diff --git a/.gitignore b/.gitignore index 4ed1124..e0f8a90 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /pesign-*.tar.bz2 clog /rh-test-certs.tar.bz2 +*.rpm diff --git a/0001-Don-t-set-SO_PASSCRED.patch b/0001-Don-t-set-SO_PASSCRED.patch deleted file mode 100644 index 4e31256..0000000 --- a/0001-Don-t-set-SO_PASSCRED.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c877f0187d337374960f02046800a313d2326848 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 29 May 2014 16:10:05 -0400 -Subject: [PATCH] Don't set SO_PASSCRED. - -It would appear that on recent kernels, setting SO_PASSCRED means you -always get SCM_CREDENTIALS control messages back instead of what -sendmsg() sent you, and SCM_RIGHTS works just fine without it. - -Signed-off-by: Peter Jones ---- - src/daemon.c | 10 +--------- - 1 file changed, 1 insertion(+), 9 deletions(-) - -diff --git a/src/daemon.c b/src/daemon.c -index 55c08c3..af3a2b6 100644 ---- a/src/daemon.c -+++ b/src/daemon.c -@@ -744,20 +744,12 @@ set_up_socket(context *ctx) - exit(1); - } - -- int one = 1; -- int rc = setsockopt(sd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); -- if (rc < 0) { -- ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, -- "unable to set socket options: %m"); -- exit(1); -- } -- - struct sockaddr_un addr_un = { - .sun_family = AF_UNIX, - .sun_path = SOCKPATH, - }; - -- rc = bind(sd, &addr_un, sizeof(addr_un)); -+ int rc = bind(sd, &addr_un, sizeof(addr_un)); - if (rc < 0) { - ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, - "unable to bind to \"%s\": %m", --- -1.9.0 - diff --git a/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch b/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch new file mode 100644 index 0000000..d7b526e --- /dev/null +++ b/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch @@ -0,0 +1,75 @@ +From fd52dc1631d46cdf4eac9053be7e2e7a19977df2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Oct 2014 16:26:26 -0400 +Subject: [PATCH 1/2] Make "make install_systemd" and "make install_sysvinit" + not error. + +Signed-off-by: Peter Jones +--- + include/Makefile | 4 ++++ + include/libdpe/Makefile | 4 ++++ + libdpe/Makefile | 4 ++++ + util/Makefile | 4 ++++ + 4 files changed, 16 insertions(+) + +diff --git a/include/Makefile b/include/Makefile +index 4314287..2b1f0ff 100644 +--- a/include/Makefile ++++ b/include/Makefile +@@ -16,6 +16,10 @@ clean : + install : + @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done + ++install_systemd: ++ ++install_sysvinit: ++ + .PHONY: all $(SUBDIRS) clean install + + include $(TOPDIR)/Make.rules +diff --git a/include/libdpe/Makefile b/include/libdpe/Makefile +index f8a1e2c..f94001e 100644 +--- a/include/libdpe/Makefile ++++ b/include/libdpe/Makefile +@@ -13,4 +13,8 @@ install: + $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/ + $(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/ + ++install_systemd: ++ ++install_sysvinit: ++ + include $(TOPDIR)/Make.rules +diff --git a/libdpe/Makefile b/libdpe/Makefile +index a8b0c26..b94379c 100644 +--- a/libdpe/Makefile ++++ b/libdpe/Makefile +@@ -37,6 +37,10 @@ install : + $(INSTALL) -m 755 $$x $(INSTALLROOT)$(LIBDIR) ; \ + done + ++install_systemd: ++ ++install_sysvinit: ++ + .PHONY: all clean install + + include $(TOPDIR)/Make.rules +diff --git a/util/Makefile b/util/Makefile +index ff11cb8..2f71b73 100644 +--- a/util/Makefile ++++ b/util/Makefile +@@ -20,6 +20,10 @@ install : + $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/ + $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/ + ++install_systemd: ++ ++install_sysvinit: ++ + .PHONY: all clean install + + include $(TOPDIR)/Make.efirules +-- +1.9.3 + diff --git a/0002-Install-authvar-and-efisiglist.patch b/0002-Install-authvar-and-efisiglist.patch new file mode 100644 index 0000000..de5993e --- /dev/null +++ b/0002-Install-authvar-and-efisiglist.patch @@ -0,0 +1,39 @@ +From 5a293fb24da9ee68f43bf94f08b07569d3556ce1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Oct 2014 16:29:19 -0400 +Subject: [PATCH 2/2] Install authvar and efisiglist + +Signed-off-by: Peter Jones +--- + src/Makefile | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index 4c86a2a..007505c 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -76,17 +76,19 @@ install : + $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ + $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/ + $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/ ++ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/ + $(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/ + $(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client + $(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/ +- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/ ++ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/ ++ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/ + $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/ + $(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/ + $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/ + $(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/ + $(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/ + $(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/ +- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/ ++ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/ + $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/ + $(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/ + +-- +1.9.3 + diff --git a/pesign.spec b/pesign.spec index b2a8186..09d6c27 100644 --- a/pesign.spec +++ b/pesign.spec @@ -1,7 +1,7 @@ Summary: Signing utility for UEFI binaries Name: pesign -Version: 0.108 -Release: 5%{?dist} +Version: 0.110 +Release: 1%{?dist} Group: Development/System License: GPLv2 URL: https://github.com/vathpela/pesign @@ -9,6 +9,7 @@ BuildRequires: git nspr nss nss-util popt-devel BuildRequires: coolkey opensc nss-tools BuildRequires: nspr-devel >= 4.9.2-1 BuildRequires: nss-devel >= 3.13.6-1 +BuildRequires: efivar-devel >= 0.14-1 Requires: nspr nss nss-util popt rpm coolkey opensc Requires(pre): shadow-utils ExclusiveArch: i686 x86_64 ia64 aarch64 @@ -16,12 +17,10 @@ ExclusiveArch: i686 x86_64 ia64 aarch64 BuildRequires: rh-signing-tools >= 1.20-2 %endif -# there is no tarball at github, of course. To get this version do: -# git clone https://github.com/vathpela/pesign.git -# git checkout %%{version} -Source0: pesign-%{version}.tar.bz2 +Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2 Source1: rh-test-certs.tar.bz2 -Patch0001: 0001-Don-t-set-SO_PASSCRED.patch +Patch0001: 0001-Make-make-install_systemd-and-make-install_sysvinit-.patch +Patch0002: 0002-Install-authvar-and-efisiglist.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -35,6 +34,8 @@ git config user.name "Fedora Ninjas" git add . git commit -a -q -m "%{version} baseline." git am %{patches} /dev/null || groupadd -r pesign getent passwd pesign >/dev/null || \ @@ -83,9 +81,12 @@ exit 0 %files %defattr(-,root,root,-) %doc README TODO COPYING +%{_bindir}/authvar +%{_bindir}/efikeygen +%{_bindir}/efisiglist +%{_bindir}/pesigcheck %{_bindir}/pesign %{_bindir}/pesign-client -%{_bindir}/efikeygen %{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man*/* diff --git a/sources b/sources index 02f3966..a137092 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 328db7cb27847cb610b7cf8f9c470455 rh-test-certs.tar.bz2 -1fb9f1362f8ec0eed97ed6218b9e94d4 pesign-0.108.tar.bz2 +a136d0b4fcbcb96b08e743368c31f83c pesign-0.110.tar.bz2