RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/mokutil#6e12ac266289af7febf911f877fb6664ae685419
This commit is contained in:
parent
bd6eac6211
commit
00218da60b
5
.gitignore
vendored
5
.gitignore
vendored
@ -0,0 +1,5 @@
|
|||||||
|
*.tar.*
|
||||||
|
clog
|
||||||
|
*.rpm
|
||||||
|
.build*.log
|
||||||
|
mokutil-*/
|
117
0001-Avoid-taking-pointer-to-packed-struct.patch
Normal file
117
0001-Avoid-taking-pointer-to-packed-struct.patch
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
From 19e8c9071b3d9306ca7b7329b313b31f86c2936d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Harry Youd <harry@harryyoud.co.uk>
|
||||||
|
Date: Wed, 31 Jul 2019 19:44:53 +0100
|
||||||
|
Subject: [PATCH] Avoid taking pointer to packed struct
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
|
||||||
|
---
|
||||||
|
src/mokutil.c | 38 ++++++++++++++++++++++----------------
|
||||||
|
1 file changed, 22 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
||||||
|
index e2d567d..8892613 100644
|
||||||
|
--- a/src/mokutil.c
|
||||||
|
+++ b/src/mokutil.c
|
||||||
|
@@ -270,20 +270,22 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
|
||||||
|
- (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha1) != 0) &&
|
||||||
|
- (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha224) != 0) &&
|
||||||
|
- (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha256) != 0) &&
|
||||||
|
- (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha384) != 0) &&
|
||||||
|
- (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha512) != 0)) {
|
||||||
|
+ efi_guid_t sigtype = CertList->SignatureType;
|
||||||
|
+
|
||||||
|
+ if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
|
||||||
|
+ (efi_guid_cmp (&sigtype, &efi_guid_sha1) != 0) &&
|
||||||
|
+ (efi_guid_cmp (&sigtype, &efi_guid_sha224) != 0) &&
|
||||||
|
+ (efi_guid_cmp (&sigtype, &efi_guid_sha256) != 0) &&
|
||||||
|
+ (efi_guid_cmp (&sigtype, &efi_guid_sha384) != 0) &&
|
||||||
|
+ (efi_guid_cmp (&sigtype, &efi_guid_sha512) != 0)) {
|
||||||
|
dbsize -= CertList->SignatureListSize;
|
||||||
|
CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
|
||||||
|
CertList->SignatureListSize);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
|
||||||
|
- (CertList->SignatureSize != signature_size (&CertList->SignatureType))) {
|
||||||
|
+ if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
|
||||||
|
+ (CertList->SignatureSize != signature_size (&sigtype))) {
|
||||||
|
dbsize -= CertList->SignatureListSize;
|
||||||
|
CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
|
||||||
|
CertList->SignatureListSize);
|
||||||
|
@@ -312,7 +314,7 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
|
||||||
|
}
|
||||||
|
|
||||||
|
list[count].header = CertList;
|
||||||
|
- if (efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) == 0) {
|
||||||
|
+ if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
|
||||||
|
/* X509 certificate */
|
||||||
|
list[count].mok_size = CertList->SignatureSize -
|
||||||
|
sizeof(efi_guid_t);
|
||||||
|
@@ -442,10 +444,11 @@ list_keys (uint8_t *data, size_t data_size)
