forked from pool/pesign
Accepting request 259128 from Base:System
1 OBS-URL: https://build.opensuse.org/request/show/259128 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=20
This commit is contained in:
commit
581e7ae977
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545
|
||||
size 96921
|
3
pesign-0.110.tar.bz2
Normal file
3
pesign-0.110.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
|
||||
size 87420
|
@ -1,28 +0,0 @@
|
||||
From edd9cc0e677b35498e974d9a4137feac5bd4b323 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Tue, 26 Mar 2013 18:30:58 +0800
|
||||
Subject: [PATCH] Clear the space for the certificate list
|
||||
|
||||
Make sure the aligned bytes are '\0'
|
||||
|
||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
||||
---
|
||||
src/wincert.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/wincert.c b/src/wincert.c
|
||||
index 942fa26..5e23b04 100644
|
||||
--- a/src/wincert.c
|
||||
+++ b/src/wincert.c
|
||||
@@ -37,7 +37,7 @@ generate_cert_list(SECItem **signatures, int num_signatures,
|
||||
cl_size += ALIGNMENT_PADDING(cl_size, 8);
|
||||
}
|
||||
|
||||
- uint8_t *data = malloc(cl_size);
|
||||
+ uint8_t *data = calloc(1, cl_size);
|
||||
if (!data)
|
||||
return -1;
|
||||
|
||||
--
|
||||
1.8.1.4
|
||||
|
File diff suppressed because it is too large
Load Diff
72
pesign-fix-authvar-write-loop.patch
Normal file
72
pesign-fix-authvar-write-loop.patch
Normal file
@ -0,0 +1,72 @@
|
||||
From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Tue, 1 Jul 2014 14:43:35 +0800
|
||||
Subject: [PATCH] authvar: fix the write loop
|
||||
|
||||
I forgot to move the pointer...
|
||||
|
||||
Also use offsetof() instead of the wordsize check.
|
||||
|
||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
||||
---
|
||||
src/authvar_context.c | 16 +++++++---------
|
||||
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/authvar_context.c b/src/authvar_context.c
|
||||
index c988e96..675967c 100644
|
||||
--- a/src/authvar_context.c
|
||||
+++ b/src/authvar_context.c
|
||||
@@ -18,6 +18,7 @@
|
||||
*/
|
||||
|
||||
#include <unistd.h>
|
||||
+#include <stddef.h>
|
||||
#include <sys/mman.h>
|
||||
|
||||
#include <prerror.h>
|
||||
@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
|
||||
if (rc < 0)
|
||||
cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
|
||||
|
||||
-#if __WORDSIZE == 64
|
||||
- offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data;
|
||||
-#else
|
||||
- offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data;
|
||||
-#endif
|
||||
+ offset = offsetof(win_cert_uefi_guid_t, data);
|
||||
authinfo = calloc(offset + sd_der.len, 1);
|
||||
if (!authinfo)
|
||||
cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
|
||||
@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
|
||||
void *buffer, *ptr;
|
||||
size_t buf_len, des_len, remain;
|
||||
ssize_t wlen;
|
||||
+ off_t offset;
|
||||
|
||||
if (!ctx->authinfo)
|
||||
cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
|
||||
@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx)
|
||||
if (ctx->value_size > 0)
|
||||
memcpy(ptr, ctx->value, ctx->value_size);
|
||||
|
||||
- if (!ctx->to_firmware) {
|
||||
- ftruncate(ctx->exportfd, buf_len);
|
||||
+ if (!ctx->to_firmware)
|
||||
lseek(ctx->exportfd, 0, SEEK_SET);
|
||||
- }
|
||||
|
||||
remain = buf_len;
|
||||
+ offset = 0;
|
||||
do {
|
||||
- wlen = write(ctx->exportfd, buffer, remain);
|
||||
+ wlen = write(ctx->exportfd, buffer + offset, remain);
|
||||
if (wlen < 0)
|
||||
cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
|
||||
remain -= wlen;
|
||||
+ offset += wlen;
|
||||
} while (remain > 0);
|
||||
|
||||
return 0;
|
||||
--
|
||||
1.8.4.5
|
||||
|
@ -1,20 +1,8 @@
|
||||
From 4e03c90bb48e6f9c9d9c9aed491fbcc5be684e7b Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Tue, 9 Jul 2013 12:17:31 +0800
