Switch default NSS database to SQLite format
Resolves: rhbz#1827902 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
parent
9664ede71c
commit
6076214ded
104
0032-Use-sql-type-nss-database-everywhere-by-default.patch
Normal file
104
0032-Use-sql-type-nss-database-everywhere-by-default.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From c2f2c8845b3ed34da0a76806ec81bc5ad60179ef Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 12 Mar 2018 10:51:24 -0400
|
||||
Subject: [PATCH] Use sql-type nss database everywhere by default.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/authvar.c | 2 ++
|
||||
src/client.c | 3 +++
|
||||
src/efikeygen.c | 2 ++
|
||||
src/efisiglist.c | 2 ++
|
||||
src/pesigcheck.c | 2 ++
|
||||
src/pesign.c | 2 ++
|
||||
6 files changed, 13 insertions(+)
|
||||
|
||||
diff --git a/src/authvar.c b/src/authvar.c
|
||||
index 03e0c47f61c..47a73d12eaa 100644
|
||||
--- a/src/authvar.c
|
||||
+++ b/src/authvar.c
|
||||
@@ -272,6 +272,8 @@ main(int argc, char *argv[])
|
||||
|
||||
int action = 0;
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
rc = authvar_context_init(ctxp);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr, "Could not initialize context: %m\n");
|
||||
diff --git a/src/client.c b/src/client.c
|
||||
index 575c873fb70..64e7bbb7689 100644
|
||||
--- a/src/client.c
|
||||
+++ b/src/client.c
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <popt.h>
|
||||
#include <pwd.h>
|
||||
#include <stddef.h>
|
||||
+#include <stdlib.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
@@ -628,6 +629,8 @@ main(int argc, char *argv[])
|
||||
POPT_TABLEEND
|
||||
};
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||
|
||||
rc = poptReadDefaultConfig(optCon, 0);
|
||||
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
||||
index 93905782c0c..ad34970a62d 100644
|
||||
--- a/src/efikeygen.c
|
||||
+++ b/src/efikeygen.c
|
||||
@@ -595,6 +595,8 @@ int main(int argc, char *argv[])
|
||||
POPT_TABLEEND
|
||||
};
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||
|
||||
int rc = poptReadDefaultConfig(optCon, 0);
|
||||
diff --git a/src/efisiglist.c b/src/efisiglist.c
|
||||
index a7ed528ca13..b88c4a06ded 100644
|
||||
--- a/src/efisiglist.c
|
||||
+++ b/src/efisiglist.c
|
||||
@@ -177,6 +177,8 @@ main(int argc, char *argv[])
|
||||
POPT_TABLEEND
|
||||
};
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||
|
||||
rc = poptReadDefaultConfig(optCon, 0);
|
||||
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
|
||||
index c8e10860855..535999ca7fa 100644
|
||||
--- a/src/pesigcheck.c
|
||||
+++ b/src/pesigcheck.c
|
||||
@@ -464,6 +464,8 @@ main(int argc, char *argv[])
|
||||
POPT_TABLEEND
|
||||
};
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
rc = pesigcheck_context_init(ctxp);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr, "pesigcheck: Could not initialize context: %m\n");
|
||||
diff --git a/src/pesign.c b/src/pesign.c
|
||||
index 6ceda34f797..bc12e4d920a 100644
|
||||
--- a/src/pesign.c
|
||||
+++ b/src/pesign.c
|
||||
@@ -416,6 +416,8 @@ main(int argc, char *argv[])
|
||||
char *certdir = "/etc/pki/pesign";
|
||||
char *signum = NULL;
|
||||
|
||||
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||
+
|
||||
rc = pesign_context_new(&ctxp);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr, "Could not initialize context: %m\n");
|
||||
--
|
||||
2.26.2
|
||||
|
10
pesign.spec
10
pesign.spec
@ -3,7 +3,7 @@
|
||||
Name: pesign
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Version: 0.112
|
||||
Release: 30%{?dist}
|
||||
Release: 31%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
|
||||
@ -72,6 +72,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
|
||||
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
|
||||
Patch0030: 0030-efikeygen-Fix-the-build-with-nss-3.44.patch
|
||||
Patch0031: 0031-pesigcheck-Fix-a-wrong-assignment.patch
|
||||
Patch0032: 0032-Use-sql-type-nss-database-everywhere-by-default.patch
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
@ -145,6 +146,9 @@ exit 0
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart pesign.service
|
||||
|
||||
%posttrans
|
||||
certutil -d /etc/pki/pesign/ -X -L > /dev/null
|
||||
%endif
|
||||
|
||||
%files
|
||||
@ -179,6 +183,10 @@ exit 0
|
||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||
|
||||
%changelog
|
||||
* Mon Jun 08 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.112-31
|
||||
- Switch default NSS database to SQLite format (pjones)
|
||||
Resolves: rhbz#1827902
|
||||
|
||||
* Mon Feb 24 2020 Peter Jones <pjones@redhat.com> - 0.112-30
|
||||
- Make sure the patch for -29 is actually in the build in f32, and
|
||||
synchronize with master.
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
e377e0bc924287ee09356a239c5f51a8 certs.tar.xz
|
||||
eae1d66e160be744ff310ad7592ae31e pesign-0.112.tar.bz2
|
||||
SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f
|
||||
SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c
|
||||
|
Loading…
Reference in New Issue
Block a user