another test build
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones
parent
a74165d143
commit
15d1a5085d
@ -1,4 +1,4 @@
|
||||
From 853167a32574ce175c7de2ee730afc1a835191f4 Mon Sep 17 00:00:00 2001
|
||||
From 8499f7b340e4f6fbb5701db21fbabc25b8883c54 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 6 Jul 2020 13:54:35 -0400
|
||||
Subject: [PATCH 6/7] Move most of macros.pesign to pesign-rpmbuild-helper
|
||||
@ -6,9 +6,9 @@ Subject: [PATCH 6/7] Move most of macros.pesign to pesign-rpmbuild-helper
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/Makefile | 1 +
|
||||
src/macros.pesign | 72 +++++-------------
|
||||
src/pesign-rpmbuild-helper | 152 +++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 173 insertions(+), 52 deletions(-)
|
||||
src/macros.pesign | 73 +++++-------------
|
||||
src/pesign-rpmbuild-helper | 153 +++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 174 insertions(+), 53 deletions(-)
|
||||
create mode 100755 src/pesign-rpmbuild-helper
|
||||
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
@ -24,19 +24,23 @@ index 74327ba13f3..c9e9cc6cd1b 100644
|
||||
$(INSTALL) -m 600 pesign-users $(INSTALLROOT)/etc/pesign/users
|
||||
$(INSTALL) -m 600 pesign-groups $(INSTALLROOT)/etc/pesign/groups
|
||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||
index 5a6da1c6809..4caf0ba9c8d 100644
|
||||
index 5a6da1c6809..e3a0de9c2f4 100644
|
||||
--- a/src/macros.pesign
|
||||
+++ b/src/macros.pesign
|
||||
@@ -6,7 +6,7 @@
|
||||
@@ -6,10 +6,10 @@
|
||||
# %pesign -s -i shim.orig -o shim.efi
|
||||
# And magically get the right thing.
|
||||
|
||||
-%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
|
||||
+%__pesign_token %{nil}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||
+%__pesign_token %{nil}%{?pe_signing_token:--token "%{pe_signing_token}"}
|
||||
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
||||
|
||||
%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||
@@ -24,54 +24,22 @@
|
||||
-%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||
+%__pesign_client_token --token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||
%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
||||
|
||||
%_pesign /usr/bin/pesign
|
||||
@@ -24,54 +24,21 @@
|
||||
# -a <input ca cert filename> # rhel only
|
||||
# -s # perform signing
|
||||
%pesign(i:o:C:e:c:n:a:s) \
|
||||
@ -95,24 +99,23 @@ index 5a6da1c6809..4caf0ba9c8d 100644
|
||||
+ "%{_target_cpu}" \\\
|
||||
+ "%{_pesign}" \\\
|
||||
+ "%{_pesign_client}" \\\
|
||||
+ %{?__pesign_client_token?--client-token "%{__pesign_client_token}"} \\\
|
||||
+ %{?__pesign_client_cert?--client-cert "%{__pesign_client_cert}"} \\\
|
||||
+ %{?__pesign_token?--token "%{__pesign_token}"} \\\
|
||||
+ %{?__pesign_cert?--cert "%{__pesign_cert}"} \\\
|
||||
+ %{?__pesign_client_token:--client-token %{__pesign_client_token}} \\\
|
||||
+ %{?__pesign_client_cert:--client-cert %{__pesign_client_cert}} \\\
|
||||
