forked from pool/pesign
Accepting request 346966 from Base:System
- Update to 0.111 - Add pesign-fix-signness.patch to fix the signness comparison - Drop upstreamed patches + pesign-efivar-pkgconfig.patch + pesign-make-efi_guid_t-const.patch + pesign-fix-import-sig-check.patch + pesign-install-supplementary-programs.patch - Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff, and pesign-run.patch - Update pesign-fix-build-errors.patch - Merge use-standard-pid-location.patch into pesign-run.patch OBS-URL: https://build.opensuse.org/request/show/346966 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=25
This commit is contained in:
commit
2685a40d0e
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
|
||||
size 87420
|
3
pesign-0.111.tar.bz2
Normal file
3
pesign-0.111.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c6d52cbf1d8551be94497a96380d3b0497be331f9eb0af6250a854c0bc2225b9
|
||||
size 89630
|
@ -1,28 +0,0 @@
|
||||
From 2a1de2b6535161b1bd600ec2262e81e9f7aeffcc Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 26 May 2015 09:43:10 -0400
|
||||
Subject: [PATCH] Make efivar compiler parameters come from pkg-config.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/Makefile | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index 007505c..dd69425 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -3,8 +3,8 @@ TOPDIR = $(SRCDIR)/..
|
||||
|
||||
include $(TOPDIR)/Make.defaults
|
||||
|
||||
-PKLIBS = nss
|
||||
-LIBS = popt uuid efivar
|
||||
+PKLIBS = nss efivar
|
||||
+LIBS = popt uuid
|
||||
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
|
||||
LDFLAGS =
|
||||
CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
|
||||
--
|
||||
2.1.4
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff --git a/src/daemon.c b/src/daemon.c
|
||||
index c14b64b..5652ba1 100644
|
||||
--- a/src/daemon.c
|
||||
+++ b/src/daemon.c
|
||||
Index: pesign-0.111/src/daemon.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/daemon.c
|
||||
+++ pesign-0.111/src/daemon.c
|
||||
@@ -544,7 +544,11 @@ malformed:
|
||||
if (rc < 0) {
|
||||
err_attached:
|
||||
@ -55,7 +55,7 @@ index c14b64b..5652ba1 100644
|
||||
}
|
||||
|
||||
finish:
|
||||
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
||||
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -69,11 +69,11 @@ index c14b64b..5652ba1 100644
|
||||
|
||||
if (getuid() == 0) {
|
||||
/* process is running as root, drop privileges */
|
||||
diff --git a/src/password.c b/src/password.c
|
||||
index 43186df..9a9c911 100644
|
||||
--- a/src/password.c
|
||||
+++ b/src/password.c
|
||||
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
|
||||
Index: pesign-0.111/src/password.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/password.c
|
||||
+++ pesign-0.111/src/password.c
|
||||
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input
|
||||
echoOff(infd);
|
||||
}
|
||||
|
||||
@ -83,10 +83,10 @@ index 43186df..9a9c911 100644
|
||||
|
||||
if (isTTY) {
|
||||
fprintf(output, "\n");
|
||||
diff --git a/src/pesign.c b/src/pesign.c
|
||||
index ff4f2bf..40a1e43 100644
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
Index: pesign-0.111/src/pesign.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign.c
|
||||
+++ pesign-0.111/src/pesign.c
|
||||
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
|
||||
|
||||
addr = pe_rawfile(ctx->inpe, &size);
|
||||
@ -98,18 +98,18 @@ index ff4f2bf..40a1e43 100644
|
||||
+ }
|
||||
lseek(ctx->outfd, 0, SEEK_SET);
|
||||
- write(ctx->outfd, addr, size);
