rpms/pesign
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to 0.111

Browse Source 
- Split test certs out into a "Recommends" subpackage.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2015-10-28 15:42:00 -04:00
parent 79e3b6ac67
commit 15ed9eb9c2
5 changed files with 60 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
clog clog
/rh-test-certs.tar.bz2 /rh-test-certs.tar.bz2
*.rpm *.rpm
/certs.tar.xz

75
0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
View File

@ -1,75 +0,0 @@
From fd52dc1631d46cdf4eac9053be7e2e7a19977df2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 24 Oct 2014 16:26:26 -0400
Subject: [PATCH 1/2] Make "make install_systemd" and "make install_sysvinit"
not error.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/Makefile | 4 ++++
include/libdpe/Makefile | 4 ++++
libdpe/Makefile | 4 ++++
util/Makefile | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/include/Makefile b/include/Makefile
index 4314287..2b1f0ff 100644
--- a/include/Makefile
+++ b/include/Makefile
@@ -16,6 +16,10 @@ clean :
install :
@for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
+install_systemd:
+
+install_sysvinit:
+
.PHONY: all $(SUBDIRS) clean install
include $(TOPDIR)/Make.rules
diff --git a/include/libdpe/Makefile b/include/libdpe/Makefile
index f8a1e2c..f94001e 100644
--- a/include/libdpe/Makefile
+++ b/include/libdpe/Makefile
@@ -13,4 +13,8 @@ install:
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/
$(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/
+install_systemd:
+
+install_sysvinit:
+
include $(TOPDIR)/Make.rules
diff --git a/libdpe/Makefile b/libdpe/Makefile
index a8b0c26..b94379c 100644
--- a/libdpe/Makefile
+++ b/libdpe/Makefile
@@ -37,6 +37,10 @@ install :
$(INSTALL) -m 755 $$x $(INSTALLROOT)$(LIBDIR) ; \
done
+install_systemd:
+
+install_sysvinit:
+
.PHONY: all clean install
include $(TOPDIR)/Make.rules
diff --git a/util/Makefile b/util/Makefile
index ff11cb8..2f71b73 100644
--- a/util/Makefile
+++ b/util/Makefile
@@ -20,6 +20,10 @@ install :
$(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
$(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
+install_systemd:
+
+install_sysvinit:
+
.PHONY: all clean install
include $(TOPDIR)/Make.efirules
--
1.9.3

39
0002-Install-authvar-and-efisiglist.patch
View File

@ -1,39 +0,0 @@
From 5a293fb24da9ee68f43bf94f08b07569d3556ce1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 24 Oct 2014 16:29:19 -0400
Subject: [PATCH 2/2] Install authvar and efisiglist
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/Makefile | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 4c86a2a..007505c 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -76,17 +76,19 @@ install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
--
1.9.3

