# # spec file for package pesign # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: pesign Version: 0.99 Release: 0 Summary: Signing tool for PE-COFF binaries License: GPL-2.0 Group: Productivity/Security Url: https://github.com/vathpela/pesign Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch glin@suse.com -- fixes from upstream Patch0: pesign-upstream-fixes.patch # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings Patch2: pesign-fix-build-errors.patch # PATCH-FIX-UPSTREAM pesign-client-initialize-action.patch glin@suse.com -- Initialize the actions variable Patch3: pesign-client-initialize-action.patch # PATCH-FIX-UPSTREAM pesign-client-read-pin-file.patch glin@suse.com -- Fix pin file reading error Patch4: pesign-client-read-pin-file.patch # PATCH-FIX-UPSTREAM pesign-local-database.patch glin@suse.com -- Support local certificate database Patch5: pesign-local-database.patch # PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch glin@suse.com -- Fix crash when freeing digests Patch7: pesign-bnc801653-teardown-segfault.patch # PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch glin@suse.com -- Fix crash when exporting attributes Patch9: pesign-fix-export-attributes.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature Patch10: pesign-privkey_unneeded.diff Patch11: pesign-no-set-image-size.patch # PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 glin@suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary. Patch12: pesign-bnc805166-fix-signature-list.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel %if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) %{?systemd_requires} %define has_systemd 1 %endif BuildRequires: pwdutils Requires: pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: ia64 %ix86 x86_64 %description Signing tool for PE-COFF binaries, hopefully at least vaguely compliant with the PE and Authenticode specifications. Authors: -------- Peter Jones %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch7 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" %install make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign mkdir -p $RPM_BUILD_ROOT%{_sbindir} %if 0%{?has_systemd} make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd ln -sf /sbin/service $RPM_BUILD_ROOT/%{_sbindir}/rcpesign %else make INSTALLROOT=%{buildroot} install_sysvinit ln -sf %{_sysconfdir}/init.d/pesign $RPM_BUILD_ROOT/%{_sbindir}/rcpesign %endif # there's some stuff that's not really meant to be shipped yet rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}%{_libdir}/libdpe* %clean %{?buildroot:%__rm -rf "%{buildroot}"} %pre getent group pesign >/dev/null || groupadd -r pesign getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign %if 0%{?has_systemd} %service_add_pre pesign.service %endif %preun %if 0%{?has_systemd} %service_del_preun pesign.service %else %stop_on_removal pesign %endif %post %if 0%{?has_systemd} %service_add_post pesign.service systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf %endif %postun %if 0%{?has_systemd} %service_del_preun pesign.service %else %restart_on_update pesign %insserv_cleanup %endif %files %defattr(-,root,root) %doc COPYING %{_bindir}/pesign %{_bindir}/pesign-client %dir %{_sysconfdir}/popt.d %config %{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/pki/ %config %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man?/* /var/lib/pesign %if 0%{?has_systemd} %{_unitdir}/pesign.service /usr/lib/tmpfiles.d/pesign.conf %else %{_sysconfdir}/init.d/pesign %endif %{_sbindir}/rcpesign %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} %changelog