SHA256
1
0
forked from pool/pesign

Accepting request 346966 from Base:System

- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
  + pesign-efivar-pkgconfig.patch
  + pesign-make-efi_guid_t-const.patch
  + pesign-fix-import-sig-check.patch
  + pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
  and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch

OBS-URL: https://build.opensuse.org/request/show/346966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=25
This commit is contained in:
Dominique Leuenberger 2015-12-23 07:48:12 +00:00 committed by Git OBS Bridge
commit 2685a40d0e
14 changed files with 260 additions and 365 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
size 87420

3
pesign-0.111.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c6d52cbf1d8551be94497a96380d3b0497be331f9eb0af6250a854c0bc2225b9
size 89630

View File

@ -1,28 +0,0 @@
From 2a1de2b6535161b1bd600ec2262e81e9f7aeffcc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 26 May 2015 09:43:10 -0400
Subject: [PATCH] Make efivar compiler parameters come from pkg-config.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 007505c..dd69425 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -3,8 +3,8 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
-PKLIBS = nss
-LIBS = popt uuid efivar
+PKLIBS = nss efivar
+LIBS = popt uuid
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
LDFLAGS =
CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
--
2.1.4

View File

@ -1,7 +1,7 @@
diff --git a/src/daemon.c b/src/daemon.c Index: pesign-0.111/src/daemon.c
index c14b64b..5652ba1 100644 ===================================================================
--- a/src/daemon.c --- pesign-0.111.orig/src/daemon.c
+++ b/src/daemon.c +++ pesign-0.111/src/daemon.c
@@ -544,7 +544,11 @@ malformed: @@ -544,7 +544,11 @@ malformed:
if (rc < 0) { if (rc < 0) {
err_attached: err_attached:
@ -55,7 +55,7 @@ index c14b64b..5652ba1 100644
} }
finish: finish:
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork) @@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce
exit(1); exit(1);
} }
@ -69,11 +69,11 @@ index c14b64b..5652ba1 100644
if (getuid() == 0) { if (getuid() == 0) {
/* process is running as root, drop privileges */ /* process is running as root, drop privileges */
diff --git a/src/password.c b/src/password.c Index: pesign-0.111/src/password.c
index 43186df..9a9c911 100644 ===================================================================
--- a/src/password.c --- pesign-0.111.orig/src/password.c
+++ b/src/password.c +++ pesign-0.111/src/password.c
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, @@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input
echoOff(infd); echoOff(infd);
} }
@ -83,10 +83,10 @@ index 43186df..9a9c911 100644
if (isTTY) { if (isTTY) {
fprintf(output, "\n"); fprintf(output, "\n");
diff --git a/src/pesign.c b/src/pesign.c Index: pesign-0.111/src/pesign.c
index ff4f2bf..40a1e43 100644 ===================================================================
--- a/src/pesign.c --- pesign-0.111.orig/src/pesign.c
+++ b/src/pesign.c +++ pesign-0.111/src/pesign.c
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx) @@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
addr = pe_rawfile(ctx->inpe, &size); addr = pe_rawfile(ctx->inpe, &size);
@ -98,18 +98,18 @@ index ff4f2bf..40a1e43 100644
+ } + }
lseek(ctx->outfd, 0, SEEK_SET); lseek(ctx->outfd, 0, SEEK_SET);
- write(ctx->outfd, addr, size); - write(ctx->outfd, addr, size);
+ if (write(ctx->outfd, addr, size) != size) { + if ((size_t)write(ctx->outfd, addr, size) != size) {
+ fprintf(stderr, "pesign: could not write output file: %m\n"); + fprintf(stderr, "pesign: could not write output file: %m\n");
+ exit(1); + exit(1);
+ } + }
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
diff --git a/src/signed_data.c b/src/signed_data.c Index: pesign-0.111/src/signed_data.c
index 2fa1cdd..247ec57 100644 ===================================================================
--- a/src/signed_data.c --- pesign-0.111.orig/src/signed_data.c
+++ b/src/signed_data.c +++ pesign-0.111/src/signed_data.c
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S @@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm
SpcSignerInfo **signerInfo_list; SpcSignerInfo **signerInfo_list;
int err, rc; int err, rc;