73
pesign.spec
View File

@ -2,10 +2,11 @@
Summary: Signing utility for UEFI binaries Summary: Signing utility for UEFI binaries
Name: pesign Name: pesign
Version: 0.110 Version: 0.111
Release: 3%{?dist} Release: 1%{?dist}
Group: Development/System Group: Development/System
License: GPLv2 License: GPLv2
Recommends: pesign-rh-test-certs
URL: https://github.com/vathpela/pesign URL: https://github.com/vathpela/pesign
BuildRequires: git nspr nss nss-util popt-devel BuildRequires: git nspr nss nss-util popt-devel
BuildRequires: coolkey opensc nss-tools BuildRequires: coolkey opensc nss-tools
@ -13,6 +14,7 @@ BuildRequires: nspr-devel >= 4.9.2-1
BuildRequires: nss-devel >= 3.13.6-1 BuildRequires: nss-devel >= 3.13.6-1
BuildRequires: efivar-devel >= 0.14-1 BuildRequires: efivar-devel >= 0.14-1
BuildRequires: libuuid-devel BuildRequires: libuuid-devel
BuildRequires: tar xz
Requires: nspr nss nss-util popt rpm coolkey opensc Requires: nspr nss nss-util popt rpm coolkey opensc
Requires(pre): shadow-utils Requires(pre): shadow-utils
ExclusiveArch: i686 x86_64 ia64 aarch64 ExclusiveArch: i686 x86_64 ia64 aarch64
@ -21,16 +23,24 @@ BuildRequires: rh-signing-tools >= 1.20-2
%endif %endif
Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2 Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
Source1: rh-test-certs.tar.bz2 Source1: certs.tar.xz
Patch0001: 0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
Patch0002: 0002-Install-authvar-and-efisiglist.patch
%description %description
This package contains the pesign utility for signing UEFI binaries as This package contains the pesign utility for signing UEFI binaries as
well as other associated tools. well as other associated tools.
%package rh-test-certs
Summary: Test keys for pesign
Group: Development/System
License: GPLv2
Requires: pesign = %{version}-%{release}
%description rh-test-certs
This package contains test keys for use with pesign
%prep %prep
%setup -q -a 1 %setup -q -a 0
%setup -a 1 -D -c -n pesign-%{version}/
git init git init
git config user.email "pesign-owner@fedoraproject.org" git config user.email "pesign-owner@fedoraproject.org"
git config user.name "Fedora Ninjas" git config user.name "Fedora Ninjas"
@ -56,12 +66,8 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} \
# there's some stuff that's not really meant to be shipped yet # there's some stuff that's not really meant to be shipped yet
rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}/boot %{buildroot}/usr/include
rm -rf %{buildroot}%{_libdir}/libdpe* rm -rf %{buildroot}%{_libdir}/libdpe*
mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/ mkdir -p %{buildroot}%{_sysconfdir}/pki/pesign/
cp -a etc/pki/pesign/* %{buildroot}%{_sysconfdir}/pki/pesign/
#modutil -force -dbdir %{buildroot}/etc/pki/pesign -add coolkey \
# -libfile %{_libdir}/pkcs11/libcoolkeypk11.so
modutil -force -dbdir %{buildroot}/etc/pki/pesign -add opensc \
-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then
mkdir -p %{buildroot}%{macrosdir} mkdir -p %{buildroot}%{macrosdir}
@ -69,6 +75,7 @@ if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then
%{buildroot}%{macrosdir} %{buildroot}%{macrosdir}
rmdir %{buildroot}%{_sysconfdir}/rpm rmdir %{buildroot}%{_sysconfdir}/rpm
fi fi
rm -f %{buildroot}/usr/usr/share/doc/pesign-0.111/COPYING
%pre %pre
getent group pesign >/dev/null || groupadd -r pesign getent group pesign >/dev/null || groupadd -r pesign
@ -77,40 +84,74 @@ getent passwd pesign >/dev/null || \
-c "Group for the pesign signing daemon" pesign -c "Group for the pesign signing daemon" pesign
exit 0 exit 0
%post rh-test-certs
certutil --merge -d %{_sysconfdir}/pki/pesign/ --source-dir %{_sysconfdir}/pki/pesign/rh-test-certs/
%postun rh-test-certs
if [ "$1" -eq 0 ]; then
certutil -d %{_sysconfdir}/pki/pesign -F -n "Red Hat Test Certificate"
certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test Certificate"
certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test CA"
fi
%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
%post %post
%systemd_post pesign.service %systemd_post pesign.service
modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
#modutil -force -dbdir %{_sysconfdir}/pki/pesign -add coolkey \
# -libfile %%{_libdir}/pkcs11/libcoolkeypk11.so
%preun %preun
%systemd_preun pesign.service %systemd_preun pesign.service
%postun %postun
%systemd_postun_with_restart pesign.service %systemd_postun_with_restart pesign.service
%else
%post
modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
%endif %endif
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc README TODO COPYING %{!?_licensedir:%global license %%doc}
%license COPYING
%doc README TODO
%{_bindir}/authvar %{_bindir}/authvar
%{_bindir}/efikeygen %{_bindir}/efikeygen
%{_bindir}/efisiglist %{_bindir}/efisiglist
%{_bindir}/pesigcheck %{_bindir}/pesigcheck
%{_bindir}/pesign %{_bindir}/pesign
%{_bindir}/pesign-client %{_bindir}/pesign-client
%dir %{_libexecdir}/pesign/
%exclude %{_sysconfdir}/pki/pesign/rh-test-certs/
%{_libexecdir}/pesign/pesign-authorize-users
%{_libexecdir}/pesign/pesign-authorize-groups
%config(noreplace)/%{_sysconfdir}/pesign/users
%config(noreplace)/%{_sysconfdir}/pesign/groups
%{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/popt.d/pesign.popt
%{macrosdir}/macros.pesign %{macrosdir}/macros.pesign
%{_mandir}/man*/* %{_mandir}/man*/*
%dir %attr(0775,pesign,pesign) /etc/pki/pesign %dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign
%attr(0664,pesign,pesign) /etc/pki/pesign/* %attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/*
%dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name} %dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
%{_prefix}/lib/tmpfiles.d/pesign.conf %{_tmpfilesdir}/pesign.conf
%{_unitdir}/pesign.service %{_unitdir}/pesign.service
%endif %endif
%files rh-test-certs
%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/
%attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/*
%changelog %changelog
* Wed Oct 28 2015 Peter Jones <pjones@redhat.com> - 0.111-1
- Rebase to 0.111
- Split test certs out into a "Recommends" subpackage.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.110-3 * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.110-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
328db7cb27847cb610b7cf8f9c470455 rh-test-certs.tar.bz2 37bb2a79934feda0327e0fb4d9e5b08e certs.tar.xz
a136d0b4fcbcb96b08e743368c31f83c pesign-0.110.tar.bz2 b2c6b74c2475a1442634d1386d888c24 pesign-0.111.tar.bz2