|
||||||
|
|
||||||
|
for (unsigned int i = 0; i < mok_num; i++) {
|
||||||
|
printf ("[key %d]\n", i+1);
|
||||||
|
- if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) == 0) {
|
||||||
|
+ efi_guid_t sigtype = list[i].header->SignatureType;
|
||||||
|
+ if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
|
||||||
|
print_x509 ((char *)list[i].mok, list[i].mok_size);
|
||||||
|
} else {
|
||||||
|
- print_hash_array (&list[i].header->SignatureType,
|
||||||
|
+ print_hash_array (&sigtype,
|
||||||
|
list[i].mok, list[i].mok_size);
|
||||||
|
}
|
||||||
|
if (i < mok_num - 1)
|
||||||
|
@@ -523,7 +526,8 @@ delete_data_from_list (const efi_guid_t *var_guid, const char *var_name,
|
||||||
|
remain = total;
|
||||||
|
for (unsigned int i = 0; i < mok_num; i++) {
|
||||||
|
remain -= list[i].header->SignatureListSize;
|
||||||
|
- if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
|
||||||
|
+ efi_guid_t sigtype = list[i].header->SignatureType;
|
||||||
|
+ if (efi_guid_cmp (&sigtype, type) != 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
sig_list_size = list[i].header->SignatureListSize;
|
||||||
|
@@ -1057,7 +1061,8 @@ is_duplicate (const efi_guid_t *type, const void *data, const uint32_t data_size
|
||||||
|
}
|
||||||
|
|
||||||
|
for (unsigned int i = 0; i < node_num; i++) {
|
||||||
|
- if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
|
||||||
|
+ efi_guid_t sigtype = list[i].header->SignatureType;
|
||||||
|
+ if (efi_guid_cmp (&sigtype, type) != 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (efi_guid_cmp (type, &efi_guid_x509_cert) == 0) {
|
||||||
|
@@ -1510,8 +1515,8 @@ issue_hash_request (const char *hash_str, MokRequest req,
|
||||||
|
goto error;
|
||||||
|
/* Check if there is a signature list with the same type */
|
||||||
|
for (unsigned int i = 0; i < mok_num; i++) {
|
||||||
|
- if (efi_guid_cmp (&mok_list[i].header->SignatureType,
|
||||||
|
- &hash_type) == 0) {
|
||||||
|
+ efi_guid_t sigtype = mok_list[i].header->SignatureType;
|
||||||
|
+ if (efi_guid_cmp (&sigtype, &hash_type) == 0) {
|
||||||
|
merge_ind = i;
|
||||||
|
list_size -= sizeof(EFI_SIGNATURE_LIST);
|
||||||
|
break;
|
||||||
|
@@ -1678,8 +1683,9 @@ export_db_keys (const DBName db_name)
|
||||||
|
for (unsigned i = 0; i < mok_num; i++) {
|
||||||
|
off_t offset = 0;
|
||||||
|
ssize_t write_size;
|
||||||
|
+ efi_guid_t sigtype = list[i].header->SignatureType;
|
||||||
|
|
||||||
|
- if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) != 0)
|
||||||
|
+ if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
/* Dump X509 certificate to files */
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
33
0002-Fix-a-integer-comparison-sign-issue.patch
Normal file
33
0002-Fix-a-integer-comparison-sign-issue.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 9292352eb29a4fca41909448799efc524ee3c255 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Jones <pjones@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 10:27:34 -0400
|
||||||
|
Subject: [PATCH] Fix a integer comparison sign issue.