View File

@ -1,30 +0,0 @@
From b5f822be1da9c8e4f6e04286b4b7ab73165478ab Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 25 Nov 2014 15:28:40 +0800
Subject: [PATCH] Correct the signature size check
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/actions.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/actions.c b/src/actions.c
index 74a34e3..44c9675 100644
--- a/src/actions.c
+++ b/src/actions.c
@@ -416,10 +416,9 @@ check_signature_space(pesign_context *ctx)
ssize_t available = available_cert_space(ctx->outpe);
ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
- if (available == target)
- return;
+ target += ALIGNMENT_PADDING(target, 8);
- if (target + 8 > available)
+ if (available >= target)
return;
fprintf(stderr, "Could not add new signature: insufficient space.\n");
--
2.1.2

71
pesign-fix-signness.patch Normal file
View File

@ -0,0 +1,71 @@
From ae2520e013caf4f5d0dae89623dc08925d6cd472 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 28 Oct 2015 15:58:07 -0400
Subject: [PATCH] Fix one more -Wsign-compare problem I missed.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/daemon.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c
index 02b7352..175c874 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -194,7 +194,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -202,10 +202,10 @@ malformed:
goto malformed;
pesignd_string *tp = pesignd_string_next(tn);
- if (n < (long long)sizeof(tp->size))
+ if ((size_t)n < sizeof(tp->size))
goto malformed;
n -= sizeof(tp->size);
- if (n < tp->size)
+ if ((size_t)n < tp->size)
goto malformed;
n -= tp->size;
@@ -298,7 +298,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -487,7 +487,7 @@ malformed:
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -497,11 +497,11 @@ malformed:
if (!ctx->cms->tokenname)
goto oom;
- if (n < (long long)sizeof(tn->size))
+ if ((size_t)n < sizeof(tn->size))
goto malformed;
pesignd_string *cn = pesignd_string_next(tn);
n -= sizeof(cn->size);
- if (n < cn->size)
+ if ((size_t)n < cn->size)
goto malformed;
ctx->cms->certname = PORT_ArenaStrdup(ctx->cms->arena,
--
2.6.2

View File

@ -1,23 +0,0 @@
diff --git a/src/Makefile b/src/Makefile
index 4c86a2a..062b544 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -79,14 +79,16 @@ install :
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/

View File

@ -1,107 +0,0 @@
From 727f93f8ea3dc467694d541d28ba4f1ed0e0a671 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 7 Nov 2014 14:09:41 -0500
Subject: [PATCH] make efi_guid_t's const.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/cms_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index a360961..7e032c8 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -45,7 +45,7 @@ struct digest_param {
SECOidTag digest_tag;
SECOidTag signature_tag;
SECOidTag digest_encryption_tag;
- efi_guid_t *efi_guid;
+ const efi_guid_t *efi_guid;
int size;
};
--
2.1.4
From ac9de615112114e222527b2eabc9b7f2642f01fe Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 26 May 2015 09:42:32 -0400
Subject: [PATCH] Propogate some "const" declarations better.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/efisiglist.c | 2 +-
src/siglist.c | 8 ++++----
src/siglist.h | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/efisiglist.c b/src/efisiglist.c
index aedfc4c..a078640 100644
--- a/src/efisiglist.c
+++ b/src/efisiglist.c
@@ -32,7 +32,7 @@
struct hash_param {
char *name;
- efi_guid_t *guid;
+ const efi_guid_t *guid;
int size;
};
diff --git a/src/siglist.c b/src/siglist.c
index 38a9a2a..a7154aa 100644
--- a/src/siglist.c
+++ b/src/siglist.c
@@ -51,7 +51,7 @@ struct efi_signature_list {
};
struct signature_list {
- efi_guid_t *SignatureType;
+ const efi_guid_t *SignatureType;
uint32_t SignatureListSize;
uint32_t SignatureHeaderSize;
uint32_t SignatureSize;
@@ -60,7 +60,7 @@ struct signature_list {
};
struct sig_type {
- efi_guid_t *type;
+ const efi_guid_t *type;
uint32_t size;
};
@@ -78,7 +78,7 @@ static struct sig_type sig_types[] = {
static int num_sig_types = sizeof (sig_types) / sizeof (struct sig_type);
static int32_t
-get_sig_type_size(efi_guid_t *sig_type)
+get_sig_type_size(const efi_guid_t *sig_type)
{
for (int i = 0; i < num_sig_types; i++) {
if (!memcmp(sig_type, sig_types[i].type, sizeof (*sig_type)))
@@ -88,7 +88,7 @@ get_sig_type_size(efi_guid_t *sig_type)
}
signature_list *
-signature_list_new(efi_guid_t *SignatureType)
+signature_list_new(const efi_guid_t *SignatureType)
{
int32_t size = get_sig_type_size(SignatureType);
if (size < 0)
diff --git a/src/siglist.h b/src/siglist.h
index e789264..2b72a27 100644
--- a/src/siglist.h
+++ b/src/siglist.h
@@ -21,7 +21,7 @@
typedef struct signature_list signature_list;
-extern signature_list *signature_list_new(efi_guid_t *SignatureType);
+extern signature_list *signature_list_new(const efi_guid_t *SignatureType);
extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
uint8_t *sig, uint32_t sigsize);
extern int signature_list_realize(signature_list *sl,
--
2.1.4

