Commit Graph

50 Commits

Author SHA256 Message Date
Gary Ching-Pang Lin
361faa327f Accepting request 1069048 from home:gary_lin:branches:Base:System
Update to 116

OBS-URL: https://build.opensuse.org/request/show/1069048
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=70
2023-03-03 03:06:48 +00:00
Gary Ching-Pang Lin
88fb4f57d3 Accepting request 1063580 from home:gary_lin:bsc1202933
- Add pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
  to use the normal file permissions in pesign-authorize to avoid
  the potential security issue (bsc#1202933, CVE-2022-3560)
- Set the libexecdir path for "make" to fix the path to
  pesign-authorize in pesign.service (bsc#1202933)
- Add pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch to make
  the default NSS datebase writeable (bsc#1202933)

OBS-URL: https://build.opensuse.org/request/show/1063580
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=68
2023-02-08 05:33:34 +00:00
Gary Ching-Pang Lin
9d2a16ba0d Revert the testing 115 change
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=67
2022-12-02 08:34:18 +00:00
Gary Ching-Pang Lin
2a0da6d5f1 - Update to 115
+ macros: drop %{_pesign_args}
  + Fix two bugs from package building
  + Fix bad free of cms data (DoS only)
  + Send pesign stdout/err to systemd journal
  + Add missing Install section
  + Add default packages for pkg-config
  + Short delay to ensure /run/pesign/socket exists
  + Resolve crash when signature that is removed is not the end of
    the list
  + Enhance error diagnostics about version mismatch
  + Upstream all Fedora changes
  + Add some hardening options to build
  + Add code of conduct
  + Fix build on gcc 12 and non-Fedora
- Refresh patches
  + harden_pesign.service.patch
  + pesign-boo1143063-remove-var-tracking.patch
  + pesign-boo1185663-set-rpmmacrodir.patch
  + pesign-fix-authvar-write-loop.patch
  + pesign-suse-build.patch
- Remove upstreamed/unnecessary patches
  + pesign-boo1158197-fix-pesigncheck-gcc10.patch
  + pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
  + pesign-privkey_unneeded.diff
  + pesign-run.patch
  + Fix wrong oid offsets (bsc#1205323)

OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=66
2022-12-02 08:28:13 +00:00
b82dff3fc0 - Enable build on riscv64
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=65
2021-11-21 10:54:50 +00:00
dfb58385dd Accepting request 930475 from home:gmbr3:Active
- Change to systemd-sysusers

OBS-URL: https://build.opensuse.org/request/show/930475
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=64
2021-11-21 10:53:14 +00:00
7325262251 Accepting request 926696 from home:jsegitz:branches:systemdhardening:Base:System
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/926696
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=63
2021-10-29 12:59:42 +00:00
Gary Ching-Pang Lin
0d9814b3ce Accepting request 898486 from home:wfrisch:branches:Base:System
Link as Position Independent Executable (bsc#1184124).

OBS-URL: https://build.opensuse.org/request/show/898486
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=61
2021-06-09 07:04:56 +00:00
Gary Ching-Pang Lin
17afa5eaaa Accepting request 891212 from home:gary_lin:branches:Base:System
- Stop marking macros.pesign as %config

OBS-URL: https://build.opensuse.org/request/show/891212
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=59
2021-05-07 07:45:59 +00:00
Gary Ching-Pang Lin
a886b9fdba Accepting request 890939 from home:gary_lin:branches:Base:System
set the rpm macro directory at build time (boo#1185663)

OBS-URL: https://build.opensuse.org/request/show/890939
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=58
2021-05-06 09:48:22 +00:00
Gary Ching-Pang Lin
a6fc646b97 Accepting request 800368 from home:dimstar:Factory
- Use %_tmpfilesdir instead of %{_libexecdir}/tmpfiles.d.

OBS-URL: https://build.opensuse.org/request/show/800368
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=56
2020-05-06 01:06:06 +00:00
Gary Ching-Pang Lin
785a24a77a Accepting request 753850 from home:gary_lin:branches:Base:System
remove the superfluous type settings in pesigcheck to fix the gcc10 errors (boo#1158197)

OBS-URL: https://build.opensuse.org/request/show/753850
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=54
2019-12-04 02:51:34 +00:00
Gary Ching-Pang Lin
238e3f87eb Accepting request 719976 from home:gary_lin:branches:Base:System
- Add pesign-boo1143063-remove-var-tracking.patch to remove
  var-tracking from the default CFLAGS (boo#1143063)

OBS-URL: https://build.opensuse.org/request/show/719976
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=52
2019-07-31 03:41:57 +00:00
Gary Ching-Pang Lin
723d4ba6dc Accepting request 714599 from home:gary_lin:branches:Base:System
- Add pesign-efikeygen-Fix-the-build-with-nss-3.44.patch to fix
  the compilation error when building with NSS 3.44

OBS-URL: https://build.opensuse.org/request/show/714599
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=50
2019-07-11 09:05:00 +00:00
Gary Ching-Pang Lin
afc9cbda91 Accepting request 706870 from home:jengelh:branches:Base:System
- Trim conjecture from description.

