diff --git a/pesign-0.112.tar.bz2 b/pesign-0.112.tar.bz2 deleted file mode 100644 index 648b1ec..0000000 --- a/pesign-0.112.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:99fa1240311a802fa381eebba8d52b7106690322ac00395bf9fc149dc2cb363e -size 90251 diff --git a/pesign-113.tar.bz2 b/pesign-113.tar.bz2 new file mode 100644 index 0000000..12f80e5 --- /dev/null +++ b/pesign-113.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0dfb14e6f79288b7983344b88b14f83b0267c002f563e38171f935af107d0132 +size 103471 diff --git a/pesign-bsc1087742-fix-efisiglist.patch b/pesign-bsc1087742-fix-efisiglist.patch deleted file mode 100644 index b9dfa87..0000000 --- a/pesign-bsc1087742-fix-efisiglist.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 4279d9a36d6c0d09295a76160e26cbe1bbf37591 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 30 Mar 2018 12:25:34 +0800 -Subject: [PATCH] efisiglist: Copy the header correctly - -signature_list wasn't copied corretly to efi_signature_list because -SignatureType in signature_list is a pointer while that in -efi_signature_list is not. - -Signed-off-by: Gary Lin ---- - src/siglist.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/siglist.c b/src/siglist.c -index 6e59164..e74eb10 100644 ---- a/src/siglist.c -+++ b/src/siglist.c -@@ -217,7 +217,10 @@ signature_list_realize(signature_list *sl, void **out, size_t *outsize) - return -1; - esl = ret; - -- memcpy(esl, sl, sizeof (*esl)); -+ memcpy(&esl->SignatureType, sl->SignatureType, sizeof(efi_guid_t)); -+ esl->SignatureListSize = sl->SignatureListSize; -+ esl->SignatureHeaderSize = sl->SignatureHeaderSize; -+ esl->SignatureSize = sl->SignatureSize; - - uint8_t *pos = ret + sizeof (*esl); - for (int i = 0; i < count; i++) { --- -2.16.2 - diff --git a/pesign-fix-argument-list.patch b/pesign-fix-argument-list.patch deleted file mode 100644 index 8d0c129..0000000 --- a/pesign-fix-argument-list.patch +++ /dev/null @@ -1,65 +0,0 @@ -commit 5be0515dee24308fd7e270bf2e0fb5e5a7a78f32 -Author: Julien Cristau -Date: Thu Jun 9 14:30:37 2016 +0200 - - Fix command line parsing - - The gettext translation domain should be passed as .arg, not .descrip, - otherwise popt won't process any of the command line options (it stops - looping over the struct poptOption array when an entry has unset - longName, shortName and arg). - - Signed-off-by: Julien Cristau - -diff --git a/src/client.c b/src/client.c -index 028419f..575c873 100644 ---- a/src/client.c -+++ b/src/client.c -@@ -555,7 +555,7 @@ main(int argc, char *argv[]) - - struct poptOption options[] = { - {.argInfo = POPT_ARG_INTL_DOMAIN, -- .descrip = "pesign" }, -+ .arg = "pesign" }, - {.longName = "token", - .shortName = 't', - .argInfo = POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, -diff --git a/src/efikeygen.c b/src/efikeygen.c -index 6278849..8a515a5 100644 ---- a/src/efikeygen.c -+++ b/src/efikeygen.c -@@ -486,7 +486,7 @@ int main(int argc, char *argv[]) - poptContext optCon; - struct poptOption options[] = { - {.argInfo = POPT_ARG_INTL_DOMAIN, -- .descrip = "pesign" }, -+ .arg = "pesign" }, - /* global nss-ish things */ - {.longName = "dbdir", - .shortName = 'd', -diff --git a/src/efisiglist.c b/src/efisiglist.c -index cd3f1ae..40d6a93 100644 ---- a/src/efisiglist.c -+++ b/src/efisiglist.c -@@ -126,7 +126,7 @@ main(int argc, char *argv[]) - - struct poptOption options[] = { - {.argInfo = POPT_ARG_INTL_DOMAIN, -- .descrip = "pesign" }, -+ .arg = "pesign" }, - {.longName = "infile", - .shortName = 'i', - .argInfo = POPT_ARG_STRING, -diff --git a/src/pesigcheck.c b/src/pesigcheck.c -index 1328fe9..0d49c1a 100644 ---- a/src/pesigcheck.c -+++ b/src/pesigcheck.c -@@ -214,7 +214,7 @@ main(int argc, char *argv[]) - poptContext optCon; - struct poptOption options[] = { - {.argInfo = POPT_ARG_INTL_DOMAIN, -- .descrip = "pesign" }, -+ .arg = "pesign" }, - {.longName = "dbfile", - .shortName = 'D', - .argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_POST, diff --git a/pesign-fix-authvar-write-loop.patch b/pesign-fix-authvar-write-loop.patch index 5ffe3ed..085ad74 100644 --- a/pesign-fix-authvar-write-loop.patch +++ b/pesign-fix-authvar-write-loop.patch @@ -1,4 +1,4 @@ -From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001 +From b3c58e3b9237f90e865723837a9389fcb25f6945 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 1 Jul 2014 14:43:35 +0800 Subject: [PATCH] authvar: fix the write loop @@ -13,18 +13,18 @@ Signed-off-by: Gary Ching-Pang Lin 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/authvar_context.c b/src/authvar_context.c -index c988e96..675967c 100644 +index 7a753fc..c51c666 100644 --- a/src/authvar_context.c +++ b/src/authvar_context.c -@@ -18,6 +18,7 @@ - */ +@@ -20,6 +20,7 @@ + #include "fix_coverity.h" #include +#include #include #include -@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx) +@@ -135,11 +136,7 @@ generate_descriptor(authvar_context *ctx) if (rc < 0) cmsreterr(-1, ctx->cms_ctx, "could not create signed data"); @@ -37,7 +37,7 @@ index c988e96..675967c 100644 authinfo = calloc(offset + sd_der.len, 1); if (!authinfo) cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo"); -@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx) +@@ -162,6 +159,7 @@ write_authvar(authvar_context *ctx) void *buffer, *ptr; size_t buf_len, des_len, remain; ssize_t wlen; @@ -45,7 +45,7 @@ index c988e96..675967c 100644 if (!ctx->authinfo) cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar"); -@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx) +@@ -189,19 +187,19 @@ write_authvar(authvar_context *ctx) if (ctx->value_size > 0) memcpy(ptr, ctx->value, ctx->value_size); @@ -60,13 +60,15 @@ index c988e96..675967c 100644 do { - wlen = write(ctx->exportfd, buffer, remain); + wlen = write(ctx->exportfd, buffer + offset, remain); - if (wlen < 0) + if (wlen < 0) { + free(buffer); cmsreterr(-1, ctx->cms_ctx, "failed to write authvar"); + } remain -= wlen; + offset += wlen; } while (remain > 0); - return 0; + free(buffer); -- -1.8.4.5 +2.21.0 diff --git a/pesign-fix-build-errors.patch b/pesign-fix-build-errors.patch deleted file mode 100644 index 98ead05..0000000 --- a/pesign-fix-build-errors.patch +++ /dev/null @@ -1,119 +0,0 @@ -Index: pesign-0.111/src/daemon.c -=================================================================== ---- pesign-0.111.orig/src/daemon.c -+++ pesign-0.111/src/daemon.c -@@ -544,7 +544,11 @@ malformed: - if (rc < 0) { - err_attached: - pe_end(outpe); -- ftruncate(outfd, 0); -+ if (ftruncate(outfd, 0) != 0) { -+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, -+ "pesignd: could not truncate output " -+ "file: %m"); -+ } - goto finish; - } - ssize_t sigspace = calculate_signature_space(ctx->cms, outpe); -@@ -562,21 +566,34 @@ err_attached: - ctx->cms->num_signatures, outpe); - pe_end(outpe); - } else { -- ftruncate(outfd, 0); -+ if (ftruncate(outfd, 0) != 0) { -+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, -+ "pesignd: could not truncate output " -+ "file: %m"); -+ } - rc = generate_digest(ctx->cms, inpe, 1); - if (rc < 0) { - err_detached: -- ftruncate(outfd, 0); -+ if (ftruncate(outfd, 0) != 0) { -+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, -+ "pesignd: could not truncate output " -+ "file: %m"); -+ } - goto finish; - } - rc = generate_signature(ctx->cms); - if (rc < 0) - goto err_detached; - rc = export_signature(ctx->cms, outfd, 0); -- if (rc >= 0) -- ftruncate(outfd, rc); -- else if (rc < 0) -+ if (rc >= 0) { -+ if (ftruncate(outfd, rc) != 0) { -+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, -+ "pesignd: could not truncate output " -+ "file: %m"); -+ } -+ } else if (rc < 0) { - goto err_detached; -+ } - } - - finish: -@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce - exit(1); - } - -- chdir(homedir ? homedir : "/"); -+ if (chdir(homedir ? homedir : "/") != 0) { -+ ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, -+ "pesignd: could not change working directory " -+ "for pesign: %m"); -+ exit(1); -+ } - - if (getuid() == 0) { - /* process is running as root, drop privileges */ -Index: pesign-0.111/src/password.c -=================================================================== ---- pesign-0.111.orig/src/password.c -+++ pesign-0.111/src/password.c -@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input - echoOff(infd); - } - -- fgets ( phrase, sizeof(phrase), input); -+ if (fgets(phrase, sizeof(phrase), input) == NULL) -+ phrase[0] = '\0'; - - if (isTTY) { - fprintf(output, "\n"); -Index: pesign-0.111/src/pesign.c -=================================================================== ---- pesign-0.111.orig/src/pesign.c -+++ pesign-0.111/src/pesign.c -@@ -164,9 +164,15 @@ open_output(pesign_context *ctx) - - addr = pe_rawfile(ctx->inpe, &size); - -- ftruncate(ctx->outfd, size); -+ if (ftruncate(ctx->outfd, size) != 0) { -+ fprintf(stderr, "pesign: could not truncate output file: %m\n"); -+ exit(1); -+ } - lseek(ctx->outfd, 0, SEEK_SET); -- write(ctx->outfd, addr, size); -+ if ((size_t)write(ctx->outfd, addr, size) != size) { -+ fprintf(stderr, "pesign: could not write output file: %m\n"); -+ exit(1); -+ } - - Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; - ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); -Index: pesign-0.111/src/signed_data.c -=================================================================== ---- pesign-0.111.orig/src/signed_data.c -+++ pesign-0.111/src/signed_data.c -@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm - SpcSignerInfo **signerInfo_list; - int err, rc; - -+ err = 0; - if (!signerInfo_list_p) - return -1; - diff --git a/pesign-privkey_unneeded.diff b/pesign-privkey_unneeded.diff index c356292..26ee8c3 100644 --- a/pesign-privkey_unneeded.diff +++ b/pesign-privkey_unneeded.diff @@ -4,11 +4,11 @@ src/pesign.c | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) -Index: pesign-0.111/src/cms_common.c +Index: pesign-113/src/cms_common.c =================================================================== ---- pesign-0.111.orig/src/cms_common.c -+++ pesign-0.111/src/cms_common.c -@@ -280,6 +280,7 @@ struct cbdata { +--- pesign-113.orig/src/cms_common.c ++++ pesign-113/src/cms_common.c +@@ -282,6 +282,7 @@ struct cbdata { CERTCertificate *cert; PK11SlotListElement *psle; secuPWData *pwdata; @@ -16,7 +16,7 @@ Index: pesign-0.111/src/cms_common.c }; static SECStatus -@@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi +@@ -293,6 +294,12 @@ is_valid_cert(CERTCertificate *cert, voi