From bfa02b50f9bbb60c3b04f159864aa4a87b0020e2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 30 Nov 2015 15:34:35 -0500 Subject: [PATCH 5/5] Do a better job of isolating pesign-rh-test-crap --- src/Makefile | 1 + src/macros.pesign | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index af3fd07..1822d3f 100644 --- a/src/Makefile +++ b/src/Makefile @@ -65,6 +65,7 @@ install_sysvinit: pesign.sysvinit install : $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ + $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/ $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/ $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir) $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir) diff --git a/src/macros.pesign b/src/macros.pesign index 39374ce..9644940 100644 --- a/src/macros.pesign +++ b/src/macros.pesign @@ -7,7 +7,7 @@ # And magically get the right thing. %__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"} -%__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"} +%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"} %_pesign /usr/bin/pesign %_pesign_client /usr/bin/pesign-client @@ -21,6 +21,10 @@ # -a # rhel only # -s # perform signing %pesign(i:o:C:e:c:n:a:s) \ + _pesign_nssdir=/etc/pki/pesign \ + if [ %{__pesign_cert} = "Red Hat Test Certificate" ]; then \ + _pesign_nssdir=/etc/pki/pesign-rh-test \ + fi \ if [ -x %{_pesign} ] && \\\ [ "%{_target_cpu}" == "x86_64" -o \\\ "%{_target_cpu}" == "aarch64" ]; then \ @@ -39,9 +43,10 @@ elif [ -S /var/run/pesign/socket ]; then \ %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\ -c "/CN=Fedora Secure Boot Signer" \\\ %{-i} %{-o} %{-e} %{-s} %{-C} \ else \ - %{_pesign} %{__pesign_token} %{__pesign_cert} \\\ + %{_pesign} %{__pesign_token} -c %{__pesign_cert} \\\ + --certdir ${_pesign_nssdir} \\\ %{-i} %{-o} %{-e} %{-s} %{-C} \ fi \ else \ -- 2.5.0