|
||||
Subject: [PATCH] Fix build errors
|
||||
|
||||
---
|
||||
src/daemon.c | 36 +++++++++++++++++++++++++++++-------
|
||||
src/efikeygen.c | 3 ++-
|
||||
src/password.c | 3 ++-
|
||||
src/pesign.c | 10 ++++++++--
|
||||
4 files changed, 41 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/daemon.c b/src/daemon.c
|
||||
index b2801b9..832a0ea 100644
|
||||
index c14b64b..5652ba1 100644
|
||||
--- a/src/daemon.c
|
||||
+++ b/src/daemon.c
|
||||
@@ -432,7 +432,11 @@ malformed:
|
||||
@@ -544,7 +544,11 @@ malformed:
|
||||
if (rc < 0) {
|
||||
err_attached:
|
||||
pe_end(outpe);
|
||||
@ -27,7 +15,7 @@ index b2801b9..832a0ea 100644
|
||||
goto finish;
|
||||
}
|
||||
ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
|
||||
@@ -450,21 +454,34 @@ err_attached:
|
||||
@@ -562,21 +566,34 @@ err_attached:
|
||||
ctx->cms->num_signatures, outpe);
|
||||
pe_end(outpe);
|
||||
} else {
|
||||
@ -67,7 +55,7 @@ index b2801b9..832a0ea 100644
|
||||
}
|
||||
|
||||
finish:
|
||||
@@ -996,7 +1013,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
||||
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -81,23 +69,6 @@ index b2801b9..832a0ea 100644
|
||||
|
||||
if (getuid() == 0) {
|
||||
/* process is running as root, drop privileges */
|
||||
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
||||
index ac27acc..8c3e814 100644
|
||||
--- a/src/efikeygen.c
|
||||
+++ b/src/efikeygen.c
|
||||
@@ -330,10 +330,11 @@ populate_extensions(cms_context *cms, CERTCertificate *cert,
|
||||
{
|
||||
CERTAttribute *attr = NULL;
|
||||
SECOidData *oid;
|
||||
+ int i;
|
||||
|
||||
oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
|
||||
|
||||
- for (int i; crq->attributes[i]; i++) {
|
||||
+ for (i = 0; crq->attributes[i]; i++) {
|
||||
attr = crq->attributes[i];
|
||||
if (attr->attrType.len != oid->oid.len)
|
||||
continue;
|
||||
diff --git a/src/password.c b/src/password.c
|
||||
index 43186df..9a9c911 100644
|
||||
--- a/src/password.c
|
||||
@ -113,7 +84,7 @@ index 43186df..9a9c911 100644
|
||||
if (isTTY) {
|
||||
fprintf(output, "\n");
|
||||
diff --git a/src/pesign.c b/src/pesign.c
|
||||
index 890ebfc..fe77c9d 100644
|
||||
index ff4f2bf..40a1e43 100644
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
|
||||
@ -134,6 +105,15 @@ index 890ebfc..fe77c9d 100644
|
||||
|
||||
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
|
||||
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
|
||||
--
|
||||
1.8.1.4
|
||||
|
||||
diff --git a/src/signed_data.c b/src/signed_data.c
|
||||
index 2fa1cdd..247ec57 100644
|
||||
--- a/src/signed_data.c
|
||||
+++ b/src/signed_data.c
|
||||
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
|
||||
SpcSignerInfo **signerInfo_list;
|
||||
int err, rc;
|
||||
|
||||
+ err = 0;
|
||||
if (!signerInfo_list_p)
|
||||
return -1;
|
||||
|
||||
|
23
pesign-install-supplementary-programs.patch
Normal file
23
pesign-install-supplementary-programs.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index 4c86a2a..062b544 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -79,14 +79,16 @@ install :
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
|
||||
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
|
||||
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
|
||||
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
|
||||
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
||||
|
@ -1,142 +0,0 @@
|
||||
From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
|
||||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||||
Date: Thu, 7 Nov 2013 16:58:04 +0800
|
||||
Subject: [PATCH] Allow some commands to proceed without a NSS db
|
||||
|
||||
The NSS db is not necessary to calculate the hash, to show the
|
||||
signature or to export the signed attributes.
