
|
|
||||||
- action |= GENERATE_DIGEST|PRINT_DIGEST;
|
|
||||||
-
|
|
||||||
ssize_t sigspace = 0;
|
|
||||||
|
|
||||||
switch (action) {
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,8 +1,14 @@
|
|||||||
Index: pesign-0.109/src/Makefile
|
---
|
||||||
===================================================================
|
src/Makefile | 2 +-
|
||||||
--- pesign-0.109.orig/src/Makefile
|
src/daemon.h | 4 ++--
|
||||||
+++ pesign-0.109/src/Makefile
|
src/macros.pesign | 2 +-
|
||||||
@@ -79,7 +79,7 @@ install_sysvinit:
|
src/pesign.sysvinit | 14 +++++++-------
|
||||||
|
src/tmpfiles.conf | 2 +-
|
||||||
|
5 files changed, 12 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
--- a/src/Makefile
|
||||||
|
+++ b/src/Makefile
|
||||||
|
@@ -74,7 +74,7 @@ install_sysvinit:
|
||||||
|
|
||||||
install :
|
install :
|
||||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||||
@ -11,25 +17,21 @@ Index: pesign-0.109/src/Makefile
|
|||||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
|
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||||
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||||
Index: pesign-0.109/src/daemon.h
|
--- a/src/daemon.h
|
||||||
===================================================================
|
+++ b/src/daemon.h
|
||||||
--- pesign-0.109.orig/src/daemon.h
|
@@ -49,7 +49,7 @@ typedef enum {
|
||||||
+++ pesign-0.109/src/daemon.h
|
|
||||||
@@ -47,7 +47,7 @@ typedef enum {
|
|
||||||
} pesignd_cmd;
|
} pesignd_cmd;
|
||||||
|
|
||||||
#define PESIGND_VERSION 0xa3cf41cb
|
#define PESIGND_VERSION 0x2a9edaf0
|
||||||
-#define SOCKPATH "/var/run/pesign/socket"
|
-#define SOCKPATH "/var/run/pesign/socket"
|
||||||
-#define PIDFILE "/var/run/pesign.pid"
|
-#define PIDFILE "/var/run/pesign.pid"
|
||||||
+#define SOCKPATH "/run/pesign/socket"
|
+#define SOCKPATH "/run/pesign/socket"
|
||||||
+#define PIDFILE "/run/pesign.pid"
|
+#define PIDFILE "/run/pesign.pid"
|
||||||
|
|
||||||
#endif /* DAEMON_H */
|
#endif /* DAEMON_H */
|
||||||
Index: pesign-0.109/src/macros.pesign
|
--- a/src/macros.pesign
|
||||||
===================================================================
|
+++ b/src/macros.pesign
|
||||||
--- pesign-0.109.orig/src/macros.pesign
|
@@ -36,7 +36,7 @@
|
||||||
+++ pesign-0.109/src/macros.pesign
|
|
||||||
@@ -34,7 +34,7 @@
|
|
||||||
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
|
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
|
||||||
--certdir ${nss} -c signer %{-o} \
|
--certdir ${nss} -c signer %{-o} \
|
||||||
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
|
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
|
||||||
@ -38,10 +40,8 @@ Index: pesign-0.109/src/macros.pesign
|
|||||||
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
|
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
|
||||||
-c "/CN=Fedora Secure Boot Signer" \\\
|
-c "/CN=Fedora Secure Boot Signer" \\\
|
||||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||||
Index: pesign-0.109/src/pesign.sysvinit
|
--- a/src/pesign.sysvinit
|
||||||
===================================================================
|
+++ b/src/pesign.sysvinit
|
||||||
--- pesign-0.109.orig/src/pesign.sysvinit
|
|
||||||
+++ pesign-0.109/src/pesign.sysvinit
|
|
||||||
@@ -4,7 +4,7 @@
|
@@ -4,7 +4,7 @@
|
||||||
#
|
#
|
||||||
# chkconfig: - 50 50
|
# chkconfig: - 50 50
|
||||||
@ -81,10 +81,8 @@ Index: pesign-0.109/src/pesign.sysvinit
|
|||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
echo
|
echo
|
||||||
rm -f /var/lock/subsys/pesign
|
rm -f /var/lock/subsys/pesign
|
||||||
Index: pesign-0.109/src/tmpfiles.conf
|
--- a/src/tmpfiles.conf
|
||||||