|
||||
+ if (write(ctx->outfd, addr, size) != size) {
|
||||
+ if ((size_t)write(ctx->outfd, addr, size) != size) {
|
||||
+ fprintf(stderr, "pesign: could not write output file: %m\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
|
||||
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
|
||||
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
|
||||
diff --git a/src/signed_data.c b/src/signed_data.c
|
||||
index 2fa1cdd..247ec57 100644
|
||||
--- a/src/signed_data.c
|
||||
+++ b/src/signed_data.c
|
||||
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
|
||||
Index: pesign-0.111/src/signed_data.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/signed_data.c
|
||||
+++ pesign-0.111/src/signed_data.c
|
||||
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm
|
||||
SpcSignerInfo **signerInfo_list;
|
||||
int err, rc;
|
||||
|
||||
|
@ -1,30 +0,0 @@
|
||||
From b5f822be1da9c8e4f6e04286b4b7ab73165478ab Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Tue, 25 Nov 2014 15:28:40 +0800
|
||||
Subject: [PATCH] Correct the signature size check
|
||||
|
||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
||||
---
|
||||
src/actions.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/actions.c b/src/actions.c
|
||||
index 74a34e3..44c9675 100644
|
||||
--- a/src/actions.c
|
||||
+++ b/src/actions.c
|
||||
@@ -416,10 +416,9 @@ check_signature_space(pesign_context *ctx)
|
||||
ssize_t available = available_cert_space(ctx->outpe);
|
||||
ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
|
||||
|
||||
- if (available == target)
|
||||
- return;
|
||||
+ target += ALIGNMENT_PADDING(target, 8);
|
||||
|
||||
- if (target + 8 > available)
|
||||
+ if (available >= target)
|
||||
return;
|
||||
|
||||
fprintf(stderr, "Could not add new signature: insufficient space.\n");
|
||||
--
|
||||
2.1.2
|
||||
|
71
pesign-fix-signness.patch
Normal file
71
pesign-fix-signness.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From ae2520e013caf4f5d0dae89623dc08925d6cd472 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 28 Oct 2015 15:58:07 -0400
|
||||
Subject: [PATCH] Fix one more -Wsign-compare problem I missed.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/daemon.c | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/daemon.c b/src/daemon.c
|
||||
index 02b7352..175c874 100644
|
||||
--- a/src/daemon.c
|
||||
+++ b/src/daemon.c
|
||||
@@ -194,7 +194,7 @@ malformed:
|
||||
return;
|
||||
}
|
||||
n -= sizeof(tn->size);
|
||||
- if (n < tn->size)
|
||||
+ if ((size_t)n < tn->size)
|
||||
goto malformed;
|
||||
n -= tn->size;
|
||||
|
||||
@@ -202,10 +202,10 @@ malformed:
|
||||
goto malformed;
|
||||
|
||||
pesignd_string *tp = pesignd_string_next(tn);
|
||||
- if (n < (long long)sizeof(tp->size))
|
||||
+ if ((size_t)n < sizeof(tp->size))
|
||||
goto malformed;
|
||||
n -= sizeof(tp->size);
|
||||
- if (n < tp->size)
|
||||
+ if ((size_t)n < tp->size)
|
||||
goto malformed;
|
||||
n -= tp->size;
|
||||
|
||||
@@ -298,7 +298,7 @@ malformed:
|
||||
return;
|
||||
}
|
||||
n -= sizeof(tn->size);
|
||||
- if (n < tn->size)
|
||||
+ if ((size_t)n < tn->size)
|
||||
goto malformed;
|
||||
n -= tn->size;
|
||||
|
||||
@@ -487,7 +487,7 @@ malformed:
|
||||
}
|
||||
|
||||
n -= sizeof(tn->size);
|
||||
- if (n < tn->size)
|
||||
+ if ((size_t)n < tn->size)
|
||||
goto malformed;
|
||||
n -= tn->size;
|
||||
|
||||
@@ -497,11 +497,11 @@ malformed:
|
||||
if (!ctx->cms->tokenname)
|
||||
goto oom;
|
||||
|
||||