|
||||
|
||||
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
||||
---
|
||||
src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
|
||||
1 file changed, 53 insertions(+), 38 deletions(-)
|
||||
|
||||
diff --git a/src/pesign.c b/src/pesign.c
|
||||
index c7313a6..0cd47a8 100644
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
|
||||
int daemon = 0;
|
||||
int fork = 1;
|
||||
int padding = 0;
|
||||
+ int need_db = 0;
|
||||
|
||||
char *digest_name = "sha256";
|
||||
char *tokenname = "NSS Certificate DB";
|
||||
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
+ int action = 0;
|
||||
+ if (daemon)
|
||||
+ action |= DAEMONIZE;
|
||||
+
|
||||
+ if (ctxp->rawsig) {
|
||||
+ action |= IMPORT_RAW_SIGNATURE;
|
||||
+ need_db = 1;
|
||||
+ }
|
||||
+
|
||||
+ if (ctxp->insattrs)
|
||||
+ action |= IMPORT_SATTRS;
|
||||
+
|
||||
+ if (ctxp->outsattrs)
|
||||
+ action |= EXPORT_SATTRS;
|
||||
+
|
||||
+ if (ctxp->insig)
|
||||
+ action |= IMPORT_SIGNATURE;
|
||||
+
|
||||
+ if (ctxp->outkey) {
|
||||
+ action |= EXPORT_PUBKEY;
|
||||
+ need_db = 1;
|
||||
+ }
|
||||
+
|
||||
+ if (ctxp->outcert) {
|
||||
+ action |= EXPORT_CERT;
|
||||
+ need_db = 1;
|
||||
+ }
|
||||
+
|
||||
+ if (ctxp->outsig)
|
||||
+ action |= EXPORT_SIGNATURE;
|
||||
+
|
||||
+ if (remove != 0)
|
||||
+ action |= REMOVE_SIGNATURE;
|
||||
+
|
||||
+ if (list != 0)
|
||||
+ action |= LIST_SIGNATURES;
|
||||
+
|
||||
+ if (ctxp->sign) {
|
||||
+ action |= GENERATE_SIGNATURE;
|
||||
+ if (!(action & EXPORT_SIGNATURE))
|
||||
+ action |= IMPORT_SIGNATURE;
|
||||
+ need_db = 1;
|
||||
+ }
|
||||
+
|
||||
+ if (ctxp->hash)
|
||||
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
|
||||
+
|
||||
if (!daemon) {
|
||||
- SECStatus status = NSS_Init(certdir);
|
||||
+ SECStatus status;
|
||||
+ if (need_db)
|
||||
+ status = NSS_Init(certdir);
|
||||
+ else
|
||||
+ status = NSS_NoDB_Init(NULL);
|
||||
if (status != SECSuccess) {
|
||||
fprintf(stderr, "Could not initialize nss: %s\n",
|
||||
PORT_ErrorToString(PORT_GetError()));
|
||||
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
|
||||
if (certname)
|
||||
free(certname);
|
||||
|
||||
- int action = 0;
|
||||
- if (daemon)
|
||||
- action |= DAEMONIZE;
|
||||
-
|
||||
- if (ctxp->rawsig)
|
||||
- action |= IMPORT_RAW_SIGNATURE;
|
||||
-
|
||||
- if (ctxp->insattrs)
|
||||
- action |= IMPORT_SATTRS;
|
||||
-
|
||||
- if (ctxp->outsattrs)
|
||||
- action |= EXPORT_SATTRS;
|
||||
-
|
||||
- if (ctxp->insig)
|
||||
- action |= IMPORT_SIGNATURE;
|
||||
-
|
||||
- if (ctxp->outkey)
|
||||
- action |= EXPORT_PUBKEY;
|
||||
-
|
||||
- if (ctxp->outcert)
|
||||
- action |= EXPORT_CERT;
|
||||
-
|
||||
- if (ctxp->outsig)
|
||||
- action |= EXPORT_SIGNATURE;
|
||||
-
|
||||
- if (remove != 0)
|
||||
- action |= REMOVE_SIGNATURE;
|
||||
-
|
||||
- if (list != 0)
|
||||
- action |= LIST_SIGNATURES;
|
||||
|
||||
if (ctxp->sign) {
|
||||
- action |= GENERATE_SIGNATURE;
|
||||
- if (!(action & EXPORT_SIGNATURE))
|
||||