View File

@ -4,9 +4,11 @@
src/pesign.c | 1 + src/pesign.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-) 3 files changed, 12 insertions(+), 2 deletions(-)
--- a/src/cms_common.c Index: pesign-0.111/src/cms_common.c
+++ b/src/cms_common.c ===================================================================
@@ -272,6 +272,7 @@ struct cbdata { --- pesign-0.111.orig/src/cms_common.c
+++ pesign-0.111/src/cms_common.c
@@ -280,6 +280,7 @@ struct cbdata {
CERTCertificate *cert; CERTCertificate *cert;
PK11SlotListElement *psle; PK11SlotListElement *psle;
secuPWData *pwdata; secuPWData *pwdata;
@ -14,7 +16,7 @@
}; };
static SECStatus static SECStatus
@@ -283,6 +284,12 @@ is_valid_cert(CERTCertificate *cert, voi @@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
void *pwdata = cbdata->pwdata; void *pwdata = cbdata->pwdata;
SECKEYPrivateKey *privkey = NULL; SECKEYPrivateKey *privkey = NULL;
@ -27,7 +29,7 @@
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) { if (privkey != NULL) {
cbdata->cert = cert; cbdata->cert = cert;
@@ -413,7 +420,7 @@ find_certificate(cms_context *cms, int n @@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
} }
SECStatus status; SECStatus status;
@ -36,7 +38,7 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) { if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle); PK11_DestroySlotListElement(slots, &psle);
@@ -442,6 +449,7 @@ find_certificate(cms_context *cms, int n @@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
.cert = NULL, .cert = NULL,
.psle = psle, .psle = psle,
.pwdata = pwdata, .pwdata = pwdata,
@ -44,7 +46,7 @@
}; };
if (needs_private_key) { if (needs_private_key) {
@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms, @@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
} }
SECStatus status; SECStatus status;
@ -53,8 +55,10 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) { if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle); PK11_DestroySlotListElement(slots, &psle);
--- a/src/cms_common.h Index: pesign-0.111/src/cms_common.h
+++ b/src/cms_common.h ===================================================================
--- pesign-0.111.orig/src/cms_common.h
+++ pesign-0.111/src/cms_common.h
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct @@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context { typedef struct cms_context {
PRArenaPool *arena; PRArenaPool *arena;
@ -63,9 +67,11 @@
char *tokenname; char *tokenname;
char *certname; char *certname;
--- a/src/pesign.c Index: pesign-0.111/src/pesign.c
+++ b/src/pesign.c ===================================================================
@@ -626,6 +626,7 @@ main(int argc, char *argv[]) --- pesign-0.111.orig/src/pesign.c
+++ pesign-0.111/src/pesign.c
@@ -651,6 +651,7 @@ main(int argc, char *argv[])
*/ */
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp); check_inputs(ctxp);

