RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/mokutil#6e12ac266289af7febf911f877fb6664ae685419
2020-10-15 19:58:54 +02:00 · 2020-10-15 19:58:54 +02:00 · 00218da60b
commit 00218da60b
parent bd6eac6211
5 changed files with 275 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,5 @@
+*.tar.*
+clog
+*.rpm
+.build*.log
+mokutil-*/
--- a/0001-Avoid-taking-pointer-to-packed-struct.patch
+++ b/0001-Avoid-taking-pointer-to-packed-struct.patch
@ -0,0 +1,117 @@
+From 19e8c9071b3d9306ca7b7329b313b31f86c2936d Mon Sep 17 00:00:00 2001
+From: Harry Youd <harry@harryyoud.co.uk>
+Date: Wed, 31 Jul 2019 19:44:53 +0100
+Subject: [PATCH] Avoid taking pointer to packed struct
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes:
+error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
+---
+ src/mokutil.c | 38 ++++++++++++++++++++++----------------
+ 1 file changed, 22 insertions(+), 16 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index e2d567d..8892613 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -270,20 +270,22 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
+ 			return NULL;
+ 		}
+ 
+-		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha1) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha224) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha256) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha384) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha512) != 0)) {
+		efi_guid_t sigtype = CertList->SignatureType;
+
+		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
+		    (efi_guid_cmp (&sigtype, &efi_guid_sha1) != 0) &&
+		    (efi_guid_cmp (&sigtype, &efi_guid_sha224) != 0) &&
+		    (efi_guid_cmp (&sigtype, &efi_guid_sha256) != 0) &&
+		    (efi_guid_cmp (&sigtype, &efi_guid_sha384) != 0) &&
+		    (efi_guid_cmp (&sigtype, &efi_guid_sha512) != 0)) {
+ 			dbsize -= CertList->SignatureListSize;
+ 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
+ 						  CertList->SignatureListSize);
+ 			continue;
+ 		}
+ 
+-		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
+-		    (CertList->SignatureSize != signature_size (&CertList->SignatureType))) {
+		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
+		    (CertList->SignatureSize != signature_size (&sigtype))) {
+ 			dbsize -= CertList->SignatureListSize;
+ 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
+ 						  CertList->SignatureListSize);
+@@ -312,7 +314,7 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
+ 		}
+ 
+ 		list[count].header = CertList;
+-		if (efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) == 0) {
+		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
+ 			/* X509 certificate */
+ 			list[count].mok_size = CertList->SignatureSize -
+ 					       sizeof(efi_guid_t);
+@@ -442,10 +444,11 @@ list_keys (uint8_t *data, size_t data_size)
+ 
+ 	for (unsigned int i = 0; i < mok_num; i++) {
+ 		printf ("[key %d]\n", i+1);
+-		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) == 0) {
+		efi_guid_t sigtype = list[i].header->SignatureType;
+		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
+ 			print_x509 ((char *)list[i].mok, list[i].mok_size);
+ 		} else {
+-			print_hash_array (&list[i].header->SignatureType,
+			print_hash_array (&sigtype,
+ 					  list[i].mok, list[i].mok_size);
+ 		}
+ 		if (i < mok_num - 1)
+@@ -523,7 +526,8 @@ delete_data_from_list (const efi_guid_t *var_guid, const char *var_name,
+ 	remain = total;
+ 	for (unsigned int i = 0; i < mok_num; i++) {
+ 		remain -= list[i].header->SignatureListSize;
+-		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
+		efi_guid_t sigtype = list[i].header->SignatureType;
+		if (efi_guid_cmp (&sigtype, type) != 0)
+ 			continue;
+ 
+ 		sig_list_size = list[i].header->SignatureListSize;
+@@ -1057,7 +1061,8 @@ is_duplicate (const efi_guid_t *type, const void *data, const uint32_t data_size
+ 	}
+ 
+ 	for (unsigned int i = 0; i < node_num; i++) {
+-		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
+		efi_guid_t sigtype = list[i].header->SignatureType;
+		if (efi_guid_cmp (&sigtype, type) != 0)
+ 			continue;
+ 
+ 		if (efi_guid_cmp (type, &efi_guid_x509_cert) == 0) {
+@@ -1510,8 +1515,8 @@ issue_hash_request (const char *hash_str, MokRequest req,
+ 			goto error;
+ 		/* Check if there is a signature list with the same type */
+ 		for (unsigned int i = 0; i < mok_num; i++) {
+-			if (efi_guid_cmp (&mok_list[i].header->SignatureType,
+-					 &hash_type) == 0) {
+			efi_guid_t sigtype = mok_list[i].header->SignatureType;
+			if (efi_guid_cmp (&sigtype, &hash_type) == 0) {
+ 				merge_ind = i;
+ 				list_size -= sizeof(EFI_SIGNATURE_LIST);
+ 				break;
+@@ -1678,8 +1683,9 @@ export_db_keys (const DBName db_name)
+ 	for (unsigned i = 0; i < mok_num; i++) {
+ 		off_t offset = 0;
+ 		ssize_t write_size;
+		efi_guid_t sigtype = list[i].header->SignatureType;
+ 
+-		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) != 0)
+		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0)
+ 			continue;
+ 
+ 		/* Dump X509 certificate to files */
+-- 
+2.21.0
+
--- a/0002-Fix-a-integer-comparison-sign-issue.patch
+++ b/0002-Fix-a-integer-comparison-sign-issue.patch
@ -0,0 +1,33 @@
+From 9292352eb29a4fca41909448799efc524ee3c255 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 25 Jul 2018 10:27:34 -0400
+Subject: [PATCH] Fix a integer comparison sign issue.