- if (n < (long long)sizeof(tn->size))
|
||||
+ if ((size_t)n < sizeof(tn->size))
|
||||
goto malformed;
|
||||
pesignd_string *cn = pesignd_string_next(tn);
|
||||
n -= sizeof(cn->size);
|
||||
- if (n < cn->size)
|
||||
+ if ((size_t)n < cn->size)
|
||||
goto malformed;
|
||||
|
||||
ctx->cms->certname = PORT_ArenaStrdup(ctx->cms->arena,
|
||||
--
|
||||
2.6.2
|
||||
|
@ -1,23 +0,0 @@
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index 4c86a2a..062b544 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -79,14 +79,16 @@ install :
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
|
||||
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
|
||||
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
|
||||
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
||||
|
@ -1,107 +0,0 @@
|
||||
From 727f93f8ea3dc467694d541d28ba4f1ed0e0a671 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Fri, 7 Nov 2014 14:09:41 -0500
|
||||
Subject: [PATCH] make efi_guid_t's const.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/cms_common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/cms_common.c b/src/cms_common.c
|
||||
index a360961..7e032c8 100644
|
||||
--- a/src/cms_common.c
|
||||
+++ b/src/cms_common.c
|
||||
@@ -45,7 +45,7 @@ struct digest_param {
|
||||
SECOidTag digest_tag;
|
||||
SECOidTag signature_tag;
|
||||
SECOidTag digest_encryption_tag;
|
||||
- efi_guid_t *efi_guid;
|
||||
+ const efi_guid_t *efi_guid;
|
||||
int size;
|
||||
};
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
||||
From ac9de615112114e222527b2eabc9b7f2642f01fe Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 26 May 2015 09:42:32 -0400
|
||||
Subject: [PATCH] Propogate some "const" declarations better.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/efisiglist.c | 2 +-
|
||||
src/siglist.c | 8 ++++----
|
||||
src/siglist.h | 2 +-
|
||||
3 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/efisiglist.c b/src/efisiglist.c
|
||||
index aedfc4c..a078640 100644
|
||||
--- a/src/efisiglist.c
|
||||
+++ b/src/efisiglist.c
|
||||
@@ -32,7 +32,7 @@
|
||||
|
||||
struct hash_param {
|
||||
char *name;
|
||||
- efi_guid_t *guid;
|
||||
+ const efi_guid_t *guid;
|
||||
int size;
|
||||
};
|
||||
|
||||
diff --git a/src/siglist.c b/src/siglist.c
|
||||
index 38a9a2a..a7154aa 100644
|
||||
--- a/src/siglist.c
|
||||
+++ b/src/siglist.c
|
||||
@@ -51,7 +51,7 @@ struct efi_signature_list {
|
||||
};
|
||||
|
||||
struct signature_list {
|
||||
- efi_guid_t *SignatureType;
|
||||
+ const efi_guid_t *SignatureType;
|
||||
uint32_t SignatureListSize;
|
||||
uint32_t SignatureHeaderSize;
|
||||
uint32_t SignatureSize;
|
||||
@@ -60,7 +60,7 @@ struct signature_list {
|
||||
};
|
||||
|
||||
struct sig_type {
|
||||
- efi_guid_t *type;
|
||||
+ const efi_guid_t *type;
|
||||
uint32_t size;
|
||||
};
|
||||
|
||||
@@ -78,7 +78,7 @@ static struct sig_type sig_types[] = {
|
||||
static int num_sig_types = sizeof (sig_types) / sizeof (struct sig_type);
|
||||
|
||||
static int32_t
|
||||
-get_sig_type_size(efi_guid_t *sig_type)
|
||||
+get_sig_type_size(const efi_guid_t *sig_type)
|
||||
{
|
||||
for (int i = 0; i < num_sig_types; i++) {
|
||||
if (!memcmp(sig_type, sig_types[i].type, sizeof (*sig_type)))
|
||||
@@ -88,7 +88,7 @@ get_sig_type_size(efi_guid_t *sig_type)
|
||||
}
|
||||
|
||||
signature_list *
|
||||
-signature_list_new(efi_guid_t *SignatureType)
|
||||
+signature_list_new(const efi_guid_t *SignatureType)
|
||||
{
|
||||
int32_t size = get_sig_type_size(SignatureType);