- action |= IMPORT_SIGNATURE;
|
||||
-
|
||||
if (!ctxp->cms_ctx->certname) {
|
||||
fprintf(stderr, "pesign: signing requested but no "
|
||||
"certificate nickname provided\n");
|
||||
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
- if (ctxp->hash)
|
||||
- action |= GENERATE_DIGEST|PRINT_DIGEST;
|
||||
-
|
||||
ssize_t sigspace = 0;
|
||||
|
||||
switch (action) {
|
||||
--
|
||||
1.8.1.4
|
||||
|
@ -1,8 +1,14 @@
|
||||
Index: pesign-0.109/src/Makefile
|
||||
===================================================================
|
||||
--- pesign-0.109.orig/src/Makefile
|
||||
+++ pesign-0.109/src/Makefile
|
||||
@@ -79,7 +79,7 @@ install_sysvinit:
|
||||
---
|
||||
src/Makefile | 2 +-
|
||||
src/daemon.h | 4 ++--
|
||||
src/macros.pesign | 2 +-
|
||||
src/pesign.sysvinit | 14 +++++++-------
|
||||
src/tmpfiles.conf | 2 +-
|
||||
5 files changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -74,7 +74,7 @@ install_sysvinit:
|
||||
|
||||
install :
|
||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||
@ -11,25 +17,21 @@ Index: pesign-0.109/src/Makefile
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
|
||||
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
|
||||
Index: pesign-0.109/src/daemon.h
|
||||
===================================================================
|
||||
--- pesign-0.109.orig/src/daemon.h
|
||||
+++ pesign-0.109/src/daemon.h
|
||||
@@ -47,7 +47,7 @@ typedef enum {
|
||||
--- a/src/daemon.h
|
||||
+++ b/src/daemon.h
|
||||
@@ -49,7 +49,7 @@ typedef enum {
|
||||
} pesignd_cmd;
|
||||
|
||||
#define PESIGND_VERSION 0xa3cf41cb
|
||||
#define PESIGND_VERSION 0x2a9edaf0
|
||||
-#define SOCKPATH "/var/run/pesign/socket"
|
||||
-#define PIDFILE "/var/run/pesign.pid"
|
||||
+#define SOCKPATH "/run/pesign/socket"
|
||||
+#define PIDFILE "/run/pesign.pid"
|
||||
|
||||
#endif /* DAEMON_H */
|
||||
Index: pesign-0.109/src/macros.pesign
|
||||
===================================================================
|
||||
--- pesign-0.109.orig/src/macros.pesign
|
||||
+++ pesign-0.109/src/macros.pesign
|
||||
@@ -34,7 +34,7 @@
|
||||
--- a/src/macros.pesign
|
||||
+++ b/src/macros.pesign
|
||||
@@ -36,7 +36,7 @@
|
||||
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
|
||||
--certdir ${nss} -c signer %{-o} \
|
||||
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
|
||||
@ -38,10 +40,8 @@ Index: pesign-0.109/src/macros.pesign
|
||||
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
|
||||
-c "/CN=Fedora Secure Boot Signer" \\\
|
||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||
Index: pesign-0.109/src/pesign.sysvinit
|
||||
===================================================================
|
||||
--- pesign-0.109.orig/src/pesign.sysvinit
|
||||
+++ pesign-0.109/src/pesign.sysvinit
|
||||
--- a/src/pesign.sysvinit
|
||||
+++ b/src/pesign.sysvinit
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
# chkconfig: - 50 50
|
||||
@ -81,10 +81,8 @@ Index: pesign-0.109/src/pesign.sysvinit
|
||||
RETVAL=$?