+ %{?__pesign_token:%{__pesign_token}} \\\
|
||||
+ %{?-n:--cert "%{-n*}"}%{?!-n:--cert "%{__pesign_cert}"} \\\
|
||||
+ %{?_rhel:--rhelver "%{_rhel}"} \\\
|
||||
+ %{?-a*:--cafile "%{-a*}"} \\\
|
||||
+ %{?-c*:--certfile "%{-c*}"} \\\
|
||||
+ %{?-n*:--certname "%{-n*}"} \\\
|
||||
+ %{?-C*:--certout "%{-C*}"} \\\
|
||||
+ %{?-e*:--sattrout "%{-e*}"} \\\
|
||||
+ %{?-i*:--in "%{i*}"} \\\
|
||||
+ %{?-o*:--out "%{o*}"} \\\
|
||||
+ %{?-a:--cafile "%{-a*}"} \\\
|
||||
+ %{?-c:--certfile "%{-c*}"} \\\
|
||||
+ %{?-C:--certout "%{-C*}"} \\\
|
||||
+ %{?-e:--sattrout "%{-e*}"} \\\
|
||||
+ %{?-i:--in "%{-i*}"} \\\
|
||||
+ %{?-o:--out "%{-o*}"} \\\
|
||||
+ %{?-s:--sign} \\\
|
||||
+ ; \
|
||||
+%{nil}
|
||||
diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
|
||||
new file mode 100755
|
||||
index 00000000000..24514aa0b5d
|
||||
index 00000000000..fd385d1625d
|
||||
--- /dev/null
|
||||
+++ b/src/pesign-rpmbuild-helper
|
||||
@@ -0,0 +1,153 @@
|
||||
|
||||
@ -1,18 +1,19 @@
|
||||
From 7ca77cc1d498db72fd6ea6103defaf7d76f4e946 Mon Sep 17 00:00:00 2001
|
||||
From c98b16d890a1e4651b3683853acb69fedd5a10dd Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 6 Jul 2020 16:13:09 -0400
|
||||
Subject: [PATCH 7/7] client: try /run and /var/run for the socket path.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/client.c | 40 +++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 29 insertions(+), 11 deletions(-)
|
||||
src/client.c | 40 ++++++++++++++++++++--------
|
||||
src/pesign-rpmbuild-helper | 54 ++++++++++++++++++++++----------------
|
||||
2 files changed, 61 insertions(+), 33 deletions(-)
|
||||
|
||||
diff --git a/src/client.c b/src/client.c
|
||||
index 2119ef33bf8..a38383415d5 100644
|
||||
index a4f1d1dbbe7..0082be1f597 100644
|
||||
--- a/src/client.c
|
||||
+++ b/src/client.c
|
||||
@@ -49,24 +49,24 @@ print_flag_name(FILE *f, int flag)
|
||||
@@ -61,24 +61,24 @@ print_flag_name(FILE *f, int flag)
|
||||
}
|
||||
|
||||
static int
|
||||
@ -45,7 +46,7 @@ index 2119ef33bf8..a38383415d5 100644
|
||||
}
|
||||
|
||||
socklen_t len = strlen(addr_un.sun_path) +
|
||||
@@ -74,14 +74,32 @@ connect_to_server(void)
|
||||
@@ -86,14 +86,32 @@ connect_to_server(void)
|
||||
|
||||
rc = connect(sd, (struct sockaddr *)&addr_un, len);
|
||||
if (rc < 0) {
|
||||
@ -81,6 +82,112 @@ index 2119ef33bf8..a38383415d5 100644
|
||||
static int32_t
|
||||
check_response(int sd, char **srvmsg);
|
||||
|
||||
diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
|
||||
index fd385d1625d..68b53ddf022 100755
|
||||
--- a/src/pesign-rpmbuild-helper
|
||||
+++ b/src/pesign-rpmbuild-helper
|
||||
@@ -1,6 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
+set -x
|
||||
|
||||
main() {
|
||||
local target_cpu="${1}" && shift
|
||||
@@ -32,32 +33,41 @@ main() {
|
||||
" --certfile ")
|
||||
certfile="${2}"
|
||||
;;
|
||||
- " --certname ")
|
||||
- certname="${2}"
|
||||
- ;;
|
||||
" --certout ")
|
||||
- certout=(-C "${2}")
