SHA256
1
0
forked from pool/pesign

Accepting request 259128 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/259128
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=20
This commit is contained in:
Dominique Leuenberger 2014-11-11 23:20:49 +00:00 committed by Git OBS Bridge
commit 581e7ae977
12 changed files with 219 additions and 5064 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff7ee256ae615646fde1b542fe3ac1133a69a0542b1bd92e5a2e7ae6c550f545
size 96921

3
pesign-0.110.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a03499ffa181fea6086e1966476eccc05e3e014761ac300de1da27a44dba2281
size 87420

View File

@ -1,28 +0,0 @@
From edd9cc0e677b35498e974d9a4137feac5bd4b323 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 26 Mar 2013 18:30:58 +0800
Subject: [PATCH] Clear the space for the certificate list
Make sure the aligned bytes are '\0'
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/wincert.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/wincert.c b/src/wincert.c
index 942fa26..5e23b04 100644
--- a/src/wincert.c
+++ b/src/wincert.c
@@ -37,7 +37,7 @@ generate_cert_list(SECItem **signatures, int num_signatures,
cl_size += ALIGNMENT_PADDING(cl_size, 8);
}
- uint8_t *data = malloc(cl_size);
+ uint8_t *data = calloc(1, cl_size);
if (!data)
return -1;
--
1.8.1.4

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,72 @@
From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 1 Jul 2014 14:43:35 +0800
Subject: [PATCH] authvar: fix the write loop
I forgot to move the pointer...
Also use offsetof() instead of the wordsize check.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/authvar_context.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/authvar_context.c b/src/authvar_context.c
index c988e96..675967c 100644
--- a/src/authvar_context.c
+++ b/src/authvar_context.c
@@ -18,6 +18,7 @@
*/
#include <unistd.h>
+#include <stddef.h>
#include <sys/mman.h>
#include <prerror.h>
@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
if (rc < 0)
cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
-#if __WORDSIZE == 64
- offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data;
-#else
- offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data;
-#endif
+ offset = offsetof(win_cert_uefi_guid_t, data);
authinfo = calloc(offset + sd_der.len, 1);
if (!authinfo)
cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
void *buffer, *ptr;
size_t buf_len, des_len, remain;
ssize_t wlen;
+ off_t offset;
if (!ctx->authinfo)
cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx)
if (ctx->value_size > 0)
memcpy(ptr, ctx->value, ctx->value_size);
- if (!ctx->to_firmware) {
- ftruncate(ctx->exportfd, buf_len);
+ if (!ctx->to_firmware)
lseek(ctx->exportfd, 0, SEEK_SET);
- }
remain = buf_len;
+ offset = 0;
do {
- wlen = write(ctx->exportfd, buffer, remain);
+ wlen = write(ctx->exportfd, buffer + offset, remain);
if (wlen < 0)
cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
remain -= wlen;
+ offset += wlen;
} while (remain > 0);
return 0;
--
1.8.4.5

View File

@ -1,20 +1,8 @@
From 4e03c90bb48e6f9c9d9c9aed491fbcc5be684e7b Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 9 Jul 2013 12:17:31 +0800
Subject: [PATCH] Fix build errors
---
src/daemon.c | 36 +++++++++++++++++++++++++++++-------
src/efikeygen.c | 3 ++-
src/password.c | 3 ++-
src/pesign.c | 10 ++++++++--
4 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c diff --git a/src/daemon.c b/src/daemon.c
index b2801b9..832a0ea 100644 index c14b64b..5652ba1 100644
--- a/src/daemon.c --- a/src/daemon.c
+++ b/src/daemon.c +++ b/src/daemon.c
@@ -432,7 +432,11 @@ malformed: @@ -544,7 +544,11 @@ malformed:
if (rc < 0) { if (rc < 0) {
err_attached: err_attached:
pe_end(outpe); pe_end(outpe);
@ -27,7 +15,7 @@ index b2801b9..832a0ea 100644
goto finish; goto finish;
} }
ssize_t sigspace = calculate_signature_space(ctx->cms, outpe); ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
@@ -450,21 +454,34 @@ err_attached: @@ -562,21 +566,34 @@ err_attached:
ctx->cms->num_signatures, outpe); ctx->cms->num_signatures, outpe);
pe_end(outpe); pe_end(outpe);
} else { } else {
@ -67,7 +55,7 @@ index b2801b9..832a0ea 100644
} }
finish: finish:
@@ -996,7 +1013,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork) @@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
exit(1); exit(1);
} }
@ -81,23 +69,6 @@ index b2801b9..832a0ea 100644
if (getuid() == 0) { if (getuid() == 0) {
/* process is running as root, drop privileges */ /* process is running as root, drop privileges */
diff --git a/src/efikeygen.c b/src/efikeygen.c
index ac27acc..8c3e814 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -330,10 +330,11 @@ populate_extensions(cms_context *cms, CERTCertificate *cert,
{
CERTAttribute *attr = NULL;
SECOidData *oid;
+ int i;
oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
- for (int i; crq->attributes[i]; i++) {
+ for (i = 0; crq->attributes[i]; i++) {
attr = crq->attributes[i];
if (attr->attrType.len != oid->oid.len)
continue;
diff --git a/src/password.c b/src/password.c diff --git a/src/password.c b/src/password.c
index 43186df..9a9c911 100644 index 43186df..9a9c911 100644
--- a/src/password.c --- a/src/password.c
@ -113,7 +84,7 @@ index 43186df..9a9c911 100644
if (isTTY) { if (isTTY) {
fprintf(output, "\n"); fprintf(output, "\n");
diff --git a/src/pesign.c b/src/pesign.c diff --git a/src/pesign.c b/src/pesign.c
index 890ebfc..fe77c9d 100644 index ff4f2bf..40a1e43 100644
--- a/src/pesign.c --- a/src/pesign.c
+++ b/src/pesign.c +++ b/src/pesign.c
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx) @@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
@ -134,6 +105,15 @@ index 890ebfc..fe77c9d 100644
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
-- diff --git a/src/signed_data.c b/src/signed_data.c
1.8.1.4 index 2fa1cdd..247ec57 100644
--- a/src/signed_data.c
+++ b/src/signed_data.c
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
SpcSignerInfo **signerInfo_list;
int err, rc;
+ err = 0;
if (!signerInfo_list_p)
return -1;

