SHA256
1
0
forked from pool/pesign

Accepting request 209211 from Base:System

Add pesign-no-db.patch to allow some commands to proceed without a NSS database. (forwarded request 209210 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/209211
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=14
This commit is contained in:
Stephan Kulow 2013-12-03 13:27:09 +00:00 committed by Git OBS Bridge
commit 66ec675a6a
3 changed files with 151 additions and 0 deletions

142
pesign-no-db.patch Normal file
View File

@ -0,0 +1,142 @@
From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Nov 2013 16:58:04 +0800
Subject: [PATCH] Allow some commands to proceed without a NSS db
The NSS db is not necessary to calculate the hash, to show the
signature or to export the signed attributes.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 53 insertions(+), 38 deletions(-)
diff --git a/src/pesign.c b/src/pesign.c
index c7313a6..0cd47a8 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
int daemon = 0;
int fork = 1;
int padding = 0;
+ int need_db = 0;
char *digest_name = "sha256";
char *tokenname = "NSS Certificate DB";
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
}
}
+ int action = 0;
+ if (daemon)
+ action |= DAEMONIZE;
+
+ if (ctxp->rawsig) {
+ action |= IMPORT_RAW_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->insattrs)
+ action |= IMPORT_SATTRS;
+
+ if (ctxp->outsattrs)
+ action |= EXPORT_SATTRS;
+
+ if (ctxp->insig)
+ action |= IMPORT_SIGNATURE;
+
+ if (ctxp->outkey) {
+ action |= EXPORT_PUBKEY;
+ need_db = 1;
+ }
+
+ if (ctxp->outcert) {
+ action |= EXPORT_CERT;
+ need_db = 1;
+ }
+
+ if (ctxp->outsig)
+ action |= EXPORT_SIGNATURE;
+
+ if (remove != 0)
+ action |= REMOVE_SIGNATURE;
+
+ if (list != 0)
+ action |= LIST_SIGNATURES;
+
+ if (ctxp->sign) {
+ action |= GENERATE_SIGNATURE;
+ if (!(action & EXPORT_SIGNATURE))
+ action |= IMPORT_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->hash)
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
+
if (!daemon) {
- SECStatus status = NSS_Init(certdir);
+ SECStatus status;
+ if (need_db)
+ status = NSS_Init(certdir);
+ else
+ status = NSS_NoDB_Init(NULL);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
if (certname)
free(certname);
- int action = 0;
- if (daemon)
- action |= DAEMONIZE;
-
- if (ctxp->rawsig)
- action |= IMPORT_RAW_SIGNATURE;
-
- if (ctxp->insattrs)
- action |= IMPORT_SATTRS;
-
- if (ctxp->outsattrs)
- action |= EXPORT_SATTRS;
-
- if (ctxp->insig)
- action |= IMPORT_SIGNATURE;
-
- if (ctxp->outkey)
- action |= EXPORT_PUBKEY;
-
- if (ctxp->outcert)
- action |= EXPORT_CERT;
-
- if (ctxp->outsig)
- action |= EXPORT_SIGNATURE;
-
- if (remove != 0)
- action |= REMOVE_SIGNATURE;
-
- if (list != 0)
- action |= LIST_SIGNATURES;
if (ctxp->sign) {
- action |= GENERATE_SIGNATURE;
- if (!(action & EXPORT_SIGNATURE))
- action |= IMPORT_SIGNATURE;
-
if (!ctxp->cms_ctx->certname) {
fprintf(stderr, "pesign: signing requested but no "
"certificate nickname provided\n");
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
}
}
- if (ctxp->hash)
- action |= GENERATE_DIGEST|PRINT_DIGEST;
-
ssize_t sigspace = 0;
switch (action) {
--
1.8.1.4

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Nov 7 09:17:04 UTC 2013 - glin@suse.com
- Add pesign-no-db.patch to allow some commands to proceed without
a NSS database.
-------------------------------------------------------------------
Thu Oct 24 03:14:05 UTC 2013 - glin@suse.com

View File

@ -34,6 +34,8 @@ Patch3: pesign-privkey_unneeded.diff
Patch4: pesign-clear-padding-bits.patch
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drouand@gmail.com --Use standard /run instead of /var/run for pidfile
Patch6: use-standard-pid-location.patch
# PATCH-FIX-UPSTREAM pesign-no-db.patch glin@suse.com -- Allow some commands to proceed without a NSS database
Patch7: pesign-no-db.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@ -59,6 +61,7 @@ Authors:
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch7 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"