|
||||
+ certout[0]=-C
|
||||
+ certout[1]="${2}"
|
||||
;;
|
||||
" --sattrout ")
|
||||
- sattrout=(-e "${2}")
|
||||
+ sattrout[0]=-e
|
||||
+ sattrout[1]="${2}"
|
||||
;;
|
||||
" --client-token ")
|
||||
- client_token=(-t "${2}")
|
||||
+ client_token[0]=-t
|
||||
+ client_token[1]="${2}"
|
||||
;;
|
||||
" --client-cert ")
|
||||
- client_cert=(-c "${2}")
|
||||
+ client_cert[0]=-c
|
||||
+ client_cert[1]="${2}"
|
||||
;;
|
||||
" --token ")
|
||||
- token=(-t "${2}")
|
||||
+ token[0]=-t
|
||||
+ token="${2}"
|
||||
;;
|
||||
" --cert ")
|
||||
- cert=(-c "${2}")
|
||||
+ cert[0]=-c
|
||||
+ cert[1]="${2}"
|
||||
+ ;;
|
||||
+ " --certname ")
|
||||
+ cert[0]=-c
|
||||
+ cert[1]="${2}"
|
||||
;;
|
||||
" --in ")
|
||||
- input=(-i "${2}")
|
||||
+ input[0]=-i
|
||||
+ input[1]="${2}"
|
||||
;;
|
||||
" --out ")
|
||||
- output=(-o "${2}")
|
||||
+ output[0]=-o
|
||||
+ output[1]="${2}"
|
||||
;;
|
||||
" --rhelver ")
|
||||
rhelver="${2}"
|
||||
@@ -75,8 +85,8 @@ main() {
|
||||
fi
|
||||
|
||||
local nssdir=/etc/pki/pesign
|
||||
- if [ "${certname}" == "Red Hat Test Certificate" ] ||
|
||||
- [ "${#cert[@]}" -eq 2 -a "${cert[1]}" == "Red Hat Test Certificate" ] ; then
|
||||
+ if [ "${#cert[@]}" -eq 2 ] &&
|
||||
+ [ "${cert[1]}" == "Red Hat Test Certificate" ] ; then
|
||||
nssdir=/etc/pki/pesign-rh-test
|
||||
fi
|
||||
|
||||
@@ -125,20 +135,20 @@ main() {
|
||||
certutil -A -n "signer" -t "CTu,CTu,CTu" -i "${certfile}" -d ${nssdir}
|
||||
sattrs="$(mktemp -p $PWD --suffix=.der)"
|
||||
"${bin}" -E "${sattrs}" --certdir "${nssdir}" \
|
||||
- ${input[@]} --force
|
||||
- rpm-sign --key "${certname}" --rsadgstsign "${sattrs}"
|
||||
+ "${input[@]}" --force
|
||||
+ rpm-sign --key "${cert[1]}" --rsadgstsign "${sattrs}"
|
||||
"${bin}" -R "${sattrs}.sig" -I "${sattrs}" \
|
||||
--certdir "${nssdir}" -c signer \
|
||||
- ${input[@]} ${output[@]}
|
||||
+ "${input[@]}" "${output[@]}"
|
||||
rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
|
||||
elif [ -n "${socket}" ] ; then
|
||||
- "${client}" ${client_token[@]} ${client_cert[@]} \
|
||||
- ${sattrout[@]} ${certout[@]} \
|
||||
- ${sign} ${input[@]} ${output[@]}
|
||||
+ "${client}" "${client_token[@]}" "${client_cert[@]}" \
|
||||
+ "${sattrout[@]}" "${certout[@]}" \
|
||||
+ ${sign} "${input[@]}" "${output[@]}"
|
||||
else
|
||||
- "${bin}" --certdir "${nssdir}" ${token[@]} ${cert[@]} \
|
||||
- ${sign} ${sattrout[@]} ${certout[@]} \
|
||||
- ${input[@]} ${output[@]}
|
||||
+ "${bin}" --certdir "${nssdir}" "${token[@]}" \
|
||||
+ "${cert[@]}" ${sign} "${sattrout[@]}" \
|
||||
+ "${certout[@]}" "${input[@]}" "${output[@]}"
|
||||
fi
|
||||
|
||||
# if there's a 0-sized output file, delete it and error out
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Name: pesign
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Version: 113
|
||||
Release: 5~2%{?dist}
|
||||
Release: 5~3%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user