|
||||
if (size < 0)
|
||||
diff --git a/src/siglist.h b/src/siglist.h
|
||||
index e789264..2b72a27 100644
|
||||
--- a/src/siglist.h
|
||||
+++ b/src/siglist.h
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
typedef struct signature_list signature_list;
|
||||
|
||||
-extern signature_list *signature_list_new(efi_guid_t *SignatureType);
|
||||
+extern signature_list *signature_list_new(const efi_guid_t *SignatureType);
|
||||
extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
|
||||
uint8_t *sig, uint32_t sigsize);
|
||||
extern int signature_list_realize(signature_list *sl,
|
||||
--
|
||||
2.1.4
|
||||
|
@ -4,9 +4,11 @@
|
||||
src/pesign.c | 1 +
|
||||
3 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/cms_common.c
|
||||
+++ b/src/cms_common.c
|
||||
@@ -272,6 +272,7 @@ struct cbdata {
|
||||
Index: pesign-0.111/src/cms_common.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/cms_common.c
|
||||
+++ pesign-0.111/src/cms_common.c
|
||||
@@ -280,6 +280,7 @@ struct cbdata {
|
||||
CERTCertificate *cert;
|
||||
PK11SlotListElement *psle;
|
||||
secuPWData *pwdata;
|
||||
@ -14,7 +16,7 @@
|
||||
};
|
||||
|
||||
static SECStatus
|
||||
@@ -283,6 +284,12 @@ is_valid_cert(CERTCertificate *cert, voi
|
||||
@@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
|
||||
void *pwdata = cbdata->pwdata;
|
||||
|
||||
SECKEYPrivateKey *privkey = NULL;
|
||||
@ -27,7 +29,7 @@
|
||||
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
|
||||
if (privkey != NULL) {
|
||||
cbdata->cert = cert;
|
||||
@@ -413,7 +420,7 @@ find_certificate(cms_context *cms, int n
|
||||
@@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
|
||||
}
|
||||
|
||||
SECStatus status;
|
||||
@ -36,7 +38,7 @@
|
||||
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
|
||||
if (status != SECSuccess) {
|
||||
PK11_DestroySlotListElement(slots, &psle);
|
||||
@@ -442,6 +449,7 @@ find_certificate(cms_context *cms, int n
|
||||
@@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
|
||||
.cert = NULL,
|
||||
.psle = psle,
|
||||
.pwdata = pwdata,
|
||||
@ -44,7 +46,7 @@
|
||||
};
|
||||
|
||||
if (needs_private_key) {
|
||||
@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms,
|
||||
@@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
|
||||
}
|
||||
|
||||
SECStatus status;
|
||||
@ -53,8 +55,10 @@
|
||||
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
|
||||
if (status != SECSuccess) {
|
||||
PK11_DestroySlotListElement(slots, &psle);
|
||||
--- a/src/cms_common.h
|
||||
+++ b/src/cms_common.h
|
||||
Index: pesign-0.111/src/cms_common.h
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/cms_common.h
|
||||
+++ pesign-0.111/src/cms_common.h
|
||||
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
|
||||
typedef struct cms_context {
|
||||
PRArenaPool *arena;
|
||||
@ -63,9 +67,11 @@
|
||||
|
||||
char *tokenname;
|
||||
char *certname;
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
@@ -626,6 +626,7 @@ main(int argc, char *argv[])
|
||||
Index: pesign-0.111/src/pesign.c
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign.c
|
||||
+++ pesign-0.111/src/pesign.c
|
||||
@@ -651,6 +651,7 @@ main(int argc, char *argv[])
|
||||
*/
|
||||
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
|
||||
check_inputs(ctxp);
|
||||
|
111
pesign-run.patch
111
pesign-run.patch
@ -6,19 +6,23 @@
|
||||
src/tmpfiles.conf | 2 +-
|
||||
5 files changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -74,7 +74,7 @@ install_sysvinit:
|
||||
Index: pesign-0.111/src/Makefile
