Rebase to 0.111

- Split test certs out into a "Recommends" subpackage. Signed-off-by: Peter Jones <pjones@redhat.com>
2015-10-28 15:42:00 -04:00 · 2015-10-28 15:42:00 -04:00 · 15ed9eb9c2
commit 15ed9eb9c2
parent 79e3b6ac67
5 changed files with 60 additions and 132 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 clog
 /rh-test-certs.tar.bz2
 *.rpm
+/certs.tar.xz
--- a/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
+++ b/0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
@ -1,75 +0,0 @@
-From fd52dc1631d46cdf4eac9053be7e2e7a19977df2 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 24 Oct 2014 16:26:26 -0400
-Subject: [PATCH 1/2] Make "make install_systemd" and "make install_sysvinit"
- not error.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- include/Makefile        | 4 ++++
- include/libdpe/Makefile | 4 ++++
- libdpe/Makefile         | 4 ++++
- util/Makefile           | 4 ++++
- 4 files changed, 16 insertions(+)
-
-diff --git a/include/Makefile b/include/Makefile
-index 4314287..2b1f0ff 100644
--- a/include/Makefile
-+++ b/include/Makefile
-@@ -16,6 +16,10 @@ clean :
- install :
- 	@for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
- 
-+install_systemd:
-+
-+install_sysvinit:
-+
- .PHONY: all $(SUBDIRS) clean install
- 
- include $(TOPDIR)/Make.rules
-diff --git a/include/libdpe/Makefile b/include/libdpe/Makefile
-index f8a1e2c..f94001e 100644
--- a/include/libdpe/Makefile
-+++ b/include/libdpe/Makefile
-@@ -13,4 +13,8 @@ install:
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/
- 	$(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/
- 
-+install_systemd:
-+
-+install_sysvinit:
-+
- include $(TOPDIR)/Make.rules
-diff --git a/libdpe/Makefile b/libdpe/Makefile
-index a8b0c26..b94379c 100644
--- a/libdpe/Makefile
-+++ b/libdpe/Makefile
-@@ -37,6 +37,10 @@ install :
- 		$(INSTALL) -m 755  $$x $(INSTALLROOT)$(LIBDIR) ; \
- 	done
- 
-+install_systemd:
-+
-+install_sysvinit:
-+
- .PHONY: all clean install
- 
- include $(TOPDIR)/Make.rules
-diff --git a/util/Makefile b/util/Makefile
-index ff11cb8..2f71b73 100644
--- a/util/Makefile
-+++ b/util/Makefile
-@@ -20,6 +20,10 @@ install :
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
- 	$(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
- 
-+install_systemd:
-+
-+install_sysvinit:
-+
- .PHONY: all clean install
- 
- include $(TOPDIR)/Make.efirules
-- 
-1.9.3
-
--- a/0002-Install-authvar-and-efisiglist.patch
+++ b/0002-Install-authvar-and-efisiglist.patch
@ -1,39 +0,0 @@
-From 5a293fb24da9ee68f43bf94f08b07569d3556ce1 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 24 Oct 2014 16:29:19 -0400
-Subject: [PATCH 2/2] Install authvar and efisiglist
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- src/Makefile | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index 4c86a2a..007505c 100644
--- a/src/Makefile
-+++ b/src/Makefile
-@@ -76,17 +76,19 @@ install :
- 	$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
- 	$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
-+	$(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
- 	$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
- 	$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
- 	$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
-	#$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
-+	$(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
-+	$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
- 	$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
- 	$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
- 	$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
- 	$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
-	#$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
-+	$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
- 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
- 	$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
- 
-- 
-1.9.3
-
--- a/pesign.spec
+++ b/pesign.spec
@ -2,10 +2,11 @@

 Summary: Signing utility for UEFI binaries
 Name: pesign
-Version: 0.110
-Release: 3%{?dist}
+Version: 0.111
+Release: 1%{?dist}
 Group: Development/System
 License: GPLv2
+Recommends: pesign-rh-test-certs
 URL: https://github.com/vathpela/pesign
 BuildRequires: git nspr nss nss-util popt-devel
 BuildRequires: coolkey opensc nss-tools
@ -13,6 +14,7 @@ BuildRequires: nspr-devel >= 4.9.2-1
 BuildRequires: nss-devel >= 3.13.6-1
 BuildRequires: efivar-devel >= 0.14-1
 BuildRequires: libuuid-devel
+BuildRequires: tar xz
 Requires: nspr nss nss-util popt rpm coolkey opensc
 Requires(pre): shadow-utils
 ExclusiveArch: i686 x86_64 ia64 aarch64
@ -21,16 +23,24 @@ BuildRequires: rh-signing-tools >= 1.20-2
 %endif

 Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
-Source1: rh-test-certs.tar.bz2
-Patch0001: 0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
-Patch0002: 0002-Install-authvar-and-efisiglist.patch
+Source1: certs.tar.xz

 %description
 This package contains the pesign utility for signing UEFI binaries as
 well as other associated tools.

