# # spec file for package pesign # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: pesign Version: 0.109 Release: 0 Summary: Signing tool for PE-COFF binaries License: GPL-2.0 Group: Productivity/Security Url: https://github.com/vathpela/pesign Source: %{name}-%{version}.tar.gz # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings Patch2: pesign-fix-build-errors.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature Patch3: pesign-privkey_unneeded.diff # PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list Patch4: pesign-clear-padding-bits.patch # PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile Patch6: use-standard-pid-location.patch # PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database Patch7: pesign-no-db.patch # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run Patch8: pesign-run.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel BuildRequires: pkgconfig(systemd) %{?systemd_requires} PreReq: pwdutils ExclusiveArch: ia64 %ix86 x86_64 %description Signing tool for PE-COFF binaries, hopefully at least vaguely compliant with the PE and Authenticode specifications. Authors: -------- Peter Jones %prep %setup -q %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" %install make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign mkdir -p $RPM_BUILD_ROOT%{_sbindir} make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd # there's some stuff that's not really meant to be shipped yet rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}%{_libdir}/libdpe* %pre getent group pesign >/dev/null || groupadd -r pesign getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign %service_add_pre pesign.service %preun %service_del_preun pesign.service %post %service_add_post pesign.service systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf %postun %service_del_preun pesign.service %files %defattr(-,root,root) %doc COPYING %{_bindir}/pesign %{_bindir}/pesign-client %{_bindir}/efikeygen %dir %{_sysconfdir}/popt.d %config %{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/pki/ %config %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man?/* /var/lib/pesign %{_unitdir}/pesign.service /usr/lib/tmpfiles.d/pesign.conf %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %ghost %dir %attr(0770,pesign,pesign) /run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} %changelog