===================================================================
|
+++ b/src/tmpfiles.conf
|
||||||
--- pesign-0.109.orig/src/tmpfiles.conf
|
|
||||||
+++ pesign-0.109/src/tmpfiles.conf
|
|
||||||
@@ -1 +1 @@
|
@@ -1 +1 @@
|
||||||
-D /var/run/pesign 0770 pesign pesign -
|
-D /var/run/pesign 0770 pesign pesign -
|
||||||
+D /run/pesign 0770 pesign pesign -
|
+D /run/pesign 0770 pesign pesign -
|
||||||
|
@ -1,11 +1,9 @@
|
|||||||
---
|
---
|
||||||
Make.defaults | 5 +++--
|
Make.defaults | 5 +++--
|
||||||
Make.rules | 4 ++--
|
Make.rules | 3 ++-
|
||||||
Makefile | 4 ++--
|
|
||||||
src/Makefile | 9 +++++----
|
|
||||||
src/pesign.sysvinit | 12 ++++++++----
|
src/pesign.sysvinit | 12 ++++++++----
|
||||||
util/Makefile | 6 +++---
|
util/Makefile | 6 +++---
|
||||||
6 files changed, 23 insertions(+), 17 deletions(-)
|
4 files changed, 16 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
--- a/Make.defaults
|
--- a/Make.defaults
|
||||||
+++ b/Make.defaults
|
+++ b/Make.defaults
|
||||||
@ -13,13 +11,13 @@
|
|||||||
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
|
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
|
||||||
INCDIR = -I$(TOPDIR)/include
|
INCDIR = -I$(TOPDIR)/include
|
||||||
CPPFLAGS = -DCONFIG_$(ARCH)
|
CPPFLAGS = -DCONFIG_$(ARCH)
|
||||||
-CFLAGS = $(ARCH3264) -g -O0 -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
|
-CFLAGS = -g -O0
|
||||||
+OPTFLAGS = -O0 -g
|
+OPTFLAGS = -g -O0
|
||||||
+CFLAGS = $(ARCH3264) $(OPTFLAGS) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
|
+CFLAGS = $(OPTFLAGS)
|
||||||
|
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
|
||||||
ASFLAGS = $(ARCH3264)
|
ASFLAGS = $(ARCH3264)
|
||||||
LDFLAGS = -nostdlib
|
LDFLAGS = -nostdlib
|
||||||
CCLDFLAGS = -shared
|
@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
|
||||||
@@ -22,7 +23,7 @@ OBJCOPY = $(bindir)objcopy
|
|
||||||
|
|
||||||
ifeq ($(ARCH),ia64)
|
ifeq ($(ARCH),ia64)
|
||||||
CFLAGS += -mfixed-range=f32-f127
|
CFLAGS += -mfixed-range=f32-f127
|
||||||
@ -30,7 +28,7 @@
|
|||||||
ifeq ($(ARCH), ia32)
|
ifeq ($(ARCH), ia32)
|
||||||
--- a/Make.rules
|
--- a/Make.rules
|
||||||
+++ b/Make.rules
|
+++ b/Make.rules
|
||||||
@@ -2,10 +2,10 @@
|
@@ -2,10 +2,11 @@
|
||||||
$(AR) -cvqs $@ $^
|
$(AR) -cvqs $@ $^
|
||||||
|
|
||||||
% : %.o
|
% : %.o
|
||||||
@ -38,11 +36,11 @@
|
|||||||
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
|
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
|
||||||
|
|
||||||
%.so :
|
%.so :
|
||||||
- $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
|
$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
|
||||||
+ $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
|
+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
|
||||||
|
|
||||||
%.o: %.c
|
%.o: %.c
|
||||||
$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
|
$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||||
--- a/util/Makefile
|
--- a/util/Makefile
|
||||||
+++ b/util/Makefile
|
+++ b/util/Makefile
|
||||||
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
|
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
|
||||||
@ -53,7 +51,7 @@
|
|||||||
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||||
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
||||||
CCLDFLAGS =
|
CCLDFLAGS =
|
||||||
CFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
||||||
@@ -17,8 +17,8 @@ clean :
|
@@ -17,8 +17,8 @@ clean :
|
||||||
@rm -rfv *.o *.a *.so $(TARGETS)
|
@rm -rfv *.o *.a *.so $(TARGETS)
|
||||||
|
|
||||||
|
@ -1,3 +1,21 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Update to version 0.110
|
||||||
|
