Update to pesign-0.110

Signed-off-by: Peter Jones <pjones@redhat.com>

.gitignore

@@ -1,3 +1,4 @@
 /pesign-*.tar.bz2
 clog
 /rh-test-certs.tar.bz2
+*.rpm

0001-Don-t-set-SO_PASSCRED.patch

@@ -1,43 +0,0 @@
-From c877f0187d337374960f02046800a313d2326848 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 29 May 2014 16:10:05 -0400
-Subject: [PATCH] Don't set SO_PASSCRED.
-
-It would appear that on recent kernels, setting SO_PASSCRED means you
-always get SCM_CREDENTIALS control messages back instead of what
-sendmsg() sent you, and SCM_RIGHTS works just fine without it.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- src/daemon.c | 10 +---------
- 1 file changed, 1 insertion(+), 9 deletions(-)
-
-diff --git a/src/daemon.c b/src/daemon.c
-index 55c08c3..af3a2b6 100644
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -744,20 +744,12 @@ set_up_socket(context *ctx)
- 		exit(1);
- 	}
- 
--	int one = 1;
--	int rc = setsockopt(sd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
--	if (rc < 0) {
--		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR,
--			"unable to set socket options: %m");
--		exit(1);
--	}
--
- 	struct sockaddr_un addr_un = {
- 		.sun_family = AF_UNIX,
- 		.sun_path = SOCKPATH,
- 	};
- 
--	rc = bind(sd, &addr_un, sizeof(addr_un));
-+	int rc = bind(sd, &addr_un, sizeof(addr_un));
- 	if (rc < 0) {
- 		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR,
- 			"unable to bind to \"%s\": %m",
--- 
-1.9.0
-

0001-Make-make-install_systemd-and-make-install_sysvinit-.patch

@@ -0,0 +1,75 @@
+From fd52dc1631d46cdf4eac9053be7e2e7a19977df2 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 24 Oct 2014 16:26:26 -0400
+Subject: [PATCH 1/2] Make "make install_systemd" and "make install_sysvinit"
+ not error.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/Makefile        | 4 ++++
+ include/libdpe/Makefile | 4 ++++
+ libdpe/Makefile         | 4 ++++
+ util/Makefile           | 4 ++++
+ 4 files changed, 16 insertions(+)
+
+diff --git a/include/Makefile b/include/Makefile
+index 4314287..2b1f0ff 100644
+--- a/include/Makefile
++++ b/include/Makefile
+@@ -16,6 +16,10 @@ clean :
+ install :
+ 	@for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
+ 
++install_systemd:
++
++install_sysvinit:
++
+ .PHONY: all $(SUBDIRS) clean install
+ 
+ include $(TOPDIR)/Make.rules
+diff --git a/include/libdpe/Makefile b/include/libdpe/Makefile
+index f8a1e2c..f94001e 100644
+--- a/include/libdpe/Makefile
++++ b/include/libdpe/Makefile
+@@ -13,4 +13,8 @@ install:
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/
+ 	$(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/
+ 
++install_systemd:
++
++install_sysvinit:
++
+ include $(TOPDIR)/Make.rules
+diff --git a/libdpe/Makefile b/libdpe/Makefile
+index a8b0c26..b94379c 100644
+--- a/libdpe/Makefile
++++ b/libdpe/Makefile
+@@ -37,6 +37,10 @@ install :
+ 		$(INSTALL) -m 755  $$x $(INSTALLROOT)$(LIBDIR) ; \
+ 	done
+ 
++install_systemd:
++
++install_sysvinit:
++
+ .PHONY: all clean install
+ 
+ include $(TOPDIR)/Make.rules
+diff --git a/util/Makefile b/util/Makefile
+index ff11cb8..2f71b73 100644
+--- a/util/Makefile
++++ b/util/Makefile
+@@ -20,6 +20,10 @@ install :
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
+ 	$(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
+ 
++install_systemd:
++
++install_sysvinit:
++
+ .PHONY: all clean install
+ 
+ include $(TOPDIR)/Make.efirules
+-- 
+1.9.3
+

