2013-01-14 11:49:40 +01:00
#
# spec file for package pesign
#
2013-01-21 11:35:31 +01:00
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
2013-01-14 11:49:40 +01:00
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name : pesign
Version : 0.99
2013-01-21 11:35:31 +01:00
Release : 0
2013-01-14 11:49:40 +01:00
Summary : Signing tool for PE-COFF binaries
2013-01-21 11:35:31 +01:00
License : GPL-2.0
2013-01-14 11:49:40 +01:00
Group : Productivity/Security
2013-01-21 11:35:31 +01:00
Url : https://github.com/vathpela/pesign
2013-01-14 11:49:40 +01:00
Source : %{name} -%{version} .tar.bz2
# PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch glin@suse.com -- fixes from upstream
Patch0 : pesign-upstream-fixes.patch
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch1 : pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
Patch2 : pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-client-initialize-action.patch glin@suse.com -- Initialize the actions variable
Patch3 : pesign-client-initialize-action.patch
# PATCH-FIX-UPSTREAM pesign-client-read-pin-file.patch glin@suse.com -- Fix pin file reading error
Patch4 : pesign-client-read-pin-file.patch
# PATCH-FIX-UPSTREAM pesign-local-database.patch glin@suse.com -- Support local certificate database
Patch5 : pesign-local-database.patch
2013-02-07 03:04:33 +01:00
# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch glin@suse.com -- Fix crash when freeing digests
Patch7 : pesign-bnc801653-teardown-segfault.patch
# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch glin@suse.com -- Fix crash when exporting attributes
Patch9 : pesign-fix-export-attributes.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
Patch10 : pesign-privkey_unneeded.diff
2013-02-12 17:03:26 +01:00
Patch11 : pesign-no-set-image-size.patch
2013-02-22 11:15:20 +01:00
# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 glin@suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary.
Patch12 : pesign-bnc805166-fix-signature-list.patch
2013-03-28 04:56:52 +01:00
# PATCH-FIX-UPSTREAM pesign-bnc808594-align-signatures.patch bnc#808594,bnc#811325 glin@suse.com -- Align the signatures to 8-bytes
Patch13 : pesign-bnc808594-align-signatures.patch
2013-01-14 11:49:40 +01:00
BuildRequires : mozilla-nss-devel
BuildRequires : pkg-config
2013-01-21 11:35:31 +01:00
BuildRequires : popt-devel
2013-01-14 11:49:40 +01:00
%if 0%{?suse_version} > 1140
BuildRequires : pkgconfig(systemd)
%{?systemd_requires}
%define has_systemd 1
%endif
2013-03-01 04:31:27 +01:00
PreReq : pwdutils
2013-01-14 11:49:40 +01:00
BuildRoot : %{_tmppath} /%{name} -%{version} -build
ExclusiveArch : ia64 %ix86 x86_64
%description
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
with the PE and Authenticode specifications.
Authors:
--------
Peter Jones <pjones@redhat.com>
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
2013-02-07 03:04:33 +01:00
%patch7 -p1
%patch9 -p1
%patch10 -p1
2013-02-12 17:03:26 +01:00
%patch11 -p1
2013-02-22 11:15:20 +01:00
%patch12 -p1
2013-03-28 04:56:52 +01:00
%patch13 -p1
2013-01-14 11:49:40 +01:00
%build
make OPTFLAGS=" $RPM_OPT_FLAGS "
%install
make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install
mkdir -p $RPM_BUILD_ROOT %{_localstatedir} /lib/pesign
mkdir -p $RPM_BUILD_ROOT %{_sbindir}
%if 0%{?has_systemd}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
ln -sf /sbin/service $RPM_BUILD_ROOT /%{_sbindir} /rcpesign
%else
make INSTALLROOT=%{buildroot} install_sysvinit
ln -sf %{_sysconfdir} /init.d/pesign $RPM_BUILD_ROOT /%{_sbindir} /rcpesign
%endif
# there's some stuff that's not really meant to be shipped yet
rm -rf %{buildroot} /boot %{buildroot} /usr/include
rm -rf %{buildroot} %{_libdir} /libdpe*
%clean
%{?buildroot:%__rm -rf " %{buildroot} " }
%pre
getent group pesign >/dev/null || groupadd -r pesign
getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c " P E - C O F F s i g n i n g d a e m o n " pesign
%if 0%{?has_systemd}
%service_add_pre pesign.service
%endif
%preun
%if 0%{?has_systemd}
%service_del_preun pesign.service
%else
%stop_on_removal pesign
%endif
%post
%if 0%{?has_systemd}
%service_add_post pesign.service
systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf
%endif
%postun
%if 0%{?has_systemd}
%service_del_preun pesign.service
%else
%restart_on_update pesign
%insserv_cleanup
%endif
%files
%defattr (-,root,root)
%doc COPYING
%{_bindir} /pesign
%{_bindir} /pesign-client
%dir %{_sysconfdir} /popt.d
%config %{_sysconfdir} /popt.d/pesign.popt
%{_sysconfdir} /pki/
%config %{_sysconfdir} /rpm/macros.pesign
%{_mandir} /man?/*
/var/lib/pesign
%if 0%{?has_systemd}
%{_unitdir} /pesign.service
/usr/lib/tmpfiles.d/pesign.conf
%else
%{_sysconfdir} /init.d/pesign
%endif
%{_sbindir} /rcpesign
%dir %attr (0775,pesign,pesign) %{_sysconfdir} /pki/pesign
%dir %attr (0770,pesign,pesign) %{_localstatedir} /run/%{name}
%dir %attr (0770,pesign,pesign) %{_localstatedir} /lib/%{name}
%changelog