+%package rh-test-certs
+Summary: Test keys for pesign
+Group: Development/System
+License: GPLv2
+Requires: pesign = %{version}-%{release}
+
+%description rh-test-certs
+This package contains test keys for use with pesign
+
 %prep
-%setup -q -a 1
+%setup -q -a 0 
+%setup -a 1 -D -c -n pesign-%{version}/
 git init
 git config user.email "pesign-owner@fedoraproject.org"
 git config user.name "Fedora Ninjas"
@ -56,12 +66,8 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} \
 # there's some stuff that's not really meant to be shipped yet
 rm -rf %{buildroot}/boot %{buildroot}/usr/include
 rm -rf %{buildroot}%{_libdir}/libdpe*
-mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/
-
-#modutil -force -dbdir %{buildroot}/etc/pki/pesign -add coolkey \
-#	-libfile %{_libdir}/pkcs11/libcoolkeypk11.so
-modutil -force -dbdir %{buildroot}/etc/pki/pesign -add opensc \
-	-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
+mkdir -p %{buildroot}%{_sysconfdir}/pki/pesign/
+cp -a etc/pki/pesign/* %{buildroot}%{_sysconfdir}/pki/pesign/

 if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then
 	mkdir -p %{buildroot}%{macrosdir}
@ -69,6 +75,7 @@ if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then
 		%{buildroot}%{macrosdir}
 	rmdir %{buildroot}%{_sysconfdir}/rpm
 fi
+rm -f %{buildroot}/usr/usr/share/doc/pesign-0.111/COPYING

 %pre
 getent group pesign >/dev/null || groupadd -r pesign
@ -77,40 +84,74 @@ getent passwd pesign >/dev/null || \
 		-c "Group for the pesign signing daemon" pesign
 exit 0

+%post rh-test-certs
+certutil --merge -d %{_sysconfdir}/pki/pesign/ --source-dir %{_sysconfdir}/pki/pesign/rh-test-certs/
+
+%postun rh-test-certs
+if [ "$1" -eq 0 ]; then
+	certutil -d %{_sysconfdir}/pki/pesign -F -n "Red Hat Test Certificate"
+	certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test Certificate"
+	certutil -d %{_sysconfdir}/pki/pesign -D -n "Red Hat Test CA"
+fi
+
 %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
 %post
 %systemd_post pesign.service
+modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
+	-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
+#modutil -force -dbdir %{_sysconfdir}/pki/pesign -add coolkey \
+#	-libfile %%{_libdir}/pkcs11/libcoolkeypk11.so

 %preun
 %systemd_preun pesign.service

 %postun
 %systemd_postun_with_restart pesign.service
+%else
+%post
+modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
+	-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
 %endif

 %files
 %defattr(-,root,root,-)
-%doc README TODO COPYING
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc README TODO
 %{_bindir}/authvar
 %{_bindir}/efikeygen
 %{_bindir}/efisiglist
 %{_bindir}/pesigcheck
 %{_bindir}/pesign
 %{_bindir}/pesign-client
+%dir %{_libexecdir}/pesign/
+%exclude %{_sysconfdir}/pki/pesign/rh-test-certs/
+%{_libexecdir}/pesign/pesign-authorize-users
+%{_libexecdir}/pesign/pesign-authorize-groups
+%config(noreplace)/%{_sysconfdir}/pesign/users
+%config(noreplace)/%{_sysconfdir}/pesign/groups
 %{_sysconfdir}/popt.d/pesign.popt
 %{macrosdir}/macros.pesign
 %{_mandir}/man*/*
-%dir %attr(0775,pesign,pesign) /etc/pki/pesign
-%attr(0664,pesign,pesign) /etc/pki/pesign/*
+%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign
+%attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/*
 %dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
 %if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
-%{_prefix}/lib/tmpfiles.d/pesign.conf
+%{_tmpfilesdir}/pesign.conf
 %{_unitdir}/pesign.service
 %endif

+%files rh-test-certs
+%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/
+%attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/rh-test-certs/*
+
 %changelog
+* Wed Oct 28 2015 Peter Jones <pjones@redhat.com> - 0.111-1
+- Rebase to 0.111
+- Split test certs out into a "Recommends" subpackage.
+
 * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.110-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-328db7cb27847cb610b7cf8f9c470455  rh-test-certs.tar.bz2
-a136d0b4fcbcb96b08e743368c31f83c  pesign-0.110.tar.bz2
+37bb2a79934feda0327e0fb4d9e5b08e  certs.tar.xz
+b2c6b74c2475a1442634d1386d888c24  pesign-0.111.tar.bz2