void *pwdata = cbdata->pwdata; SECKEYPrivateKey *privkey = NULL; @@ -29,7 +29,7 @@ Index: pesign-0.111/src/cms_common.c privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); if (privkey != NULL) { cbdata->cert = cert; -@@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n +@@ -423,7 +430,7 @@ find_certificate(cms_context *cms, int n } SECStatus status; @@ -38,7 +38,7 @@ Index: pesign-0.111/src/cms_common.c status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { PK11_DestroySlotListElement(slots, &psle); -@@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n +@@ -452,6 +459,7 @@ find_certificate(cms_context *cms, int n .cert = NULL, .psle = psle, .pwdata = pwdata, @@ -46,7 +46,7 @@ Index: pesign-0.111/src/cms_common.c }; if (needs_private_key) { -@@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms, +@@ -572,7 +580,7 @@ find_named_certificate(cms_context *cms, } SECStatus status; @@ -55,11 +55,11 @@ Index: pesign-0.111/src/cms_common.c status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { PK11_DestroySlotListElement(slots, &psle); -Index: pesign-0.111/src/cms_common.h +Index: pesign-113/src/cms_common.h =================================================================== ---- pesign-0.111.orig/src/cms_common.h -+++ pesign-0.111/src/cms_common.h -@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct +--- pesign-113.orig/src/cms_common.h ++++ pesign-113/src/cms_common.h +@@ -62,6 +62,7 @@ typedef int (*cms_common_logger)(struct typedef struct cms_context { PRArenaPool *arena; void *privkey; @@ -67,11 +67,11 @@ Index: pesign-0.111/src/cms_common.h char *tokenname; char *certname; -Index: pesign-0.111/src/pesign.c +Index: pesign-113/src/file_pe.c =================================================================== ---- pesign-0.111.orig/src/pesign.c -+++ pesign-0.111/src/pesign.c -@@ -651,6 +651,7 @@ main(int argc, char *argv[]) +--- pesign-113.orig/src/file_pe.c ++++ pesign-113/src/file_pe.c +@@ -354,6 +354,7 @@ pe_handle_action(pesign_context *ctxp, i */ case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: check_inputs(ctxp); diff --git a/pesign-run.patch b/pesign-run.patch index 22cccc4..f16457c 100644 --- a/pesign-run.patch +++ b/pesign-run.patch @@ -6,11 +6,11 @@ src/tmpfiles.conf | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) -Index: pesign-0.112/src/Makefile +Index: pesign-113/src/Makefile =================================================================== ---- pesign-0.112.orig/src/Makefile -+++ pesign-0.112/src/Makefile -@@ -68,7 +68,7 @@ install_sysvinit: pesign.sysvinit +--- pesign-113.orig/src/Makefile ++++ pesign-113/src/Makefile +@@ -73,7 +73,7 @@ install_sysvinit: pesign.sysvinit install : $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/ @@ -19,11 +19,11 @@ Index: pesign-0.112/src/Makefile $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir) $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir) $(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir) -Index: pesign-0.112/src/daemon.h +Index: pesign-113/src/daemon.h =================================================================== ---- pesign-0.112.orig/src/daemon.h -+++ pesign-0.112/src/daemon.h -@@ -49,7 +49,7 @@ typedef enum { +--- pesign-113.orig/src/daemon.h ++++ pesign-113/src/daemon.h +@@ -49,8 +49,8 @@ typedef enum { } pesignd_cmd; #define PESIGND_VERSION 0x2a9edaf0 @@ -32,31 +32,32 @@ Index: pesign-0.112/src/daemon.h +#define SOCKPATH "/run/pesign/socket" +#define PIDFILE "/run/pesign.pid" - #endif /* DAEMON_H */ -Index: pesign-0.112/src/macros.pesign + static inline uint32_t UNUSED + pesignd_string_size(char *buffer) +Index: pesign-113/src/macros.pesign =================================================================== ---- pesign-0.112.orig/src/macros.pesign -+++ pesign-0.112/src/macros.pesign -@@ -40,7 +40,7 @@ - %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\ - --certdir ${nss} -c signer %{-o} \ - rm -rf ${sattrs} ${sattrs}.sig ${nss} \ +--- pesign-113.orig/src/macros.pesign ++++ pesign-113/src/macros.pesign +@@ -52,7 +52,7 @@ + getfacl /var/run/pesign 1>&2 \ + getfacl /var/run/pesign/socket 1>&2 \ + exit 1 \ - elif [ -S /var/run/pesign/socket ]; then \ + elif [ -S /run/pesign/socket ]; then \ - %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\ - -c "/CN=Fedora Secure Boot Signer" \\\ + %{_pesign_client} -t %{__pesign_client_token} \\\ + -c %{__pesign_client_cert} \\\ %{-i} %{-o} %{-e} %{-s} %{-C} \ -Index: pesign-0.112/src/tmpfiles.conf +Index: pesign-113/src/tmpfiles.conf =================================================================== ---- pesign-0.112.orig/src/tmpfiles.conf -+++ pesign-0.112/src/tmpfiles.conf +--- pesign-113.orig/src/tmpfiles.conf ++++ pesign-113/src/tmpfiles.conf @@ -1 +1 @@ -D /var/run/pesign 0770 pesign pesign - +D /run/pesign 0770 pesign pesign - -Index: pesign-0.112/src/pesign.sysvinit.in +Index: pesign-113/src/pesign.sysvinit.in =================================================================== ---- pesign-0.112.orig/src/pesign.sysvinit.in -+++ pesign-0.112/src/pesign.sysvinit.in +--- pesign-113.orig/src/pesign.sysvinit.in ++++ pesign-113/src/pesign.sysvinit.in @@ -4,7 +4,7 @@ # # chkconfig: - 50 50 @@ -66,54 +67,28 @@ Index: pesign-0.112/src/pesign.sysvinit.in ### BEGIN INIT INFO # Provides: pesign # Should-Start: $remote_fs -Index: pesign-0.112/src/pesign.service.in +Index: pesign-113/src/pesign.service.in =================================================================== ---- pesign-0.112.orig/src/pesign.service.in -+++ pesign-0.112/src/pesign.service.in -@@ -4,7 +4,7 @@ Description=Pesign signing daemon +--- pesign-113.orig/src/pesign.service.in ++++ pesign-113/src/pesign.service.in +@@ -4,6 +4,6 @@ Description=Pesign signing daemon [Service] PrivateTmp=true Type=forking -PIDFile=/var/run/pesign.pid +PIDFile=/run/pesign.pid ExecStart=/usr/bin/pesign --daemonize - ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users - ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups -Index: pesign-0.112/src/pesign-authorize-groups + ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize +Index: pesign-113/src/pesign-authorize =================================================================== ---- pesign-0.112.orig/src/pesign-authorize-groups -+++ pesign-0.112/src/pesign-authorize-groups -@@ -12,10 +12,10 @@ set -e +--- pesign-113.orig/src/pesign-authorize ++++ pesign-113/src/pesign-authorize +@@ -47,7 +47,7 @@ update_subdir() { + done + } - if [ -r /etc/pesign/groups ]; then - for group in $(cat /etc/pesign/groups); do -- if [ -d /var/run/pesign ]; then -- setfacl -m g:${group}:rx /var/run/pesign -- if [ -e /var/run/pesign/socket ]; then -- setfacl -m g:${group}:rw /var/run/pesign/socket -+ if [ -d /run/pesign ]; then -+ setfacl -m g:${group}:rx /run/pesign -+ if [ -e /run/pesign/socket ]; then -+ setfacl -m g:${group}:rw /run/pesign/socket - fi - fi - for x in /etc/pki/pesign* ; do -Index: pesign-0.112/src/pesign-authorize-users -=================================================================== ---- pesign-0.112.orig/src/pesign-authorize-users -+++ pesign-0.112/src/pesign-authorize-users -@@ -12,10 +12,10 @@ set -e - - if [ -r /etc/pesign/users ]; then - for username in $(cat /etc/pesign/users); do -- if [ -d /var/run/pesign ]; then -- setfacl -m g:${username}:rx /var/run/pesign -- if [ -e /var/run/pesign/socket ]; then -- setfacl -m g:${username}:rw /var/run/pesign/socket -+ if [ -d /run/pesign ]; then -+ setfacl -m g:${username}:rx /run/pesign -+ if [ -e /run/pesign/socket ]; then -+ setfacl -m g:${username}:rw /run/pesign/socket - fi - fi - for x in /etc/pki/pesign* ; do +-for x in /var/run/pesign/ /etc/pki/pesign*/ ; do ++for x in /run/pesign/ /etc/pki/pesign*/ ; do + if [ -d "${x}" ]; then + update_subdir "${x}" + else diff --git a/pesign-suse-build.patch b/pesign-suse-build.patch index 37a6df6..2a29ccc 100644 --- a/pesign-suse-build.patch +++ b/pesign-suse-build.patch @@ -1,7 +1,7 @@ -Index: pesign-0.112/util/Makefile +Index: pesign-113/util/Makefile =================================================================== ---- pesign-0.112.orig/util/Makefile -+++ pesign-0.112/util/Makefile +--- pesign-113.orig/util/Makefile ++++ pesign-113/util/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules include $(TOPDIR)/Make.defaults @@ -22,11 +22,11 @@ Index: pesign-0.112/util/Makefile install_systemd: -Index: pesign-0.112/src/pesign.sysvinit.in +Index: pesign-113/src/pesign.sysvinit.in =================================================================== ---- pesign-0.112.orig/src/pesign.sysvinit.in -+++ pesign-0.112/src/pesign.sysvinit.in -@@ -6,21 +6,24 @@ +--- pesign-113.orig/src/pesign.sysvinit.in ++++ pesign-113/src/pesign.sysvinit.in +@@ -6,16 +6,19 @@ # processname: /usr/bin/pesign # pidfile: /var/run/pesign.pid ### BEGIN INIT INFO @@ -50,13 +50,16 @@ Index: pesign-0.112/src/pesign.sysvinit.in RETVAL=0 start(){ - echo -n "Starting pesign: " +@@ -23,7 +26,7 @@ start(){ + mkdir /var/run/pesign 2>/dev/null && + chown pesign:pesign /var/run/pesign && + chmod 0770 /var/run/pesign - daemon /usr/bin/pesign --daemonize + startproc -f -p "$PESIGN_PIDFILE" /usr/bin/pesign --daemonize RETVAL=$? echo touch /var/lock/subsys/pesign -@@ -30,7 +33,7 @@ start(){ +@@ -32,7 +35,7 @@ start(){ stop(){ echo -n "Stopping pesign: " @@ -65,24 +68,24 @@ Index: pesign-0.112/src/pesign.sysvinit.in RETVAL=$? echo rm -f /var/lock/subsys/pesign -Index: pesign-0.112/Make.defaults +Index: pesign-113/Make.defaults =================================================================== ---- pesign-0.112.orig/Make.defaults -+++ pesign-0.112/Make.defaults -@@ -57,7 +57,7 @@ efi_cflags = $(cflags) - ASFLAGS = $(ARCH3264) - CPPFLAGS ?= +--- pesign-113.orig/Make.defaults ++++ pesign-113/Make.defaults +@@ -61,7 +61,7 @@ CPPFLAGS ?= + RANLIBFLAGS := $(if $(filter $(CC),gcc),-D) + ARFLAGS := $(if $(filter $(CC),gcc),-Dcvqs)$(if $(filter $(CC),clang),-cqvs) -LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs) +LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs) ifeq ($(ARCH),ia64) efi_cflags += -mfixed-range=f32-f127 -Index: pesign-0.112/Makefile +Index: pesign-113/Makefile =================================================================== ---- pesign-0.112.orig/Makefile -+++ pesign-0.112/Makefile -@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src +--- pesign-113.orig/Makefile ++++ pesign-113/Makefile +@@ -11,7 +11,6 @@ SUBDIRS := include libdpe src install : $(INSTALL) -d -m 755 $(INSTALLROOT)$(docdir)/pesign-$(VERSION)/ diff --git a/pesign.changes b/pesign.changes index f6a382e..879aca4 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,7 +1,31 @@ +------------------------------------------------------------------- +Mon May 13 03:57:30 UTC 2019 - Gary Ching-Pang Lin + +- Update to 113 + + Get rid of the 0.Y versioning + + Make --padding the default + + Add kmod signing (drake) + + efisiglist format fixes + + enforce the use of --kernel or --module in efikeygen + + RPM macro updates + + Move the license to GPLv3+ + + Use sql-type NSS database by default + + Various documentation improvements. + + Improve /etc/pki/pesign authorization scripts + + Various pesigcheck improvements +- Refresh patches + + pesign-suse-build.patch + + pesign-privkey_unneeded.diff + + pesign-fix-authvar-write-loop.patch +- Drop upstreamed patches + + pesign-fix-argument-list.patch + + pesign-bsc1087742-fix-efisiglist.patch +- Drop pesign-fix-build-errors.patch since those warnings are gone + ------------------------------------------------------------------- Thu May 9 12:25:31 UTC 2019 - Guillaume GARDET -- Enable build on %arm as we can sign kernel on %arm +- Enable build on %arm as we can sign kernel on %arm (boo#1134670) ------------------------------------------------------------------- Fri Apr 26 11:12:46 UTC 2019 - mvetter@suse.com diff --git a/pesign.spec b/pesign.spec index 967a5ba..f7234cd 100644 --- a/pesign.spec +++ b/pesign.spec @@ -17,27 +17,21 @@ Name: pesign -Version: 0.112 +Version: 113 Release: 0 Summary: Signing tool for PE-COFF binaries -License: GPL-2.0-only +License: GPL-3.0-or-later Group: Productivity/Security Url: https://github.com/rhinstaller/pesign Source: https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2 # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch -# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings -Patch2: pesign-fix-build-errors.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature -Patch3: pesign-privkey_unneeded.diff +Patch2: pesign-privkey_unneeded.diff # PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run -Patch5: pesign-run.patch +Patch3: pesign-run.patch # PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar -Patch6: pesign-fix-authvar-write-loop.patch -# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch glin@suse.com -- Fix the argument list parsing -Patch7: pesign-fix-argument-list.patch -# PATCH-FIX-UPSTREAM bsc#1087742 pesign-bsc1087742-fix-efisiglist.patch glin@suse.com -- Fix efi signature list generation -Patch8: pesign-bsc1087742-fix-efisiglist.patch +Patch4: pesign-fix-authvar-write-loop.patch BuildRequires: efivar-devel BuildRequires: libuuid-devel BuildRequires: mozilla-nss-devel @@ -57,10 +51,7 @@ with the PE and Authenticode specifications. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%patch4 -p1 %build make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" @@ -96,7 +87,7 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || : %files %defattr(-,root,root) -%doc COPYING +%license COPYING %{_bindir}/pesign %{_bindir}/pesign-client %{_bindir}/efikeygen @@ -115,7 +106,7 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || : %{_unitdir}/pesign.service %{_libexecdir}/tmpfiles.d/pesign.conf %dir %{_libexecdir}/pesign -%{_libexecdir}/pesign/pesign-authorize-* +%{_libexecdir}/pesign/pesign-authorize %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %ghost %dir %attr(0770,pesign,pesign) /run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}