Add a patch needed for new shim builds
This commit is contained in:
parent
575fc2adda
commit
47e695fb59
@ -0,0 +1,46 @@
|
||||
From 3e257e96c9b48e07e0885f391f1e50fd69b52408 Mon Sep 17 00:00:00 2001
|
||||
From: Fedora Ninjas <pesign-owner@fedoraproject.org>
|
||||
Date: Mon, 26 Nov 2012 19:05:54 -0500
|
||||
Subject: [PATCH] Add support for local certificate database directories
|
||||
|
||||
Users may wish to use a certificate database other than the systemwide one.
|
||||
Add an option for that.
|
||||
---
|
||||
src/pesign.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/pesign.c b/src/pesign.c
|
||||
index 2c98600..cd3031c 100644
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
@@ -437,6 +437,7 @@ main(int argc, char *argv[])
|
||||
char *tokenname = "NSS Certificate DB";
|
||||
char *origtoken = tokenname;
|
||||
char *certname = NULL;
|
||||
+ char *certdir = "/etc/pki/pesign";
|
||||
|
||||
rc = pesign_context_new(&ctxp);
|
||||
if (rc < 0) {
|
||||
@@ -454,6 +455,10 @@ main(int argc, char *argv[])
|
||||
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
|
||||
"specify certificate nickname",
|
||||
"<certificate nickname>" },
|
||||
+ {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
|
||||
+ &certdir, 0,
|
||||
+ "specify nss certificate database directory",
|
||||
+ "<certificate directory path>" },
|
||||
{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
|
||||
"specify private key file", "<privkey>" },
|
||||
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
|
||||
@@ -536,7 +541,7 @@ main(int argc, char *argv[])
|
||||
poptFreeContext(optCon);
|
||||
|
||||
if (!daemon) {
|
||||
- SECStatus status = NSS_Init("/etc/pki/pesign");
|
||||
+ SECStatus status = NSS_Init(certdir);
|
||||
if (status != SECSuccess) {
|
||||
fprintf(stderr, "Could not initialize nss: %s\n",
|
||||
PORT_ErrorToString(PORT_GetError()));
|
||||
--
|
||||
1.8.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Name: pesign
|
||||
Version: 0.99
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Group: Development/System
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
@ -62,6 +62,7 @@ Patch39: 0039-Fix-token-auth-authentication-failure-error-reportin.patch
|
||||
Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
|
||||
Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
|
||||
Patch42: 0042-Get-the-Fedora-signing-token-name-right.patch
|
||||
Patch43: 0043-Add-support-for-local-certificate-database-directori.patch
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
@ -131,6 +132,9 @@ exit 0
|
||||
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
||||
|
||||
%changelog
|
||||
* Mon Nov 26 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.99-9
|
||||
- Add a patch needed for new shim builds
|
||||
|
||||
* Fri Oct 19 2012 Peter Jones <pjones@redhat.com> - 0.99-8
|
||||
- Get the Fedora signing token name right.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user