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/Makefile
|
||||
+++ pesign-0.111/src/Makefile
|
||||
@@ -65,7 +65,7 @@ install_sysvinit: pesign.sysvinit
|
||||
|
||||
install :
|
||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
||||
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||
--- a/src/daemon.h
|
||||
+++ b/src/daemon.h
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
|
||||
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
|
||||
Index: pesign-0.111/src/daemon.h
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/daemon.h
|
||||
+++ pesign-0.111/src/daemon.h
|
||||
@@ -49,7 +49,7 @@ typedef enum {
|
||||
} pesignd_cmd;
|
||||
|
||||
@ -29,8 +33,10 @@
|
||||
+#define PIDFILE "/run/pesign.pid"
|
||||
|
||||
#endif /* DAEMON_H */
|
||||
--- a/src/macros.pesign
|
||||
+++ b/src/macros.pesign
|
||||
Index: pesign-0.111/src/macros.pesign
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/macros.pesign
|
||||
+++ pesign-0.111/src/macros.pesign
|
||||
@@ -36,7 +36,7 @@
|
||||
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
|
||||
--certdir ${nss} -c signer %{-o} \
|
||||
@ -40,8 +46,17 @@
|
||||
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
|
||||
-c "/CN=Fedora Secure Boot Signer" \\\
|
||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||
--- a/src/pesign.sysvinit
|
||||
+++ b/src/pesign.sysvinit
|
||||
Index: pesign-0.111/src/tmpfiles.conf
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/tmpfiles.conf
|
||||
+++ pesign-0.111/src/tmpfiles.conf
|
||||
@@ -1 +1 @@
|
||||
-D /var/run/pesign 0770 pesign pesign -
|
||||
+D /run/pesign 0770 pesign pesign -
|
||||
Index: pesign-0.111/src/pesign.sysvinit.in
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign.sysvinit.in
|
||||
+++ pesign-0.111/src/pesign.sysvinit.in
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
# chkconfig: - 50 50
|
||||
@ -51,38 +66,44 @@
|
||||
### BEGIN INIT INFO
|
||||
# Provides: pesign
|
||||
# Should-Start: $remote_fs
|
||||
@@ -19,7 +19,7 @@
|
||||
Index: pesign-0.111/src/pesign.service.in
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign.service.in
|
||||
+++ pesign-0.111/src/pesign.service.in
|
||||
@@ -4,7 +4,7 @@ Description=Pesign signing daemon
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
-PIDFile=/var/run/pesign.pid
|
||||
+PIDFile=/run/pesign.pid
|
||||
ExecStart=/usr/bin/pesign --daemonize
|
||||
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
|
||||
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
|
||||
Index: pesign-0.111/src/pesign-authorize-groups
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign-authorize-groups
|
||||
+++ pesign-0.111/src/pesign-authorize-groups
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
[ -f /usr/bin/pesign ] || exit 1
|
||||
if [[ -r /etc/pesign/groups ]]; then
|
||||
for group in $(cat /etc/pesign/groups); do
|
||||
- setfacl -m g:${group}:rx /var/run/pesign
|
||||
- setfacl -m g:${group}:rw /var/run/pesign/socket
|
||||
+ setfacl -m g:${group}:rx /run/pesign
|
||||
+ setfacl -m g:${group}:rw /run/pesign/socket
|
||||
done
|
||||
fi
|
||||
Index: pesign-0.111/src/pesign-authorize-users
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign-authorize-users
|
||||
+++ pesign-0.111/src/pesign-authorize-users
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
-PESIGN_PIDFILE=/var/run/pesign.pid
|
||||
+PESIGN_PIDFILE=/run/pesign.pid
|
||||
RETVAL=0
|
||||
|
||||
start(){
|
||||
@@ -28,15 +28,15 @@ start(){
|
||||
RETVAL=$?