View File

@ -6,19 +6,23 @@
src/tmpfiles.conf | 2 +- src/tmpfiles.conf | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-) 5 files changed, 12 insertions(+), 12 deletions(-)
--- a/src/Makefile Index: pesign-0.111/src/Makefile
+++ b/src/Makefile ===================================================================
@@ -74,7 +74,7 @@ install_sysvinit: --- pesign-0.111.orig/src/Makefile
+++ pesign-0.111/src/Makefile
@@ -65,7 +65,7 @@ install_sysvinit: pesign.sysvinit
install : install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/ - $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/ + $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client $(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
--- a/src/daemon.h Index: pesign-0.111/src/daemon.h
+++ b/src/daemon.h ===================================================================
--- pesign-0.111.orig/src/daemon.h
+++ pesign-0.111/src/daemon.h
@@ -49,7 +49,7 @@ typedef enum { @@ -49,7 +49,7 @@ typedef enum {
} pesignd_cmd; } pesignd_cmd;
@ -29,8 +33,10 @@
+#define PIDFILE "/run/pesign.pid" +#define PIDFILE "/run/pesign.pid"
#endif /* DAEMON_H */ #endif /* DAEMON_H */
--- a/src/macros.pesign Index: pesign-0.111/src/macros.pesign
+++ b/src/macros.pesign ===================================================================
--- pesign-0.111.orig/src/macros.pesign
+++ pesign-0.111/src/macros.pesign
@@ -36,7 +36,7 @@ @@ -36,7 +36,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\ %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \ --certdir ${nss} -c signer %{-o} \
@ -40,8 +46,17 @@
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\ %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\ -c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \ %{-i} %{-o} %{-e} %{-s} %{-C} \
--- a/src/pesign.sysvinit Index: pesign-0.111/src/tmpfiles.conf
+++ b/src/pesign.sysvinit ===================================================================
--- pesign-0.111.orig/src/tmpfiles.conf
+++ pesign-0.111/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -
Index: pesign-0.111/src/pesign.sysvinit.in
===================================================================
--- pesign-0.111.orig/src/pesign.sysvinit.in
+++ pesign-0.111/src/pesign.sysvinit.in
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
# #
# chkconfig: - 50 50 # chkconfig: - 50 50
@ -51,38 +66,44 @@
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: pesign # Provides: pesign
# Should-Start: $remote_fs # Should-Start: $remote_fs
@@ -19,7 +19,7 @@ Index: pesign-0.111/src/pesign.service.in
===================================================================
--- pesign-0.111.orig/src/pesign.service.in
+++ pesign-0.111/src/pesign.service.in
@@ -4,7 +4,7 @@ Description=Pesign signing daemon
[Service]
PrivateTmp=true
Type=forking
-PIDFile=/var/run/pesign.pid
+PIDFile=/run/pesign.pid
ExecStart=/usr/bin/pesign --daemonize
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
Index: pesign-0.111/src/pesign-authorize-groups
===================================================================
--- pesign-0.111.orig/src/pesign-authorize-groups
+++ pesign-0.111/src/pesign-authorize-groups
@@ -11,7 +11,7 @@
[ -f /usr/bin/pesign ] || exit 1 if [[ -r /etc/pesign/groups ]]; then
for group in $(cat /etc/pesign/groups); do
- setfacl -m g:${group}:rx /var/run/pesign
- setfacl -m g:${group}:rw /var/run/pesign/socket
+ setfacl -m g:${group}:rx /run/pesign
+ setfacl -m g:${group}:rw /run/pesign/socket
done
fi
Index: pesign-0.111/src/pesign-authorize-users
===================================================================
--- pesign-0.111.orig/src/pesign-authorize-users
+++ pesign-0.111/src/pesign-authorize-users
@@ -11,7 +11,7 @@
-PESIGN_PIDFILE=/var/run/pesign.pid if [[ -r /etc/pesign/users ]]; then
+PESIGN_PIDFILE=/run/pesign.pid for username in $(cat /etc/pesign/users); do
RETVAL=0 - setfacl -m u:${username}:rx /var/run/pesign
- setfacl -m u:${username}:rw /var/run/pesign/socket
start(){ + setfacl -m u:${username}:rx /run/pesign
@@ -28,15 +28,15 @@ start(){ + setfacl -m u:${username}:rw /run/pesign/socket
RETVAL=$? done
echo fi
touch /var/lock/subsys/pesign
- setfacl -m u:kojibuilder:x /var/run/pesign
- setfacl -m u:kojibuilder:rw /var/run/pesign/socket
- setfacl -m g:kojibuilder:x /var/run/pesign
- setfacl -m g:kojibuilder:rw /var/run/pesign/socket
+ setfacl -m u:kojibuilder:x /run/pesign
+ setfacl -m u:kojibuilder:rw /run/pesign/socket
+ setfacl -m g:kojibuilder:x /run/pesign
+ setfacl -m g:kojibuilder:rw /run/pesign/socket
}
stop(){
echo -n "Stopping pesign: "
- killproc -p /var/run/pesign.pid pesignd
+ killproc -p /run/pesign.pid pesignd
RETVAL=$?
echo
rm -f /var/lock/subsys/pesign
--- a/src/tmpfiles.conf
+++ b/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -

View File

@ -1,67 +1,44 @@
diff --git a/Make.defaults b/Make.defaults Index: pesign-0.111/util/Makefile
index 95ba9d5..c03bf70 100644 ===================================================================
--- a/Make.defaults --- pesign-0.111.orig/util/Makefile
+++ b/Make.defaults +++ pesign-0.111/util/Makefile
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) @@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) include $(TOPDIR)/Make.defaults
INCDIR = -I$(TOPDIR)/include
CPPFLAGS = -DCONFIG_$(ARCH)
-CFLAGS = -g -O0
+OPTFLAGS = -g -O0
+CFLAGS = $(OPTFLAGS)
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
ASFLAGS = $(ARCH3264)
LDFLAGS = -nostdlib
@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
ifeq ($(ARCH),ia64) FORMAT=efi-app-$(HOSTARCH)
CFLAGS += -mfixed-range=f32-f127 -LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
- LIBDIR = $(PREFIX)/lib64 +LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
+ LIBDIR = $(PREFIX)/lib LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
endif CCLDFLAGS =
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
@@ -20,8 +20,8 @@ clean :
@rm -rfv *.o *.a *.so .*.d $(TARGETS)
ifeq ($(ARCH), ia32) install :
@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64) - $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
endif - $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
endif + $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ifeq ($(ARCH), aarch64) install_systemd:
+ LIBDIR := $(PREFIX)/lib64
+endif
diff --git a/Make.rules b/Make.rules
index 2749521..3553a03 100644
--- a/Make.rules
+++ b/Make.rules
@@ -2,10 +2,11 @@
$(AR) -cvqs $@ $^
% : %.o Index: pesign-0.111/src/pesign.sysvinit.in
- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread ===================================================================
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread --- pesign-0.111.orig/src/pesign.sysvinit.in
+++ pesign-0.111/src/pesign.sysvinit.in
%.so : @@ -6,21 +6,24 @@
$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
%.o: %.c
$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
index ea37c58..120a49c 100644
--- a/src/pesign.sysvinit
+++ b/src/pesign.sysvinit
@@ -6,21 +6,25 @@
# processname: /usr/bin/pesign # processname: /usr/bin/pesign
# pidfile: /var/run/pesign.pid # pidfile: /var/run/pesign.pid
### BEGIN INIT INFO ### BEGIN INIT INFO
-# Provides: pesign -# Provides: pesign
-# Default-Start: -# Default-Start:
-# Default-Stop:
+# Provides: pesign +# Provides: pesign
+# Should-Start: $remote_fs +# Should-Start: $remote_fs
+# Should-Stop: $remote_fs +# Should-Stop: $remote_fs
+# Required-Start: +# Required-Start:
+# Required-Stop: +# Required-Stop:
+# Default-Start: 2 3 5 +# Default-Start: 2 3 5
# Default-Stop:
# Short-Description: The pesign PE signing daemon # Short-Description: The pesign PE signing daemon
# Description: The pesign PE signing daemon # Description: The pesign PE signing daemon
### END INIT INFO ### END INIT INFO
@ -79,27 +56,37 @@ index ea37c58..120a49c 100644
RETVAL=$? RETVAL=$?
echo echo
touch /var/lock/subsys/pesign touch /var/lock/subsys/pesign
diff --git a/util/Makefile b/util/Makefile @@ -30,7 +33,7 @@ start(){
index ff11cb8..5d4cebb 100644
--- a/util/Makefile
+++ b/util/Makefile
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
FORMAT=efi-app-$(HOSTARCH) stop(){
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) echo -n "Stopping pesign: "
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) - killproc -p /var/run/pesign.pid pesignd
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name) + killproc -p /run/pesign.pid pesignd
CCLDFLAGS = RETVAL=$?
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration echo
@@ -17,8 +17,8 @@ clean : rm -f /var/lock/subsys/pesign
@rm -rfv *.o *.a *.so $(TARGETS) Index: pesign-0.111/Make.defaults
===================================================================
--- pesign-0.111.orig/Make.defaults
+++ pesign-0.111/Make.defaults
@@ -55,7 +55,7 @@ efi_cflags = $(cflags)
ASFLAGS = $(ARCH3264)
CPPFLAGS ?=
-LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
+LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
ifeq ($(ARCH),ia64)
efi_cflags += -mfixed-range=f32-f127
Index: pesign-0.111/Makefile
===================================================================
--- pesign-0.111.orig/Makefile
+++ pesign-0.111/Makefile
@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src
install : install :
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/ - $(INSTALL) -pm 644 COPYING $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/ @set -e ; for x in $(SUBDIRS) ; do \
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/ $(MAKE) -C $$x $@ ; \
done
.PHONY: all clean install

