diff --git a/.gitignore b/.gitignore index e0f8a90..3c38d6e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ clog /rh-test-certs.tar.bz2 *.rpm +/certs.tar.xz diff --git a/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch b/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch deleted file mode 100644 index d7b526e..0000000 --- a/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch +++ /dev/null @@ -1,75 +0,0 @@ -From fd52dc1631d46cdf4eac9053be7e2e7a19977df2 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 24 Oct 2014 16:26:26 -0400 -Subject: [PATCH 1/2] Make "make install_systemd" and "make install_sysvinit" - not error. - -Signed-off-by: Peter Jones ---- - include/Makefile | 4 ++++ - include/libdpe/Makefile | 4 ++++ - libdpe/Makefile | 4 ++++ - util/Makefile | 4 ++++ - 4 files changed, 16 insertions(+) - -diff --git a/include/Makefile b/include/Makefile -index 4314287..2b1f0ff 100644 ---- a/include/Makefile -+++ b/include/Makefile -@@ -16,6 +16,10 @@ clean : - install : - @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done - -+install_systemd: -+ -+install_sysvinit: -+ - .PHONY: all $(SUBDIRS) clean install - - include $(TOPDIR)/Make.rules -diff --git a/include/libdpe/Makefile b/include/libdpe/Makefile -index f8a1e2c..f94001e 100644 ---- a/include/libdpe/Makefile -+++ b/include/libdpe/Makefile -@@ -13,4 +13,8 @@ install: - $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/ - $(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/ - -+install_systemd: -+ -+install_sysvinit: -+ - include $(TOPDIR)/Make.rules -diff --git a/libdpe/Makefile b/libdpe/Makefile -index a8b0c26..b94379c 100644 ---- a/libdpe/Makefile -+++ b/libdpe/Makefile -@@ -37,6 +37,10 @@ install : - $(INSTALL) -m 755 $$x $(INSTALLROOT)$(LIBDIR) ; \ - done - -+install_systemd: -+ -+install_sysvinit: -+ - .PHONY: all clean install - - include $(TOPDIR)/Make.rules -diff --git a/util/Makefile b/util/Makefile -index ff11cb8..2f71b73 100644 ---- a/util/Makefile -+++ b/util/Makefile -@@ -20,6 +20,10 @@ install : - $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/ - $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/ - -+install_systemd: -+ -+install_sysvinit: -+ - .PHONY: all clean install - - include $(TOPDIR)/Make.efirules --- -1.9.3 - diff --git a/0002-Install-authvar-and-efisiglist.patch b/0002-Install-authvar-and-efisiglist.patch deleted file mode 100644 index de5993e..0000000 --- a/0002-Install-authvar-and-efisiglist.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5a293fb24da9ee68f43bf94f08b07569d3556ce1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 24 Oct 2014 16:29:19 -0400 -Subject: [PATCH 2/2] Install authvar and efisiglist - -Signed-off-by: Peter Jones ---- - src/Makefile | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index 4c86a2a..007505c 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -76,17 +76,19 @@ install : - $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ - $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/ - $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/ -+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/ - $(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/ - $(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client - $(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/ -- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/ -+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/ -+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/ - $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/ - $(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/ - $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/ - $(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/ - $(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/ - $(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/ -- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/ -+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/ - $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/ - $(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/ - --- -1.9.3 - diff --git a/pesign.spec b/pesign.spec index 14534f7..7751e48 100644 --- a/pesign.spec +++ b/pesign.spec @@ -2,10 +2,11 @@ Summary: Signing utility for UEFI binaries Name: pesign -Version: 0.110 -Release: 3%{?dist} +Version: 0.111 +Release: 1%{?dist} Group: Development/System License: GPLv2 +Recommends: pesign-rh-test-certs URL: https://github.com/vathpela/pesign BuildRequires: git nspr nss nss-util popt-devel BuildRequires: coolkey opensc nss-tools @@ -13,6 +14,7 @@ BuildRequires: nspr-devel >= 4.9.2-1 BuildRequires: nss-devel >= 3.13.6-1 BuildRequires: efivar-devel >= 0.14-1 BuildRequires: libuuid-devel +BuildRequires: tar xz Requires: nspr nss nss-util popt rpm coolkey opensc Requires(pre): shadow-utils ExclusiveArch: i686 x86_64 ia64 aarch64 @@ -21,16 +23,24 @@ BuildRequires: rh-signing-tools >= 1.20-2 %endif Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2 -Source1: rh-test-certs.tar.bz2 -Patch0001: 0001-Make-make-install_systemd-and-make-install_sysvinit-.patch -Patch0002: 0002-Install-authvar-and-efisiglist.patch +Source1: certs.tar.xz %description This package contains the pesign utility for signing UEFI binaries as well as other associated tools. +%package rh-test-certs +Summary: Test keys for pesign +Group: Development/System +License: GPLv2 +Requires: pesign = %{version}-%{release} + +%description rh-test-certs +This package contains test keys for use with pesign + %prep -%setup -q -a 1 +%setup -q -a 0 +%setup -a 1 -D -c -n pesign-%{version}/ git init git config user.email "pesign-owner@fedoraproject.org" git config user.name "Fedora Ninjas" @@ -56,12 +66,8 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} \ # there's some stuff that's not really meant to be shipped yet rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}%{_libdir}/libdpe* -mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/ - -#modutil -force -dbdir %{buildroot}/etc/pki/pesign -add coolkey \ -# -libfile %{_libdir}/pkcs11/libcoolkeypk11.so -modutil -force -dbdir %{buildroot}/etc/pki/pesign -add opensc \ - -libfile %{_libdir}/pkcs11/opensc-pkcs11.so +mkdir -p %{buildroot}%{_sysconfdir}/pki/pesign/ +cp -a etc/pki/pesign/* %{buildroot}%{_sysconfdir}/pki/pesign/ if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then mkdir -p %{buildroot}%{macrosdir} @@ -69,6 +75,7 @@ if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then %{buildroot}%{macrosdir} rmdir %{buildroot}%{_sysconfdir}/rpm fi +rm -f %{buildroot}/usr/usr/share/doc/pesign-0.111/COPYING %pre getent group pesign >/dev/null || groupadd -r pesign @@ -77,40 +84,74 @@ getent passwd pesign >/dev/null || \ -c "Group for the pesign signing daemon" pesign exit 0 +%post rh-test-certs +certutil --merge -d %{_sysconfdir}/pki/pesign/ --source-dir %{_sysconfdir}/pki/pesign/rh-test-certs/ + +%postun rh-test-certs +if [ "$1" -eq 0 ]; then + certutil -d %{_sysconfdir}/pki/pesign -F -n "Red Hat Test Certificate" + certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test Certificate" + certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test CA" +fi + %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 %post %systemd_post pesign.service +modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \ + -libfile %{_libdir}/pkcs11/opensc-pkcs11.so +#modutil -force -dbdir %{_sysconfdir}/pki/pesign -add coolkey \ +# -libfile %%{_libdir}/pkcs11/libcoolkeypk11.so %preun %systemd_preun pesign.service %postun %systemd_postun_with_restart pesign.service +%else +%post +modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \ + -libfile %{_libdir}/pkcs11/opensc-pkcs11.so %endif %files %defattr(-,root,root,-) -%doc README TODO COPYING +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc README TODO %{_bindir}/authvar %{_bindir}/efikeygen %{_bindir}/efisiglist %{_bindir}/pesigcheck %{_bindir}/pesign %{_bindir}/pesign-client +%dir %{_libexecdir}/pesign/ +%exclude %{_sysconfdir}/pki/pesign/rh-test-certs/ +%{_libexecdir}/pesign/pesign-authorize-users +%{_libexecdir}/pesign/pesign-authorize-groups +%config(noreplace)/%{_sysconfdir}/pesign/users +%config(noreplace)/%{_sysconfdir}/pesign/groups %{_sysconfdir}/popt.d/pesign.popt %{macrosdir}/macros.pesign %{_mandir}/man*/* -%dir %attr(0775,pesign,pesign) /etc/pki/pesign -%attr(0664,pesign,pesign) /etc/pki/pesign/* +%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign +%attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/* %dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name} %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 -%{_prefix}/lib/tmpfiles.d/pesign.conf +%{_tmpfilesdir}/pesign.conf %{_unitdir}/pesign.service %endif +%files rh-test-certs +%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/ +%attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/* + %changelog +* Wed Oct 28 2015 Peter Jones - 0.111-1 +- Rebase to 0.111 +- Split test certs out into a "Recommends" subpackage. + * Thu Jun 18 2015 Fedora Release Engineering - 0.110-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/sources b/sources index a137092..91d5153 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -328db7cb27847cb610b7cf8f9c470455 rh-test-certs.tar.bz2 -a136d0b4fcbcb96b08e743368c31f83c pesign-0.110.tar.bz2 +37bb2a79934feda0327e0fb4d9e5b08e certs.tar.xz +b2c6b74c2475a1442634d1386d888c24 pesign-0.111.tar.bz2