OBS-URL: https://build.opensuse.org/request/show/706870
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=48
2019-06-03 07:10:55 +00:00
Gary Ching-Pang Lin
2820983477 Accepting request 702580 from home:gary_lin:branches:Base:System
Update to 113

OBS-URL: https://build.opensuse.org/request/show/702580
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=46
2019-05-13 07:18:23 +00:00
Ludwig Nussel
647c93e403 add bug number
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=43
2019-05-10 08:43:50 +00:00
Gary Ching-Pang Lin
868aac9416 Accepting request 701792 from home:Guillaume_G:branches:Base:System
- Enable build on %arm as we can sign kernel on %arm

OBS-URL: https://build.opensuse.org/request/show/701792
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=42
2019-05-10 06:29:21 +00:00
Gary Ching-Pang Lin
f0990d82c1 Accepting request 698178 from home:jubalh:branches:Base:System
- bsc#1130588: Require shadow instead of old pwdutils

OBS-URL: https://build.opensuse.org/request/show/698178
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=41
2019-04-29 03:44:06 +00:00
Gary Ching-Pang Lin
e866d20c61 Accepting request 592975 from home:gary_lin:branches:Base:System
fix the generation of efi signature list. (bsc#1087742)

OBS-URL: https://build.opensuse.org/request/show/592975
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=40
2018-04-02 09:54:53 +00:00
Gary Ching-Pang Lin
f771e7ff2e Accepting request 418378 from home:gary_lin:branches:Base:System
fix the argument list parsing

OBS-URL: https://build.opensuse.org/request/show/418378
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=39
2016-08-11 04:10:05 +00:00
303a536520 Accepting request 391261 from home:gary_lin:branches:Base:System
- Update to 0.112
- Refresh patches: pesign-suse-build.patch and pesign-run.patch
- Drop upstreamed pesign-fix-signness.patch


This fixes also gcc6 build failure. It blocks gcc6. So do you think is
it OK to push it now?

OBS-URL: https://build.opensuse.org/request/show/391261
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=38
2016-04-26 14:58:40 +00:00
Gary Ching-Pang Lin
77ba02a504 Accepting request 346965 from home:gary_lin:branches:Base:System
Use the upstream tarball instead of the one made in my local git

OBS-URL: https://build.opensuse.org/request/show/346965
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=37
2015-12-01 09:17:44 +00:00
Gary Ching-Pang Lin
3e44889555 Accepting request 346961 from home:gary_lin:branches:Base:System
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
  + pesign-efivar-pkgconfig.patch
  + pesign-make-efi_guid_t-const.patch
  + pesign-fix-import-sig-check.patch
  + pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
  and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch

OBS-URL: https://build.opensuse.org/request/show/346961
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=36
2015-12-01 09:03:35 +00:00
Gary Ching-Pang Lin
8b2e52b508 Accepting request 328241 from home:dimstar:Factory
This fixes the "unresolvable" currently seen in openSUSE:Factory; the || : is used in many other places (most often introdcued by jengelh)

OBS-URL: https://build.opensuse.org/request/show/328241
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=35
2015-09-01 07:29:06 +00:00
Gary Ching-Pang Lin
5595ee282c Accepting request 322868 from home:pluskalm:branches:Base:System
- Update project url
- Use url for download
- Add rcpesign symlink
- Tiny spec file cleanup with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/322868
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=34
2015-08-17 02:24:40 +00:00
Dr. Werner Fink
4af6aa8c9f .
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=33
2015-07-13 11:07:47 +00:00
Gary Ching-Pang Lin
59eb44c608 Accepting request 312219 from home:gary_lin:branches:Base:System
Add patches to adopt the latest efivar

OBS-URL: https://build.opensuse.org/request/show/312219
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=32
2015-06-16 07:46:08 +00:00
Gary Ching-Pang Lin
91f29681d8 Accepting request 263190 from home:gary_lin:branches:Base:System
- fix the signature size check while importing a signature
- Amend the spec file with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/263190
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=31
2014-11-27 02:23:44 +00:00
Gary Ching-Pang Lin
6268b01894 Accepting request 259127 from home:gary_lin:branches:Base:System
- Update pesign-suse-build.patch to set LIBDIR for AArch64

OBS-URL: https://build.opensuse.org/request/show/259127
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=30
2014-10-31 10:20:50 +00:00
Gary Ching-Pang Lin
f4ca0bfbd9 Accepting request 258749 from home:gary_lin:branches:Base:System
- Update to version 0.110
- Enable aarch64

OBS-URL: https://build.opensuse.org/request/show/258749
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=29
2014-10-29 08:11:07 +00:00
Gary Ching-Pang Lin
4c96fbc74b Accepting request 239077 from home:gary_lin:branches:Base:System
Update pesign-enable-supplementary-programs.patch to fix write loop

OBS-URL: https://build.opensuse.org/request/show/239077
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=28
2014-07-01 08:00:22 +00:00
Gary Ching-Pang Lin
391395f6e3 Accepting request 236930 from home:gary_lin:branches:Base:System
fix and enable the supplementary programs: pesigcheck, authvar, efisiglist

OBS-URL: https://build.opensuse.org/request/show/236930
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=27
2014-06-12 03:26:16 +00:00
Gary Ching-Pang Lin
1a493a1467 Accepting request 230287 from home:a_jaeger:FactoryFix
Use /run

OBS-URL: https://build.opensuse.org/request/show/230287
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=26
2014-04-16 07:27:13 +00:00
16f7a07b24 - mark dir in /var/run as %ghost
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=25
2014-01-31 08:52:14 +00:00
Gary Ching-Pang Lin
89048ff100 Accepting request 209210 from home:gary_lin:branches:Base:System
Add pesign-no-db.patch to allow some commands to proceed without a NSS database.