|
||||
echo
|
||||
touch /var/lock/subsys/pesign
|
||||
- setfacl -m u:kojibuilder:x /var/run/pesign
|
||||
- setfacl -m u:kojibuilder:rw /var/run/pesign/socket
|
||||
- setfacl -m g:kojibuilder:x /var/run/pesign
|
||||
- setfacl -m g:kojibuilder:rw /var/run/pesign/socket
|
||||
+ setfacl -m u:kojibuilder:x /run/pesign
|
||||
+ setfacl -m u:kojibuilder:rw /run/pesign/socket
|
||||
+ setfacl -m g:kojibuilder:x /run/pesign
|
||||
+ setfacl -m g:kojibuilder:rw /run/pesign/socket
|
||||
}
|
||||
|
||||
stop(){
|
||||
echo -n "Stopping pesign: "
|
||||
- killproc -p /var/run/pesign.pid pesignd
|
||||
+ killproc -p /run/pesign.pid pesignd
|
||||
RETVAL=$?
|
||||
echo
|
||||
rm -f /var/lock/subsys/pesign
|
||||
--- a/src/tmpfiles.conf
|
||||
+++ b/src/tmpfiles.conf
|
||||
@@ -1 +1 @@
|
||||
-D /var/run/pesign 0770 pesign pesign -
|
||||
+D /run/pesign 0770 pesign pesign -
|
||||
if [[ -r /etc/pesign/users ]]; then
|
||||
for username in $(cat /etc/pesign/users); do
|
||||
- setfacl -m u:${username}:rx /var/run/pesign
|
||||
- setfacl -m u:${username}:rw /var/run/pesign/socket
|
||||
+ setfacl -m u:${username}:rx /run/pesign
|
||||
+ setfacl -m u:${username}:rw /run/pesign/socket
|
||||
done
|
||||
fi
|
||||
|
@ -1,67 +1,44 @@
|
||||
diff --git a/Make.defaults b/Make.defaults
|
||||
index 95ba9d5..c03bf70 100644
|
||||
--- a/Make.defaults
|
||||
+++ b/Make.defaults
|
||||
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
|
||||
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
|
||||
INCDIR = -I$(TOPDIR)/include
|
||||
CPPFLAGS = -DCONFIG_$(ARCH)
|
||||
-CFLAGS = -g -O0
|
||||
+OPTFLAGS = -g -O0
|
||||
+CFLAGS = $(OPTFLAGS)
|
||||
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
|
||||
ASFLAGS = $(ARCH3264)
|
||||
LDFLAGS = -nostdlib
|
||||
@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
|
||||
Index: pesign-0.111/util/Makefile
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/util/Makefile
|
||||
+++ pesign-0.111/util/Makefile
|
||||
@@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules
|
||||
include $(TOPDIR)/Make.defaults
|
||||
|
||||
ifeq ($(ARCH),ia64)
|
||||
CFLAGS += -mfixed-range=f32-f127
|
||||
- LIBDIR = $(PREFIX)/lib64
|
||||
+ LIBDIR = $(PREFIX)/lib
|
||||
endif
|
||||
FORMAT=efi-app-$(HOSTARCH)
|
||||
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
||||
CCLDFLAGS =
|
||||
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
||||
@@ -20,8 +20,8 @@ clean :
|
||||