View File

@ -0,0 +1,23 @@
diff --git a/src/Makefile b/src/Makefile
index 4c86a2a..062b544 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -79,14 +79,16 @@ install :
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/

View File

@ -1,142 +0,0 @@
From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Nov 2013 16:58:04 +0800
Subject: [PATCH] Allow some commands to proceed without a NSS db
The NSS db is not necessary to calculate the hash, to show the
signature or to export the signed attributes.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 53 insertions(+), 38 deletions(-)
diff --git a/src/pesign.c b/src/pesign.c
index c7313a6..0cd47a8 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
int daemon = 0;
int fork = 1;
int padding = 0;
+ int need_db = 0;
char *digest_name = "sha256";
char *tokenname = "NSS Certificate DB";
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
}
}
+ int action = 0;
+ if (daemon)
+ action |= DAEMONIZE;
+
+ if (ctxp->rawsig) {
+ action |= IMPORT_RAW_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->insattrs)
+ action |= IMPORT_SATTRS;
+
+ if (ctxp->outsattrs)
+ action |= EXPORT_SATTRS;
+
+ if (ctxp->insig)
+ action |= IMPORT_SIGNATURE;
+
+ if (ctxp->outkey) {
+ action |= EXPORT_PUBKEY;
+ need_db = 1;
+ }
+
+ if (ctxp->outcert) {
+ action |= EXPORT_CERT;
+ need_db = 1;
+ }
+
+ if (ctxp->outsig)
+ action |= EXPORT_SIGNATURE;
+
+ if (remove != 0)
+ action |= REMOVE_SIGNATURE;
+
+ if (list != 0)
+ action |= LIST_SIGNATURES;
+
+ if (ctxp->sign) {
+ action |= GENERATE_SIGNATURE;
+ if (!(action & EXPORT_SIGNATURE))
+ action |= IMPORT_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->hash)
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
+
if (!daemon) {
- SECStatus status = NSS_Init(certdir);
+ SECStatus status;
+ if (need_db)
+ status = NSS_Init(certdir);
+ else
+ status = NSS_NoDB_Init(NULL);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
if (certname)
free(certname);
- int action = 0;
- if (daemon)
- action |= DAEMONIZE;
-
- if (ctxp->rawsig)
- action |= IMPORT_RAW_SIGNATURE;
-
- if (ctxp->insattrs)
- action |= IMPORT_SATTRS;
-
- if (ctxp->outsattrs)
- action |= EXPORT_SATTRS;
-
- if (ctxp->insig)
- action |= IMPORT_SIGNATURE;
-
- if (ctxp->outkey)
- action |= EXPORT_PUBKEY;
-
- if (ctxp->outcert)
- action |= EXPORT_CERT;
-
- if (ctxp->outsig)
- action |= EXPORT_SIGNATURE;
-
- if (remove != 0)
- action |= REMOVE_SIGNATURE;
-
- if (list != 0)
- action |= LIST_SIGNATURES;
if (ctxp->sign) {
- action |= GENERATE_SIGNATURE;
- if (!(action & EXPORT_SIGNATURE))
- action |= IMPORT_SIGNATURE;
-
if (!ctxp->cms_ctx->certname) {
fprintf(stderr, "pesign: signing requested but no "
"certificate nickname provided\n");
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
}
}
- if (ctxp->hash)
- action |= GENERATE_DIGEST|PRINT_DIGEST;
-
ssize_t sigspace = 0;
switch (action) {
--
1.8.1.4