OBS-URL: https://build.opensuse.org/request/show/209210
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=24
2013-12-03 02:58:26 +00:00
Gary Ching-Pang Lin
83c5dc8ffe Accepting request 204477 from home:gary_lin:branches:Base:System
Revert the dowload Url since it's not valid

OBS-URL: https://build.opensuse.org/request/show/204477
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=23
2013-10-24 03:21:43 +00:00
Gary Ching-Pang Lin
48bd98c0d3 Accepting request 204436 from home:posophe:branches:Base:System
Update and some improvements

OBS-URL: https://build.opensuse.org/request/show/204436
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=22
2013-10-24 02:13:34 +00:00
Gary Ching-Pang Lin
146aff81ea Accepting request 183593 from home:gary_lin:branches:Base:System
Add pesign-allow-no-issuer-cert.patch to avoid crash when the
issuer's certificate is not available

OBS-URL: https://build.opensuse.org/request/show/183593
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=21
2013-07-18 07:25:53 +00:00
Gary Ching-Pang Lin
b0787edea1 Accepting request 183190 from home:gary_lin:branches:Base:System
Update to 0.106

OBS-URL: https://build.opensuse.org/request/show/183190
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=18
2013-07-16 06:43:52 +00:00
Gary Ching-Pang Lin
5e7dc4bc7e Accepting request 161509 from home:gary_lin:branches:Base:System
bnc#808594: fix the alignment of the signature list

OBS-URL: https://build.opensuse.org/request/show/161509
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=16
2013-03-28 03:56:52 +00:00
Gary Ching-Pang Lin
97cd6275b9 Accepting request 156902 from home:gary_lin:branches:Base:System
- Update pesign-bnc805166-fix-signature-list.patch to avoid the potential crash when inserting a signature (bnc#805166)
- Add pwdutils to PreReq

OBS-URL: https://build.opensuse.org/request/show/156902
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=14
2013-03-01 03:31:27 +00:00
ed0b396886 Accepting request 156290 from home:gary_lin:branches:Base:System
Update pesign-bnc805166-fix-signature-list.patch to skip the unneeded private key request. (bnc#805166c#17)

OBS-URL: https://build.opensuse.org/request/show/156290
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=12
2013-02-25 10:09:38 +00:00
0b5d673ec8 Accepting request 156163 from home:joeyli:branches:openSUSE:Factory:bnc805166
Modified pesign-bnc805166-fix-signature-list.patch, block out the source code for find/attach Issuer certificate (bnc#805166 comment#13)

OBS-URL: https://build.opensuse.org/request/show/156163
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=11
2013-02-24 11:07:40 +00:00
Gary Ching-Pang Lin
4e39e383dd - Add pesign-bnc805166-fix-signature-list.patch to fix the broken
signature list when inserting signature into a signed EFI binary
  (bnc#805166)

OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=9
2013-02-22 10:15:20 +00:00
3adf11f3a3 fix signing
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=7
2013-02-12 16:03:26 +00:00
Gary Ching-Pang Lin
fa50606847 Accepting request 151539 from home:gary_lin:branches:Base:System
- Merge patches for FATE#314552
  + pesign-fix-export-attributes.patch: fix crash when exporting
    the signed attributes
  + pesign-privkey_unneeded.diff: Don't check the private key when
    importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
  freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.

OBS-URL: https://build.opensuse.org/request/show/151539
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=5
2013-02-07 02:04:33 +00:00
Gary Ching-Pang Lin
996fffcf04 Accepting request 149385 from home:gary_lin:branches:Base:System
Add pesign-digestdata.diff to generate digestdata (FATE#314552)

OBS-URL: https://build.opensuse.org/request/show/149385
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=3
2013-01-21 10:35:31 +00:00
Stephan Kulow
29377c95e3 Accepting request 148522 from Base:System
New package pesign, the signing tool for PE-COFF

OBS-URL: https://build.opensuse.org/request/show/148522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=1
2013-01-17 08:54:39 +00:00
Andreas Jaeger
0ad967d243 Accepting request 148393 from home:gary_lin:UEFI
Pesign is a tool to sign PE-COFF binaries which is the format
used in UEFI. The UEFI loader, shim, needs pesign for package
building.

OBS-URL: https://build.opensuse.org/request/show/148393
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=1
2013-01-14 10:49:40 +00:00