0002-Install-authvar-and-efisiglist.patch

@@ -0,0 +1,39 @@
+From 5a293fb24da9ee68f43bf94f08b07569d3556ce1 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 24 Oct 2014 16:29:19 -0400
+Subject: [PATCH 2/2] Install authvar and efisiglist
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ src/Makefile | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index 4c86a2a..007505c 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -76,17 +76,19 @@ install :
+ 	$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
+ 	$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 authvar $(INSTALLROOT)$(PREFIX)/bin/
+ 	$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
+ 	$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
+ 	$(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
+-	#$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(PREFIX)/bin/
++	$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
+ 	$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
+-	#$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
++	$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ 	$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
+ 	$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
+ 
+-- 
+1.9.3
+

pesign.spec

@@ -1,7 +1,7 @@
 Summary: Signing utility for UEFI binaries
 Name: pesign
-Version: 0.108
+Version: 0.110
-Release: 4%{?dist}
+Release: 1%{?dist}
 Group: Development/System
 License: GPLv2
 URL: https://github.com/vathpela/pesign
@@ -9,19 +9,18 @@ BuildRequires: git nspr nss nss-util popt-devel
 BuildRequires: coolkey opensc nss-tools
 BuildRequires: nspr-devel >= 4.9.2-1
 BuildRequires: nss-devel >= 3.13.6-1
+BuildRequires: efivar-devel >= 0.14-1
 Requires: nspr nss nss-util popt rpm coolkey opensc
 Requires(pre): shadow-utils
-ExclusiveArch: i686 x86_64 ia64
+ExclusiveArch: i686 x86_64 ia64 aarch64
 %if 0%{?rhel} >= 7
 BuildRequires: rh-signing-tools >= 1.20-2
 %endif
 
-# there is no tarball at github, of course.  To get this version do:
+Source0: https://github.com/vathpela/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2
-# git clone https://github.com/vathpela/pesign.git
-# git checkout %%{version}
-Source0: pesign-%{version}.tar.bz2
 Source1: rh-test-certs.tar.bz2
-Patch0001: 0001-Don-t-set-SO_PASSCRED.patch
+Patch0001: 0001-Make-make-install_systemd-and-make-install_sysvinit-.patch
+Patch0002: 0002-Install-authvar-and-efisiglist.patch
 
 %description
 This package contains the pesign utility for signing UEFI binaries as
@@ -35,6 +34,8 @@ git config user.name "Fedora Ninjas"
 git add .
 git commit -a -q -m "%{version} baseline."
 git am %{patches} </dev/null
+git config --unset user.email
+git config --unset user.name
 
 %build
 make PREFIX=%{_prefix} LIBDIR=%{_libdir}
@@ -59,9 +60,6 @@ mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/
 modutil -force -dbdir %{buildroot}/etc/pki/pesign -add opensc \
 	-libfile %{_libdir}/pkcs11/opensc-pkcs11.so
 
-%clean
-rm -rf %{buildroot}
-
 %pre
 getent group pesign >/dev/null || groupadd -r pesign
 getent passwd pesign >/dev/null || \
@@ -83,9 +81,12 @@ exit 0
 %files
 %defattr(-,root,root,-)
 %doc README TODO COPYING
+%{_bindir}/authvar
+%{_bindir}/efikeygen
+%{_bindir}/efisiglist
+%{_bindir}/pesigcheck
 %{_bindir}/pesign
 %{_bindir}/pesign-client
-%{_bindir}/efikeygen
 %{_sysconfdir}/popt.d/pesign.popt
 %{_sysconfdir}/rpm/macros.pesign
 %{_mandir}/man*/*
@@ -100,6 +101,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Oct 24 2014 Peter Jones <pjones@redhat.com> - 0.110-1
+- Update to pesign-0.110
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.108-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
 328db7cb27847cb610b7cf8f9c470455  rh-test-certs.tar.bz2
-1fb9f1362f8ec0eed97ed6218b9e94d4  pesign-0.108.tar.bz2
+a136d0b4fcbcb96b08e743368c31f83c  pesign-0.110.tar.bz2