From bfa02b50f9bbb60c3b04f159864aa4a87b0020e2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 30 Nov 2015 15:34:35 -0500
Subject: [PATCH 5/5] Do a better job of isolating pesign-rh-test-crap
---
src/Makefile | 1 +
src/macros.pesign | 10 ++++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index af3fd07..1822d3f 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -65,6 +65,7 @@ install_sysvinit: pesign.sysvinit
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
+ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
diff --git a/src/macros.pesign b/src/macros.pesign
index 39374ce..9644940 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -7,7 +7,7 @@
# And magically get the right thing.
%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
-%__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"}
+%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
%_pesign /usr/bin/pesign
%_pesign_client /usr/bin/pesign-client
@@ -21,6 +21,10 @@
# -a <input ca cert filename> # rhel only
# -s # perform signing
%pesign(i:o:C:e:c:n:a:s) \
+ _pesign_nssdir=/etc/pki/pesign \
+ if [ %{__pesign_cert} = "Red Hat Test Certificate" ]; then \
+ _pesign_nssdir=/etc/pki/pesign-rh-test \
+ fi \
if [ -x %{_pesign} ] && \\\
[ "%{_target_cpu}" == "x86_64" -o \\\
"%{_target_cpu}" == "aarch64" ]; then \
@@ -39,9 +43,10 @@
elif [ -S /var/run/pesign/socket ]; then \
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
else \
- %{_pesign} %{__pesign_token} %{__pesign_cert} \\\
+ %{_pesign} %{__pesign_token} -c %{__pesign_cert} \\\
+ --certdir ${_pesign_nssdir} \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
fi \
else \
--
2.5.0