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Nov 10 07:59:48 UTC 2015 - glin@suse.com
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
+ pesign-efivar-pkgconfig.patch
+ pesign-make-efi_guid_t-const.patch
+ pesign-fix-import-sig-check.patch
+ pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org

View File

@ -17,7 +17,7 @@
Name: pesign Name: pesign
Version: 0.110 Version: 0.111
Release: 0 Release: 0
Summary: Signing tool for PE-COFF binaries Summary: Signing tool for PE-COFF binaries
License: GPL-2.0 License: GPL-2.0
@ -30,20 +30,12 @@ Patch1: pesign-suse-build.patch
Patch2: pesign-fix-build-errors.patch Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff Patch3: pesign-privkey_unneeded.diff
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
Patch4: use-standard-pid-location.patch
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
Patch5: pesign-run.patch Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar # PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch Patch6: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs # PATCH-FIX-UPSTREAM pesign-fix-signness.patch glin@suse.com -- Fix the signness comparison
Patch7: pesign-install-supplementary-programs.patch Patch7: pesign-fix-signness.patch
# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch glin@suse.com -- Fix the signature size check while importing a signature
Patch8: pesign-fix-import-sig-check.patch
# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch glin@suse.com -- Make efivar compiler parameters come from pkg-config
Patch9: pesign-efivar-pkgconfig.patch
# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch glin@suse.com -- make efi_guid_t's const
Patch10: pesign-make-efi_guid_t-const.patch
BuildRequires: efivar-devel BuildRequires: efivar-devel
BuildRequires: libuuid-devel BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel BuildRequires: mozilla-nss-devel
@ -63,23 +55,19 @@ with the PE and Authenticode specifications.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build %build
make %{?_smp_mflags} OPTFLAGS="%{optflags}" make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
%install %install
make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages install make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_sbindir}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir} install_systemd
# create rcsymlink # create rcsymlink
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
@ -113,6 +101,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
%{_bindir}/efisiglist %{_bindir}/efisiglist
%{_bindir}/authvar %{_bindir}/authvar
%{_sbindir}/rcpesign %{_sbindir}/rcpesign
%dir %{_sysconfdir}/pesign
%{_sysconfdir}/pesign/*
%dir %{_sysconfdir}/popt.d %dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt %config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/ %{_sysconfdir}/pki/
@ -121,6 +111,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
%{_localstatedir}/lib/pesign %{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service %{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf %{_libexecdir}/tmpfiles.d/pesign.conf
%dir %{_libexecdir}/pesign
%{_libexecdir}/pesign/pesign-authorize-*
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name} %ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}

View File

@ -1,9 +0,0 @@
--- a/src/pesign.service
+++ b/src/pesign.service
@@ -4,5 +4,5 @@
[Service]
PrivateTmp=true
Type=forking
-PIDFile=/var/run/pesign.pid
+PIDFile=/run/pesign.pid
ExecStart=/usr/bin/pesign --daemonize