@rm -rfv *.o *.a *.so .*.d $(TARGETS)
|
||||
|
||||
ifeq ($(ARCH), ia32)
|
||||
@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64)
|
||||
endif
|
||||
endif
|
||||
install :
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
|
||||
+ifeq ($(ARCH), aarch64)
|
||||
+ LIBDIR := $(PREFIX)/lib64
|
||||
+endif
|
||||
diff --git a/Make.rules b/Make.rules
|
||||
index 2749521..3553a03 100644
|
||||
--- a/Make.rules
|
||||
+++ b/Make.rules
|
||||
@@ -2,10 +2,11 @@
|
||||
$(AR) -cvqs $@ $^
|
||||
install_systemd:
|
||||
|
||||
% : %.o
|
||||
- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
|
||||
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
|
||||
|
||||
%.so :
|
||||
$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
|
||||
+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
|
||||
index ea37c58..120a49c 100644
|
||||
--- a/src/pesign.sysvinit
|
||||
+++ b/src/pesign.sysvinit
|
||||
@@ -6,21 +6,25 @@
|
||||
Index: pesign-0.111/src/pesign.sysvinit.in
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/src/pesign.sysvinit.in
|
||||
+++ pesign-0.111/src/pesign.sysvinit.in
|
||||
@@ -6,21 +6,24 @@
|
||||
# processname: /usr/bin/pesign
|
||||
# pidfile: /var/run/pesign.pid
|
||||
### BEGIN INIT INFO
|
||||
-# Provides: pesign
|
||||
-# Default-Start:
|
||||
-# Default-Stop:
|
||||
+# Provides: pesign
|
||||
+# Should-Start: $remote_fs
|
||||
+# Should-Stop: $remote_fs
|
||||
+# Required-Start:
|
||||
+# Required-Stop:
|
||||
+# Default-Start: 2 3 5
|
||||
# Default-Stop:
|
||||
# Short-Description: The pesign PE signing daemon
|
||||
# Description: The pesign PE signing daemon
|
||||
### END INIT INFO
|
||||
@ -79,27 +56,37 @@ index ea37c58..120a49c 100644
|
||||
RETVAL=$?
|
||||
echo
|
||||
touch /var/lock/subsys/pesign
|
||||
diff --git a/util/Makefile b/util/Makefile
|
||||
index ff11cb8..5d4cebb 100644
|
||||
--- a/util/Makefile
|
||||
+++ b/util/Makefile
|
||||
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
|
||||
include $(TOPDIR)/Make.defaults
|
||||
@@ -30,7 +33,7 @@ start(){
|
||||
|
||||
FORMAT=efi-app-$(HOSTARCH)
|
||||
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
||||
CCLDFLAGS =
|
||||
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
||||
@@ -17,8 +17,8 @@ clean :
|
||||
@rm -rfv *.o *.a *.so $(TARGETS)
|
||||
stop(){
|
||||
echo -n "Stopping pesign: "
|
||||
- killproc -p /var/run/pesign.pid pesignd
|
||||
+ killproc -p /run/pesign.pid pesignd
|
||||
RETVAL=$?