|
||||||
|
|
||||||
|
I introduced this, and it's stupid:
|
||||||
|
|
||||||
|
mokutil.c: In function 'generate_pw_hash':
|
||||||
|
mokutil.c:1971:16: error: comparison of integer expressions of different signedness: 'unsigned int' and 'int' [-Werror=sign-compare]
|
||||||
|
if (salt_size > settings_len - (next - settings)) {
|
||||||
|
^
|
||||||
|
|
||||||
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
|
---
|
||||||
|
src/mokutil.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
||||||
|
index d03127abf54..068df0d109c 100644
|
||||||
|
--- a/src/mokutil.c
|
||||||
|
+++ b/src/mokutil.c
|
||||||
|
@@ -1938,7 +1938,7 @@ generate_pw_hash (const char *input_pw)
|
||||||
|
char *password = NULL;
|
||||||
|
char *crypt_string;
|
||||||
|
const char *prefix;
|
||||||
|
- int settings_len = sizeof (settings) - 2;
|
||||||
|
+ unsigned int settings_len = sizeof (settings) - 2;
|
||||||
|
unsigned int pw_len, salt_size;
|
||||||
|
|
||||||
|
if (input_pw) {
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
119
mokutil.spec
Normal file
119
mokutil.spec
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
Name: mokutil
|
||||||
|
Version: 0.4.0
|
||||||
|
Release: 2%{?dist}
|
||||||
|
Epoch: 2
|
||||||
|
Summary: Tool to manage UEFI Secure Boot MoK Keys
|
||||||
|
License: GPLv3+
|
||||||
|
URL: https://github.com/lcp/mokutil
|
||||||
|
ExclusiveArch: %{ix86} x86_64 aarch64
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: autoconf automake gnu-efi git openssl-devel openssl
|
||||||
|
BuildRequires: efivar-devel >= 31-1
|
||||||
|
Source0: https://github.com/lcp/mokutil/archive/%{version}.tar.gz
|
||||||
|
Conflicts: shim < 0.8-1%{?dist}
|
||||||
|
Obsoletes: mokutil < 0.2.0
|
||||||
|
|
||||||
|
Patch0001: 0001-Avoid-taking-pointer-to-packed-struct.patch
|
||||||
|
Patch0002: 0002-Fix-a-integer-comparison-sign-issue.patch
|
||||||
|
|
||||||
|
%description
|
||||||
|
mokutil provides a tool to manage keys for Secure Boot through the MoK
|
||||||
|
("Machine's Own Keys") mechanism.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}-%{version}
|
||||||
|
git init
|
||||||
|
git config user.email "%{name}-owner@fedoraproject.org"
|
||||||
|
git config user.name "Fedora Ninjas"
|
||||||
|
git add .
|
||||||
|
git commit -a -q -m "%{version} baseline."
|
||||||
|
git am %{patches} </dev/null
|
||||||
|
git config --unset user.email
|
||||||
|
git config --unset user.name
|
||||||
|
|
||||||
|
%build
|
||||||
|
./autogen.sh
|
||||||
|
%configure
|
||||||
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
%license COPYING
|
||||||
|
%doc README
|
||||||
|
%{_bindir}/mokutil
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%{_datadir}/bash-completion/completions/mokutil
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.4.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.4.0-1
|
||||||
|
- Update to 0.4.0 release
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.3.0-15
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Nov 12 2019 Peter Jones <pjones@redhat.com> - 0.3.0-14
|
||||||
|
- Pull one more upstream patch to keep this in sync with the f31 build.
|
||||||
|
|
||||||
|
* Thu Oct 24 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:0.3.0-14
|
||||||
|
- Apply upstream commits to fix FTBFS
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-13
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-11
|
||||||
|
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-8
|
||||||
|
- Rebuilt for switch to libxcrypt
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 08 2017 Peter Jones <pjones@redhat.com> - 0.3.0-5
|
||||||
|
- Rebuild for efivar-31-1.fc26
|
||||||
|
Related: rhbz#1468841
|
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Aug 17 2016 Peter Jones <pjones@redhat.com> - 0.3.0-3
|
||||||
|
- Rebuild for newer efivar again.
|
||||||
|
|
||||||
|
* Wed Aug 10 2016 Peter Jones <pjones@redhat.com> - 0.3.0-2
|
||||||
|
- Update for newer efivar.
|
||||||
|
|
||||||
|
* Tue Jun 14 2016 Peter Jones <pjones@redhat.com> - 0.3.0-1
|
||||||
|
- Update to 0.3.0 release.
|
||||||
|
Resolves: rhbz#1334628
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.2.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.2.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:0.2.0-2
|
||||||
|
- Rebuilt for Fedora 23 Change
|
||||||
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
||||||
|
|
||||||
|
* Mon Oct 06 2014 Peter Jones <pjones@redhat.com> - 0.2.0-1
|
||||||
|
- First independent package.
|
Loading…
Reference in New Issue
Block a user