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
|
||||||
|
authvar
|
||||||
|
- Add pesign-install-supplementary-programs.patch to install the
|
||||||
|
supplementary programs
|
||||||
|
- Refresh patches
|
||||||
|
+ pesign-fix-build-errors.patch
|
||||||
|
+ pesign-run.patch
|
||||||
|
+ pesign-suse-build.patch
|
||||||
|
- Drop upstreamed patches
|
||||||
|
+ pesign-clear-padding-bits.patch
|
||||||
|
+ pesign-enable-supplementary-programs.patch
|
||||||
|
+ pesign-no-db.patch
|
||||||
|
- Enable aarch64
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
|
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
25
pesign.spec
25
pesign.spec
@ -17,36 +17,36 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: pesign
|
Name: pesign
|
||||||
Version: 0.109
|
Version: 0.110
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Signing tool for PE-COFF binaries
|
Summary: Signing tool for PE-COFF binaries
|
||||||
License: GPL-2.0
|
License: GPL-2.0
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
Url: https://github.com/vathpela/pesign
|
Url: https://github.com/vathpela/pesign
|
||||||
Source: %{name}-%{version}.tar.gz
|
Source: %{name}-%{version}.tar.bz2
|
||||||
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
|
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
|
||||||
Patch1: pesign-suse-build.patch
|
Patch1: pesign-suse-build.patch
|
||||||
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
|
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
|
||||||
Patch2: pesign-fix-build-errors.patch
|
Patch2: pesign-fix-build-errors.patch
|
||||||
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
|
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
|
||||||
Patch3: pesign-privkey_unneeded.diff
|
Patch3: pesign-privkey_unneeded.diff
|
||||||
# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list
|
|
||||||
Patch4: pesign-clear-padding-bits.patch
|
|
||||||
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
|
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
|
||||||
Patch6: use-standard-pid-location.patch
|
Patch4: use-standard-pid-location.patch
|
||||||
# PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database
|
|
||||||
Patch7: pesign-no-db.patch
|
|
||||||
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
|
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
|
||||||
Patch8: pesign-run.patch
|
Patch5: pesign-run.patch
|
||||||
# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch glin@suse.com -- Fix and enable the supplementary programs
|
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
|
||||||
Patch9: pesign-enable-supplementary-programs.patch
|
Patch6: pesign-fix-authvar-write-loop.patch
|
||||||
|
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs
|
||||||
|
Patch7: pesign-install-supplementary-programs.patch
|
||||||
|
BuildRequires: efivar-devel
|
||||||
|
BuildRequires: libuuid-devel
|
||||||
BuildRequires: mozilla-nss-devel
|
BuildRequires: mozilla-nss-devel
|
||||||
BuildRequires: pkg-config
|
BuildRequires: pkg-config
|
||||||
BuildRequires: popt-devel
|
BuildRequires: popt-devel
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
PreReq: pwdutils
|
PreReq: pwdutils
|
||||||
ExclusiveArch: ia64 %ix86 x86_64
|
ExclusiveArch: ia64 %ix86 x86_64 aarch64
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
|
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
|
||||||
@ -64,10 +64,9 @@ Authors:
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
|
||||||
%patch9 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make OPTFLAGS="$RPM_OPT_FLAGS"
|
make OPTFLAGS="$RPM_OPT_FLAGS"
|
||||||
|
Loading…
Reference in New Issue
Block a user