View File

@ -1,8 +1,14 @@
Index: pesign-0.109/src/Makefile ---
=================================================================== src/Makefile | 2 +-
--- pesign-0.109.orig/src/Makefile src/daemon.h | 4 ++--
+++ pesign-0.109/src/Makefile src/macros.pesign | 2 +-
@@ -79,7 +79,7 @@ install_sysvinit: src/pesign.sysvinit | 14 +++++++-------
src/tmpfiles.conf | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
--- a/src/Makefile
+++ b/src/Makefile
@@ -74,7 +74,7 @@ install_sysvinit:
install : install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
@ -11,25 +17,21 @@ Index: pesign-0.109/src/Makefile
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/ $(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client $(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
Index: pesign-0.109/src/daemon.h --- a/src/daemon.h
=================================================================== +++ b/src/daemon.h
--- pesign-0.109.orig/src/daemon.h @@ -49,7 +49,7 @@ typedef enum {
+++ pesign-0.109/src/daemon.h
@@ -47,7 +47,7 @@ typedef enum {
} pesignd_cmd; } pesignd_cmd;
#define PESIGND_VERSION 0xa3cf41cb #define PESIGND_VERSION 0x2a9edaf0
-#define SOCKPATH "/var/run/pesign/socket" -#define SOCKPATH "/var/run/pesign/socket"
-#define PIDFILE "/var/run/pesign.pid" -#define PIDFILE "/var/run/pesign.pid"
+#define SOCKPATH "/run/pesign/socket" +#define SOCKPATH "/run/pesign/socket"
+#define PIDFILE "/run/pesign.pid" +#define PIDFILE "/run/pesign.pid"
#endif /* DAEMON_H */ #endif /* DAEMON_H */
Index: pesign-0.109/src/macros.pesign --- a/src/macros.pesign
=================================================================== +++ b/src/macros.pesign
--- pesign-0.109.orig/src/macros.pesign @@ -36,7 +36,7 @@
+++ pesign-0.109/src/macros.pesign
@@ -34,7 +34,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\ %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \ --certdir ${nss} -c signer %{-o} \
rm -rf ${sattrs} ${sattrs}.sig ${nss} \ rm -rf ${sattrs} ${sattrs}.sig ${nss} \
@ -38,10 +40,8 @@ Index: pesign-0.109/src/macros.pesign
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\ %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\ -c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \ %{-i} %{-o} %{-e} %{-s} %{-C} \
Index: pesign-0.109/src/pesign.sysvinit --- a/src/pesign.sysvinit
=================================================================== +++ b/src/pesign.sysvinit
--- pesign-0.109.orig/src/pesign.sysvinit
+++ pesign-0.109/src/pesign.sysvinit
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
# #
# chkconfig: - 50 50 # chkconfig: - 50 50
@ -81,10 +81,8 @@ Index: pesign-0.109/src/pesign.sysvinit
RETVAL=$? RETVAL=$?
echo echo
rm -f /var/lock/subsys/pesign rm -f /var/lock/subsys/pesign
Index: pesign-0.109/src/tmpfiles.conf --- a/src/tmpfiles.conf
=================================================================== +++ b/src/tmpfiles.conf
--- pesign-0.109.orig/src/tmpfiles.conf
+++ pesign-0.109/src/tmpfiles.conf
@@ -1 +1 @@ @@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign - -D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign - +D /run/pesign 0770 pesign pesign -

