Add a patch needed for new shim builds

This commit is contained in:
Matthew Garrett 2012-11-26 19:38:34 -05:00
parent 575fc2adda
commit 47e695fb59
2 changed files with 51 additions and 1 deletions

View File

@ -0,0 +1,46 @@
From 3e257e96c9b48e07e0885f391f1e50fd69b52408 Mon Sep 17 00:00:00 2001
From: Fedora Ninjas <pesign-owner@fedoraproject.org>
Date: Mon, 26 Nov 2012 19:05:54 -0500
Subject: [PATCH] Add support for local certificate database directories
Users may wish to use a certificate database other than the systemwide one.
Add an option for that.
---
src/pesign.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/pesign.c b/src/pesign.c
index 2c98600..cd3031c 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -437,6 +437,7 @@ main(int argc, char *argv[])
char *tokenname = "NSS Certificate DB";
char *origtoken = tokenname;
char *certname = NULL;
+ char *certdir = "/etc/pki/pesign";
rc = pesign_context_new(&ctxp);
if (rc < 0) {
@@ -454,6 +455,10 @@ main(int argc, char *argv[])
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
+ {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
+ &certdir, 0,
+ "specify nss certificate database directory",
+ "<certificate directory path>" },
{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
"specify private key file", "<privkey>" },
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
@@ -536,7 +541,7 @@ main(int argc, char *argv[])
poptFreeContext(optCon);
if (!daemon) {
- SECStatus status = NSS_Init("/etc/pki/pesign");
+ SECStatus status = NSS_Init(certdir);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
--
1.8.0

View File

@ -1,7 +1,7 @@
Summary: Signing utility for UEFI binaries
Name: pesign
Version: 0.99
Release: 8%{?dist}
Release: 9%{?dist}
Group: Development/System
License: GPLv2
URL: https://github.com/vathpela/pesign
@ -62,6 +62,7 @@ Patch39: 0039-Fix-token-auth-authentication-failure-error-reportin.patch
Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
Patch42: 0042-Get-the-Fedora-signing-token-name-right.patch
Patch43: 0043-Add-support-for-local-certificate-database-directori.patch
%description
This package contains the pesign utility for signing UEFI binaries as
@ -131,6 +132,9 @@ exit 0
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
%changelog
* Mon Nov 26 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.99-9
- Add a patch needed for new shim builds
* Fri Oct 19 2012 Peter Jones <pjones@redhat.com> - 0.99-8
- Get the Fedora signing token name right.