Switch default NSS database to SQLite format

Resolves: rhbz#1827902 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2020-06-08 15:54:08 +02:00 · 2020-06-08 15:54:08 +02:00 · 6076214ded
commit 6076214ded
parent 9664ede71c
3 changed files with 115 additions and 3 deletions
--- a/0032-Use-sql-type-nss-database-everywhere-by-default.patch
+++ b/0032-Use-sql-type-nss-database-everywhere-by-default.patch
@ -0,0 +1,104 @@
 From c2f2c8845b3ed34da0a76806ec81bc5ad60179ef Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 12 Mar 2018 10:51:24 -0400
 Subject: [PATCH] Use sql-type nss database everywhere by default.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/authvar.c    | 2 ++
 src/client.c     | 3 +++
 src/efikeygen.c  | 2 ++
 src/efisiglist.c | 2 ++
 src/pesigcheck.c | 2 ++
 src/pesign.c     | 2 ++
 6 files changed, 13 insertions(+)
 diff --git a/src/authvar.c b/src/authvar.c
 index 03e0c47f61c..47a73d12eaa 100644
 --- a/src/authvar.c
 +++ b/src/authvar.c
@@ -272,6 +272,8 @@ main(int argc, char *argv[])
 	int action = 0;
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	rc = authvar_context_init(ctxp);
 	if (rc < 0) {
 		fprintf(stderr, "Could not initialize context: %m\n");
 diff --git a/src/client.c b/src/client.c
 index 575c873fb70..64e7bbb7689 100644
 --- a/src/client.c
 +++ b/src/client.c
@@ -22,6 +22,7 @@
 #include <popt.h>
 #include <pwd.h>
 #include <stddef.h>
 +#include <stdlib.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -628,6 +629,8 @@ main(int argc, char *argv[])
 		POPT_TABLEEND
 	};
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
 	rc = poptReadDefaultConfig(optCon, 0);
 diff --git a/src/efikeygen.c b/src/efikeygen.c
 index 93905782c0c..ad34970a62d 100644
 --- a/src/efikeygen.c
 +++ b/src/efikeygen.c
@@ -595,6 +595,8 @@ int main(int argc, char *argv[])
 		POPT_TABLEEND
 	};
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
 	int rc = poptReadDefaultConfig(optCon, 0);
 diff --git a/src/efisiglist.c b/src/efisiglist.c
 index a7ed528ca13..b88c4a06ded 100644
 --- a/src/efisiglist.c
 +++ b/src/efisiglist.c
@@ -177,6 +177,8 @@ main(int argc, char *argv[])
 		POPT_TABLEEND
 	};
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
 	rc = poptReadDefaultConfig(optCon, 0);
 diff --git a/src/pesigcheck.c b/src/pesigcheck.c
 index c8e10860855..535999ca7fa 100644
 --- a/src/pesigcheck.c
 +++ b/src/pesigcheck.c
@@ -464,6 +464,8 @@ main(int argc, char *argv[])
 		POPT_TABLEEND
 	};
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	rc = pesigcheck_context_init(ctxp);
 	if (rc < 0) {
 		fprintf(stderr, "pesigcheck: Could not initialize context: %m\n");
 diff --git a/src/pesign.c b/src/pesign.c
 index 6ceda34f797..bc12e4d920a 100644
 --- a/src/pesign.c
 +++ b/src/pesign.c
@@ -416,6 +416,8 @@ main(int argc, char *argv[])
 	char *certdir = "/etc/pki/pesign";
 	char *signum = NULL;
 +	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
 +
 	rc = pesign_context_new(&ctxp);
 	if (rc < 0) {
 		fprintf(stderr, "Could not initialize context: %m\n");
 -- 
 2.26.2
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 0.112
-Release: 30%{?dist}
+Release: 31%{?dist}
 License: GPLv2
 URL:     https://github.com/vathpela/pesign
@ -72,6 +72,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
 Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
 Patch0030: 0030-efikeygen-Fix-the-build-with-nss-3.44.patch
 Patch0031: 0031-pesigcheck-Fix-a-wrong-assignment.patch
 Patch0032: 0032-Use-sql-type-nss-database-everywhere-by-default.patch
 %description
 This package contains the pesign utility for signing UEFI binaries as
@ -145,6 +146,9 @@ exit 0
 %postun
 %systemd_postun_with_restart pesign.service
 %posttrans
 certutil -d /etc/pki/pesign/ -X -L > /dev/null
 %endif
 %files
@ -179,6 +183,10 @@ exit 0
 %{python3_sitelib}/mockbuild/plugins/pesign.*
 %changelog
 * Mon Jun 08 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.112-31
 - Switch default NSS database to SQLite format (pjones)
  Resolves: rhbz#1827902
 * Mon Feb 24 2020 Peter Jones <pjones@redhat.com> - 0.112-30
 - Make sure the patch for -29 is actually in the build in f32, and
  synchronize with master.
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-e377e0bc924287ee09356a239c5f51a8  certs.tar.xz
+SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f
-eae1d66e160be744ff310ad7592ae31e  pesign-0.112.tar.bz2
+SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c
`@ -1,2 +1,2 @@`
	`e377e0bc924287ee09356a239c5f51a8 certs.tar.xz`	`SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f`
	`eae1d66e160be744ff310ad7592ae31e pesign-0.112.tar.bz2`	`SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c`