|
||||
echo
|
||||
rm -f /var/lock/subsys/pesign
|
||||
Index: pesign-0.109/src/tmpfiles.conf
|
||||
===================================================================
|
||||
--- pesign-0.109.orig/src/tmpfiles.conf
|
||||
+++ pesign-0.109/src/tmpfiles.conf
|
||||
--- a/src/tmpfiles.conf
|
||||
+++ b/src/tmpfiles.conf
|
||||
@@ -1 +1 @@
|
||||
-D /var/run/pesign 0770 pesign pesign -
|
||||
+D /run/pesign 0770 pesign pesign -
|
||||
|
@ -1,25 +1,18 @@
|
||||
---
|
||||
Make.defaults | 5 +++--
|
||||
Make.rules | 4 ++--
|
||||
Makefile | 4 ++--
|
||||
src/Makefile | 9 +++++----
|
||||
src/pesign.sysvinit | 12 ++++++++----
|
||||
util/Makefile | 6 +++---
|
||||
6 files changed, 23 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/Make.defaults b/Make.defaults
|
||||
index 95ba9d5..c03bf70 100644
|
||||
--- a/Make.defaults
|
||||
+++ b/Make.defaults
|
||||
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[
|
||||
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
|
||||
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
|
||||
INCDIR = -I$(TOPDIR)/include
|
||||
CPPFLAGS = -DCONFIG_$(ARCH)
|
||||
-CFLAGS = $(ARCH3264) -g -O0 -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
|
||||
+OPTFLAGS = -O0 -g
|
||||
+CFLAGS = $(ARCH3264) $(OPTFLAGS) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
|
||||
-CFLAGS = -g -O0
|
||||
+OPTFLAGS = -g -O0
|
||||
+CFLAGS = $(OPTFLAGS)
|
||||
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
|
||||
ASFLAGS = $(ARCH3264)
|
||||
LDFLAGS = -nostdlib
|
||||
CCLDFLAGS = -shared
|
||||
@@ -22,7 +23,7 @@ OBJCOPY = $(bindir)objcopy
|
||||
@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
|
||||
|
||||
ifeq ($(ARCH),ia64)
|
||||
CFLAGS += -mfixed-range=f32-f127
|
||||
@ -28,9 +21,18 @@
|
||||
endif
|
||||
|
||||
ifeq ($(ARCH), ia32)
|
||||
@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64)
|
||||
endif
|
||||
endif
|
||||
|
||||
+ifeq ($(ARCH), aarch64)
|
||||
+ LIBDIR := $(PREFIX)/lib64
|
||||
+endif
|
||||
diff --git a/Make.rules b/Make.rules
|
||||
index 2749521..3553a03 100644
|
||||
--- a/Make.rules
|
||||
+++ b/Make.rules
|
||||
@@ -2,10 +2,10 @@
|
||||
@@ -2,10 +2,11 @@
|
||||
$(AR) -cvqs $@ $^
|
||||
|
||||
% : %.o
|
||||
@ -38,33 +40,13 @@
|
||||
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
|
||||
|
||||
%.so :
|
||||
- $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
|
||||
+ $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
|
||||
$(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
|
||||
+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||
--- a/util/Makefile
|
||||
+++ b/util/Makefile
|
||||
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
|
||||
include $(TOPDIR)/Make.defaults
|
||||
|
||||
FORMAT=efi-app-$(HOSTARCH)
|
||||
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
||||
CCLDFLAGS =
|
||||
CFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
||||
@@ -17,8 +17,8 @@ clean :
|
||||
@rm -rfv *.o *.a *.so $(TARGETS)
|
||||
|
||||
install :
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
|
||||
.PHONY: all clean install
|
||||
|
||||
$(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
|
||||
index ea37c58..120a49c 100644
|
||||
--- a/src/pesign.sysvinit
|
||||
+++ b/src/pesign.sysvinit
|
||||
@@ -6,21 +6,25 @@
|
||||
@ -97,3 +79,27 @@
|
||||
RETVAL=$?