+
+I introduced this, and it's stupid:
+
+mokutil.c: In function 'generate_pw_hash':
+mokutil.c:1971:16: error: comparison of integer expressions of different signedness: 'unsigned int' and 'int' [-Werror=sign-compare]
+  if (salt_size > settings_len - (next - settings)) {
+                ^
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ src/mokutil.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index d03127abf54..068df0d109c 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -1938,7 +1938,7 @@ generate_pw_hash (const char *input_pw)
+ 	char *password = NULL;
+ 	char *crypt_string;
+ 	const char *prefix;
+-	int settings_len = sizeof (settings) - 2;
+	unsigned int settings_len = sizeof (settings) - 2;
+ 	unsigned int pw_len, salt_size;
+ 
+ 	if (input_pw) {
+-- 
+2.23.0
+
--- a/mokutil.spec
+++ b/mokutil.spec
@ -0,0 +1,119 @@
+Name:           mokutil
+Version:        0.4.0
+Release:        2%{?dist}
+Epoch:          2
+Summary:        Tool to manage UEFI Secure Boot MoK Keys
+License:        GPLv3+
+URL:            https://github.com/lcp/mokutil
+ExclusiveArch:  %{ix86} x86_64 aarch64
+BuildRequires:  gcc
+BuildRequires:  autoconf automake gnu-efi git openssl-devel openssl
+BuildRequires:  efivar-devel >= 31-1
+Source0:        https://github.com/lcp/mokutil/archive/%{version}.tar.gz
+Conflicts:      shim < 0.8-1%{?dist}
+Obsoletes:      mokutil < 0.2.0
+
+Patch0001: 0001-Avoid-taking-pointer-to-packed-struct.patch
+Patch0002: 0002-Fix-a-integer-comparison-sign-issue.patch
+
+%description
+mokutil provides a tool to manage keys for Secure Boot through the MoK
+("Machine's Own Keys") mechanism.
+
+%prep
+%setup -q -n %{name}-%{version}
+git init
+git config user.email "%{name}-owner@fedoraproject.org"
+git config user.name "Fedora Ninjas"
+git add .
+git commit -a -q -m "%{version} baseline."
+git am %{patches} </dev/null
+git config --unset user.email
+git config --unset user.name
+
+%build
+./autogen.sh
+%configure
+make %{?_smp_mflags}
+
+%install
+rm -rf %{buildroot}
+make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc README
+%{_bindir}/mokutil
+%{_mandir}/man1/*
+%{_datadir}/bash-completion/completions/mokutil
+
+%changelog
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.4.0-1
+- Update to 0.4.0 release
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.3.0-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Nov 12 2019 Peter Jones <pjones@redhat.com> - 0.3.0-14
+- Pull one more upstream patch to keep this in sync with the f31 build.
+
+* Thu Oct 24 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:0.3.0-14
+- Apply upstream commits to fix FTBFS
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-11
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-8
+- Rebuilt for switch to libxcrypt
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Jul 08 2017 Peter Jones <pjones@redhat.com> - 0.3.0-5
+- Rebuild for efivar-31-1.fc26
+  Related: rhbz#1468841
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Aug 17 2016 Peter Jones <pjones@redhat.com> - 0.3.0-3
+- Rebuild for newer efivar again.
+
+* Wed Aug 10 2016 Peter Jones <pjones@redhat.com> - 0.3.0-2
+- Update for newer efivar.
+
+* Tue Jun 14 2016 Peter Jones <pjones@redhat.com> - 0.3.0-1
+- Update to 0.3.0 release.
+  Resolves: rhbz#1334628
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:0.2.0-2
+- Rebuilt for Fedora 23 Change
+  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Mon Oct 06 2014 Peter Jones <pjones@redhat.com> - 0.2.0-1
+- First independent package.
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (0.4.0.tar.gz) = 1caa4242fda51f73b5e1a97ad38d9235cee5e5dad72e3e40c9e44a20c76cd5397e299693733e4d52e3b05b0272a30732d8c3ea86403739cbc6545de16c1a2dd0
				`@ -0,0 +1 @@`
				`SHA512 (0.4.0.tar.gz) = 1caa4242fda51f73b5e1a97ad38d9235cee5e5dad72e3e40c9e44a20c76cd5397e299693733e4d52e3b05b0272a30732d8c3ea86403739cbc6545de16c1a2dd0`