View File

@ -1,25 +1,18 @@
--- diff --git a/Make.defaults b/Make.defaults
Make.defaults | 5 +++-- index 95ba9d5..c03bf70 100644
Make.rules | 4 ++--
Makefile | 4 ++--
src/Makefile | 9 +++++----
src/pesign.sysvinit | 12 ++++++++----
util/Makefile | 6 +++---
6 files changed, 23 insertions(+), 17 deletions(-)
--- a/Make.defaults --- a/Make.defaults
+++ b/Make.defaults +++ b/Make.defaults
@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[ @@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
INCDIR = -I$(TOPDIR)/include INCDIR = -I$(TOPDIR)/include
CPPFLAGS = -DCONFIG_$(ARCH) CPPFLAGS = -DCONFIG_$(ARCH)
-CFLAGS = $(ARCH3264) -g -O0 -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -CFLAGS = -g -O0
+OPTFLAGS = -O0 -g +OPTFLAGS = -g -O0
+CFLAGS = $(ARCH3264) $(OPTFLAGS) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE +CFLAGS = $(OPTFLAGS)
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
ASFLAGS = $(ARCH3264) ASFLAGS = $(ARCH3264)
LDFLAGS = -nostdlib LDFLAGS = -nostdlib
CCLDFLAGS = -shared @@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
@@ -22,7 +23,7 @@ OBJCOPY = $(bindir)objcopy
ifeq ($(ARCH),ia64) ifeq ($(ARCH),ia64)
CFLAGS += -mfixed-range=f32-f127 CFLAGS += -mfixed-range=f32-f127
@ -28,9 +21,18 @@
endif endif
ifeq ($(ARCH), ia32) ifeq ($(ARCH), ia32)
@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64)
endif
endif
+ifeq ($(ARCH), aarch64)
+ LIBDIR := $(PREFIX)/lib64
+endif
diff --git a/Make.rules b/Make.rules
index 2749521..3553a03 100644
--- a/Make.rules --- a/Make.rules
+++ b/Make.rules +++ b/Make.rules
@@ -2,10 +2,10 @@ @@ -2,10 +2,11 @@
$(AR) -cvqs $@ $^ $(AR) -cvqs $@ $^
% : %.o % : %.o
@ -38,33 +40,13 @@
+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread + $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread
%.so : %.so :
- $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@
+ $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@ + $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@
%.o: %.c %.o: %.c
$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
--- a/util/Makefile diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
+++ b/util/Makefile index ea37c58..120a49c 100644
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
FORMAT=efi-app-$(HOSTARCH)
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
CCLDFLAGS =
CFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
@@ -17,8 +17,8 @@ clean :
@rm -rfv *.o *.a *.so $(TARGETS)
install :
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
.PHONY: all clean install
--- a/src/pesign.sysvinit --- a/src/pesign.sysvinit
+++ b/src/pesign.sysvinit +++ b/src/pesign.sysvinit
@@ -6,21 +6,25 @@ @@ -6,21 +6,25 @@
@ -97,3 +79,27 @@
RETVAL=$? RETVAL=$?
echo echo
touch /var/lock/subsys/pesign touch /var/lock/subsys/pesign
diff --git a/util/Makefile b/util/Makefile
index ff11cb8..5d4cebb 100644
--- a/util/Makefile
+++ b/util/Makefile
@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
FORMAT=efi-app-$(HOSTARCH)
-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
CCLDFLAGS =
BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration
@@ -17,8 +17,8 @@ clean :
@rm -rfv *.o *.a *.so $(TARGETS)
install :
- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
.PHONY: all clean install

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com
- Update pesign-suse-build.patch to set LIBDIR for AArch64
-------------------------------------------------------------------
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
- Update to version 0.110
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
authvar
- Add pesign-install-supplementary-programs.patch to install the
supplementary programs
- Refresh patches
+ pesign-fix-build-errors.patch
+ pesign-run.patch
+ pesign-suse-build.patch
- Drop upstreamed patches
+ pesign-clear-padding-bits.patch
+ pesign-enable-supplementary-programs.patch
+ pesign-no-db.patch
- Enable aarch64
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com

View File

@ -17,36 +17,36 @@
Name: pesign Name: pesign
Version: 0.109 Version: 0.110
Release: 0 Release: 0
Summary: Signing tool for PE-COFF binaries Summary: Signing tool for PE-COFF binaries
License: GPL-2.0 License: GPL-2.0
Group: Productivity/Security Group: Productivity/Security
Url: https://github.com/vathpela/pesign Url: https://github.com/vathpela/pesign
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch1: pesign-suse-build.patch Patch1: pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
Patch2: pesign-fix-build-errors.patch Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff Patch3: pesign-privkey_unneeded.diff
# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch glin@suse.com -- Clear the allocated space before inserting the certificate list
Patch4: pesign-clear-padding-bits.patch
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile # PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
Patch6: use-standard-pid-location.patch Patch4: use-standard-pid-location.patch
# PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database
Patch7: pesign-no-db.patch
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
Patch8: pesign-run.patch Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch glin@suse.com -- Fix and enable the supplementary programs # PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
Patch9: pesign-enable-supplementary-programs.patch Patch6: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch glin@suse.com -- Install the supplementary programs
Patch7: pesign-install-supplementary-programs.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: popt-devel BuildRequires: popt-devel
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
%{?systemd_requires} %{?systemd_requires}
PreReq: pwdutils PreReq: pwdutils
ExclusiveArch: ia64 %ix86 x86_64 ExclusiveArch: ia64 %ix86 x86_64 aarch64
%description %description
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
@ -64,10 +64,9 @@ Authors:
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%patch9 -p1
%build %build
make OPTFLAGS="$RPM_OPT_FLAGS" make OPTFLAGS="$RPM_OPT_FLAGS"