|
||||
echo
|
||||
touch /var/lock/subsys/pesign
|
||||
diff --git a/util/Makefile b/util/Makefile
|
||||
index ff11cb8..5d4cebb 100644
|
||||
--- a/util/Makefile
|
||||
+++ b/util/Makefile
|
||||
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
|
||||
include $(TOPDIR)/Make.defaults
|
||||
|
||||
FORMAT=efi-app-$(HOSTARCH)
|
||||
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
|
||||
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
|
||||
CCLDFLAGS =
|
||||
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
|
||||
@@ -17,8 +17,8 @@ clean :
|
||||
@rm -rfv *.o *.a *.so $(TARGETS)
|
||||
|
||||
install :
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
|
||||
|
||||
.PHONY: all clean install
|
||||
|
||||
|
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com
|
||||
|
||||
- Update pesign-suse-build.patch to set LIBDIR for AArch64
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
|
||||
|
||||
- Update to version 0.110
|
||||
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
|
||||
authvar
|
||||
- Add pesign-install-supplementary-programs.patch to install the
|
||||
supplementary programs
|
||||
- Refresh patches
|
||||
+ pesign-fix-build-errors.patch
|
||||
+ pesign-run.patch
|
||||
+ pesign-suse-build.patch
|
||||
- Drop upstreamed patches
|
||||
+ pesign-clear-padding-bits.patch
|
||||
+ pesign-enable-supplementary-programs.patch
|
||||
+ pesign-no-db.patch
|
||||
- Enable aarch64
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
|
||||
|
||||
|
25
pesign.spec
25
pesign.spec
@ -17,36 +17,36 @@
|
||||
|
||||
|
||||
Name: pesign
|
||||
Version: 0.109
|
||||
Version: 0.110
|
||||
Release: 0
|
||||
Summary: Signing tool for PE-COFF binaries
|
||||
License: GPL-2.0
|
||||
Group: Productivity/Security
|
||||
Url: https://github.com/vathpela/pesign
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
|
||||
Patch1: pesign-suse-build.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
|
||||
Patch2: pesign-fix-build-errors.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
|
||||
Patch3: pesign-privkey_unneeded.diff
|
||||
# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list
|
||||
Patch4: pesign-clear-padding-bits.patch
|
||||
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
|
||||
Patch6: use-standard-pid-location.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database
|
||||
Patch7: pesign-no-db.patch
|
||||
Patch4: use-standard-pid-location.patch
|
||||
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
|
||||
Patch8: pesign-run.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch glin@suse.com -- Fix and enable the supplementary programs
|
||||
Patch9: pesign-enable-supplementary-programs.patch
|
||||
Patch5: pesign-run.patch
|
||||
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
|
||||
Patch6: pesign-fix-authvar-write-loop.patch
|
||||
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs
|
||||
Patch7: pesign-install-supplementary-programs.patch
|
||||
BuildRequires: efivar-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: mozilla-nss-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
%{?systemd_requires}
|
||||
PreReq: pwdutils
|
||||
ExclusiveArch: ia64 %ix86 x86_64
|
||||
ExclusiveArch: ia64 %ix86 x86_64 aarch64
|
||||
|
||||
%description
|
||||
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
|
||||
@ -64,10 +64,9 @@ Authors:
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
|
||||
%build
|
||||
make OPTFLAGS="$RPM_OPT_FLAGS"
|
||||
|
Loading…
Reference in New Issue
Block a user