0ad967d243
Pesign is a tool to sign PE-COFF binaries which is the format used in UEFI. The UEFI loader, shim, needs pesign for package building. OBS-URL: https://build.opensuse.org/request/show/148393 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=1
86 lines
2.5 KiB
Diff
86 lines
2.5 KiB
Diff
commit 21439f502b16cd168950cc2e38bfd6b6353ee428
|
|
Author: Matthew Garrett <mjg59@srcf.ucam.org>
|
|
Date: Tue Nov 27 10:11:36 2012 -0500
|
|
|
|
Add support for local certificate database directories
|
|
|
|
Users may wish to use a certificate database other than the systemwide
|
|
one. Add an option for that.
|
|
|
|
---
|
|
src/daemon.c | 4 ++--
|
|
src/daemon.h | 2 +-
|
|
src/pesign.c | 9 +++++++--
|
|
3 files changed, 10 insertions(+), 5 deletions(-)
|
|
|
|
--- a/src/daemon.c
|
|
+++ b/src/daemon.c
|
|
@@ -877,7 +877,7 @@ err:
|
|
}
|
|
|
|
int
|
|
-daemonize(cms_context *cms_ctx, int do_fork)
|
|
+daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
|
{
|
|
int rc = 0;
|
|
context ctx = {
|
|
@@ -913,7 +913,7 @@ daemonize(cms_context *cms_ctx, int do_f
|
|
"pesignd starting (pid %d)", ctx.pid);
|
|
|
|
|
|
- SECStatus status = NSS_Init("/etc/pki/pesign");
|
|
+ SECStatus status = NSS_Init(certdir);
|
|
if (status != SECSuccess) {
|
|
fprintf(stderr, "Could not initialize nss: %s\n",
|
|
PORT_ErrorToString(PORT_GetError()));
|
|
--- a/src/daemon.h
|
|
+++ b/src/daemon.h
|
|
@@ -19,7 +19,7 @@
|
|
#ifndef DAEMON_H
|
|
#define DAEMON_H 1
|
|
|
|
-extern int daemonize(cms_context *ctx, int do_fork);
|
|
+extern int daemonize(cms_context *ctx, char *certdir, int do_fork);
|
|
|
|
typedef struct {
|
|
uint32_t version;
|
|
--- a/src/pesign.c
|
|
+++ b/src/pesign.c
|
|
@@ -443,6 +443,7 @@ main(int argc, char *argv[])
|
|
char *tokenname = "NSS Certificate DB";
|
|
char *origtoken = tokenname;
|
|
char *certname = NULL;
|
|
+ char *certdir = "/etc/pki/pesign";
|
|
|
|
rc = pesign_context_new(&ctxp);
|
|
if (rc < 0) {
|
|
@@ -460,6 +461,10 @@ main(int argc, char *argv[])
|
|
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
|
|
"specify certificate nickname",
|
|
"<certificate nickname>" },
|
|
+ {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
|
|
+ &certdir, 0,
|
|
+ "specify nss certificate database directory",
|
|
+ "<certificate directory path>" },
|
|
{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
|
|
"specify private key file", "<privkey>" },
|
|
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
|
|
@@ -542,7 +547,7 @@ main(int argc, char *argv[])
|
|
poptFreeContext(optCon);
|
|
|
|
if (!daemon) {
|
|
- SECStatus status = NSS_Init("/etc/pki/pesign");
|
|
+ SECStatus status = NSS_Init(certdir);
|
|
if (status != SECSuccess) {
|
|
fprintf(stderr, "Could not initialize nss: %s\n",
|
|
PORT_ErrorToString(PORT_GetError()));
|
|
@@ -796,7 +801,7 @@ main(int argc, char *argv[])
|
|
close_output(ctxp);
|
|
break;
|
|
case DAEMONIZE:
|
|
- rc = daemonize(ctxp->cms_ctx, fork);
|
|
+ rc = daemonize(ctxp->cms_ctx, certdir, fork);
|
|
break;
|
|
default:
|
|
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
|