|
||||
echo
|
||||
rm -f /var/lock/subsys/pesign
|
||||
Index: pesign-0.111/Make.defaults
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/Make.defaults
|
||||
+++ pesign-0.111/Make.defaults
|
||||
@@ -55,7 +55,7 @@ efi_cflags = $(cflags)
|
||||
ASFLAGS = $(ARCH3264)
|
||||
CPPFLAGS ?=
|
||||
|
||||
-LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
|
||||
+LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
|
||||
|
||||
ifeq ($(ARCH),ia64)
|
||||
efi_cflags += -mfixed-range=f32-f127
|
||||
Index: pesign-0.111/Makefile
|
||||
===================================================================
|
||||
--- pesign-0.111.orig/Makefile
|
||||
+++ pesign-0.111/Makefile
|
||||
@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src
|
||||
|
||||
install :
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
|
||||
.PHONY: all clean install
|
||||
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
|
||||
- $(INSTALL) -pm 644 COPYING $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
|
||||
@set -e ; for x in $(SUBDIRS) ; do \
|
||||
$(MAKE) -C $$x $@ ; \
|
||||
done
|
||||
|
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 10 07:59:48 UTC 2015 - glin@suse.com
|
||||
|
||||
- Update to 0.111
|
||||
- Add pesign-fix-signness.patch to fix the signness comparison
|
||||
- Drop upstreamed patches
|
||||
+ pesign-efivar-pkgconfig.patch
|
||||
+ pesign-make-efi_guid_t-const.patch
|
||||
+ pesign-fix-import-sig-check.patch
|
||||
+ pesign-install-supplementary-programs.patch
|
||||
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
|
||||
and pesign-run.patch
|
||||
- Update pesign-fix-build-errors.patch
|
||||
- Merge use-standard-pid-location.patch into pesign-run.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org
|
||||
|
||||
|
28
pesign.spec
28
pesign.spec
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: pesign
|
||||
Version: 0.110
|
||||
Version: 0.111
|
||||
Release: 0
|
||||
Summary: Signing tool for PE-COFF binaries
|
||||
License: GPL-2.0
|
||||
@ -30,20 +30,12 @@ Patch1: pesign-suse-build.patch
|
||||
Patch2: pesign-fix-build-errors.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
|
||||
Patch3: pesign-privkey_unneeded.diff
|
||||
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
|
||||
Patch4: use-standard-pid-location.patch
|
||||
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
|
||||
Patch5: pesign-run.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
|
||||
Patch6: pesign-fix-authvar-write-loop.patch
|
||||
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs
|
||||
Patch7: pesign-install-supplementary-programs.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch glin@suse.com -- Fix the signature size check while importing a signature
|
||||
Patch8: pesign-fix-import-sig-check.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch glin@suse.com -- Make efivar compiler parameters come from pkg-config
|
||||
Patch9: pesign-efivar-pkgconfig.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch glin@suse.com -- make efi_guid_t's const
|
||||
Patch10: pesign-make-efi_guid_t-const.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-fix-signness.patch glin@suse.com -- Fix the signness comparison
|
||||
Patch7: pesign-fix-signness.patch
|
||||
BuildRequires: efivar-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: mozilla-nss-devel
|
||||
@ -63,23 +55,19 @@ with the PE and Authenticode specifications.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%build
|
||||
make %{?_smp_mflags} OPTFLAGS="%{optflags}"
|
||||
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
|
||||
|
||||
%install
|
||||
make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages install
|
||||
make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
|
||||
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
|
||||
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
|
||||
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir} install_systemd
|
||||
|
||||
# create rcsymlink
|
||||
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
@ -113,6 +101,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
|
||||
%{_bindir}/efisiglist
|
||||
%{_bindir}/authvar
|
||||
%{_sbindir}/rcpesign
|
||||
%dir %{_sysconfdir}/pesign
|
||||
%{_sysconfdir}/pesign/*
|
||||
%dir %{_sysconfdir}/popt.d
|
||||
%config %{_sysconfdir}/popt.d/pesign.popt
|
||||
%{_sysconfdir}/pki/
|
||||
@ -121,6 +111,8 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
|
||||
%{_localstatedir}/lib/pesign
|
||||
%{_unitdir}/pesign.service
|
||||
%{_libexecdir}/tmpfiles.d/pesign.conf
|
||||
%dir %{_libexecdir}/pesign
|
||||
%{_libexecdir}/pesign/pesign-authorize-*
|
||||
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
|
||||
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
|
||||
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
|
||||
|
@ -1,9 +0,0 @@
|
||||
--- a/src/pesign.service
|
||||
+++ b/src/pesign.service
|
||||
@@ -4,5 +4,5 @@
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
-PIDFile=/var/run/pesign.pid
|
||||
+PIDFile=/run/pesign.pid
|
||||
ExecStart=/usr/bin/pesign --daemonize
|
Loading…
Reference in New Issue
Block a user