Switch default NSS database to SQLite format

Resolves: rhbz#1827902

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
Javier Martinez Canillas 2020-06-08 15:54:08 +02:00
parent 9664ede71c
commit 6076214ded
No known key found for this signature in database
GPG Key ID: C751E590D63F3D69
3 changed files with 115 additions and 3 deletions

View File

@ -0,0 +1,104 @@
From c2f2c8845b3ed34da0a76806ec81bc5ad60179ef Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 12 Mar 2018 10:51:24 -0400
Subject: [PATCH] Use sql-type nss database everywhere by default.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/authvar.c | 2 ++
src/client.c | 3 +++
src/efikeygen.c | 2 ++
src/efisiglist.c | 2 ++
src/pesigcheck.c | 2 ++
src/pesign.c | 2 ++
6 files changed, 13 insertions(+)
diff --git a/src/authvar.c b/src/authvar.c
index 03e0c47f61c..47a73d12eaa 100644
--- a/src/authvar.c
+++ b/src/authvar.c
@@ -272,6 +272,8 @@ main(int argc, char *argv[])
int action = 0;
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
rc = authvar_context_init(ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
diff --git a/src/client.c b/src/client.c
index 575c873fb70..64e7bbb7689 100644
--- a/src/client.c
+++ b/src/client.c
@@ -22,6 +22,7 @@
#include <popt.h>
#include <pwd.h>
#include <stddef.h>
+#include <stdlib.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -628,6 +629,8 @@ main(int argc, char *argv[])
POPT_TABLEEND
};
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
rc = poptReadDefaultConfig(optCon, 0);
diff --git a/src/efikeygen.c b/src/efikeygen.c
index 93905782c0c..ad34970a62d 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -595,6 +595,8 @@ int main(int argc, char *argv[])
POPT_TABLEEND
};
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
int rc = poptReadDefaultConfig(optCon, 0);
diff --git a/src/efisiglist.c b/src/efisiglist.c
index a7ed528ca13..b88c4a06ded 100644
--- a/src/efisiglist.c
+++ b/src/efisiglist.c
@@ -177,6 +177,8 @@ main(int argc, char *argv[])
POPT_TABLEEND
};
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
rc = poptReadDefaultConfig(optCon, 0);
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
index c8e10860855..535999ca7fa 100644
--- a/src/pesigcheck.c
+++ b/src/pesigcheck.c
@@ -464,6 +464,8 @@ main(int argc, char *argv[])
POPT_TABLEEND
};
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
rc = pesigcheck_context_init(ctxp);
if (rc < 0) {
fprintf(stderr, "pesigcheck: Could not initialize context: %m\n");
diff --git a/src/pesign.c b/src/pesign.c
index 6ceda34f797..bc12e4d920a 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -416,6 +416,8 @@ main(int argc, char *argv[])
char *certdir = "/etc/pki/pesign";
char *signum = NULL;
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
+
rc = pesign_context_new(&ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
--
2.26.2

View File

@ -3,7 +3,7 @@
Name: pesign
Summary: Signing utility for UEFI binaries
Version: 0.112
Release: 30%{?dist}
Release: 31%{?dist}
License: GPLv2
URL: https://github.com/vathpela/pesign
@ -72,6 +72,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
Patch0030: 0030-efikeygen-Fix-the-build-with-nss-3.44.patch
Patch0031: 0031-pesigcheck-Fix-a-wrong-assignment.patch
Patch0032: 0032-Use-sql-type-nss-database-everywhere-by-default.patch
%description
This package contains the pesign utility for signing UEFI binaries as
@ -145,6 +146,9 @@ exit 0
%postun
%systemd_postun_with_restart pesign.service
%posttrans
certutil -d /etc/pki/pesign/ -X -L > /dev/null
%endif
%files
@ -179,6 +183,10 @@ exit 0
%{python3_sitelib}/mockbuild/plugins/pesign.*
%changelog
* Mon Jun 08 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.112-31
- Switch default NSS database to SQLite format (pjones)
Resolves: rhbz#1827902
* Mon Feb 24 2020 Peter Jones <pjones@redhat.com> - 0.112-30
- Make sure the patch for -29 is actually in the build in f32, and
synchronize with master.

View File

@ -1,2 +1,2 @@
e377e0bc924287ee09356a239c5f51a8 certs.tar.xz
eae1d66e160be744ff310ad7592ae31e pesign-0.112.tar.bz2
SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f
SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c