Add a patch needed for new shim builds
This commit is contained in:
parent
575fc2adda
commit
47e695fb59
@ -0,0 +1,46 @@
|
|||||||
|
From 3e257e96c9b48e07e0885f391f1e50fd69b52408 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Fedora Ninjas <pesign-owner@fedoraproject.org>
|
||||||
|
Date: Mon, 26 Nov 2012 19:05:54 -0500
|
||||||
|
Subject: [PATCH] Add support for local certificate database directories
|
||||||
|
|
||||||
|
Users may wish to use a certificate database other than the systemwide one.
|
||||||
|
Add an option for that.
|
||||||
|
---
|
||||||
|
src/pesign.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/pesign.c b/src/pesign.c
|
||||||
|
index 2c98600..cd3031c 100644
|
||||||
|
--- a/src/pesign.c
|
||||||
|
+++ b/src/pesign.c
|
||||||
|
@@ -437,6 +437,7 @@ main(int argc, char *argv[])
|
||||||
|
char *tokenname = "NSS Certificate DB";
|
||||||
|
char *origtoken = tokenname;
|
||||||
|
char *certname = NULL;
|
||||||
|
+ char *certdir = "/etc/pki/pesign";
|
||||||
|
|
||||||
|
rc = pesign_context_new(&ctxp);
|
||||||
|
if (rc < 0) {
|
||||||
|
@@ -454,6 +455,10 @@ main(int argc, char *argv[])
|
||||||
|
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
|
||||||
|
"specify certificate nickname",
|
||||||
|
"<certificate nickname>" },
|
||||||
|
+ {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
|
||||||
|
+ &certdir, 0,
|
||||||
|
+ "specify nss certificate database directory",
|
||||||
|
+ "<certificate directory path>" },
|
||||||
|
{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
|
||||||
|
"specify private key file", "<privkey>" },
|
||||||
|
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
|
||||||
|
@@ -536,7 +541,7 @@ main(int argc, char *argv[])
|
||||||
|
poptFreeContext(optCon);
|
||||||
|
|
||||||
|
if (!daemon) {
|
||||||
|
- SECStatus status = NSS_Init("/etc/pki/pesign");
|
||||||
|
+ SECStatus status = NSS_Init(certdir);
|
||||||
|
if (status != SECSuccess) {
|
||||||
|
fprintf(stderr, "Could not initialize nss: %s\n",
|
||||||
|
PORT_ErrorToString(PORT_GetError()));
|
||||||
|
--
|
||||||
|
1.8.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Name: pesign
|
Name: pesign
|
||||||
Version: 0.99
|
Version: 0.99
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/pesign
|
URL: https://github.com/vathpela/pesign
|
||||||
@ -62,6 +62,7 @@ Patch39: 0039-Fix-token-auth-authentication-failure-error-reportin.patch
|
|||||||
Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
|
Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch
|
||||||
Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
|
Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch
|
||||||
Patch42: 0042-Get-the-Fedora-signing-token-name-right.patch
|
Patch42: 0042-Get-the-Fedora-signing-token-name-right.patch
|
||||||
|
Patch43: 0043-Add-support-for-local-certificate-database-directori.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
@ -131,6 +132,9 @@ exit 0
|
|||||||
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 26 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.99-9
|
||||||
|
- Add a patch needed for new shim builds
|
||||||
|
|
||||||
* Fri Oct 19 2012 Peter Jones <pjones@redhat.com> - 0.99-8
|
* Fri Oct 19 2012 Peter Jones <pjones@redhat.com> - 0.99-8
|
||||||
- Get the Fedora signing token name right.
|
- Get the Fedora signing token name right.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user