Switch default NSS database to SQLite format
Resolves: rhbz#1827902 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This commit is contained in:
parent
9664ede71c
commit
6076214ded
104
0032-Use-sql-type-nss-database-everywhere-by-default.patch
Normal file
104
0032-Use-sql-type-nss-database-everywhere-by-default.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
From c2f2c8845b3ed34da0a76806ec81bc5ad60179ef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Jones <pjones@redhat.com>
|
||||||
|
Date: Mon, 12 Mar 2018 10:51:24 -0400
|
||||||
|
Subject: [PATCH] Use sql-type nss database everywhere by default.
|
||||||
|
|
||||||
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
|
---
|
||||||
|
src/authvar.c | 2 ++
|
||||||
|
src/client.c | 3 +++
|
||||||
|
src/efikeygen.c | 2 ++
|
||||||
|
src/efisiglist.c | 2 ++
|
||||||
|
src/pesigcheck.c | 2 ++
|
||||||
|
src/pesign.c | 2 ++
|
||||||
|
6 files changed, 13 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/authvar.c b/src/authvar.c
|
||||||
|
index 03e0c47f61c..47a73d12eaa 100644
|
||||||
|
--- a/src/authvar.c
|
||||||
|
+++ b/src/authvar.c
|
||||||
|
@@ -272,6 +272,8 @@ main(int argc, char *argv[])
|
||||||
|
|
||||||
|
int action = 0;
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
rc = authvar_context_init(ctxp);
|
||||||
|
if (rc < 0) {
|
||||||
|
fprintf(stderr, "Could not initialize context: %m\n");
|
||||||
|
diff --git a/src/client.c b/src/client.c
|
||||||
|
index 575c873fb70..64e7bbb7689 100644
|
||||||
|
--- a/src/client.c
|
||||||
|
+++ b/src/client.c
|
||||||
|
@@ -22,6 +22,7 @@
|
||||||
|
#include <popt.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <stddef.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
@@ -628,6 +629,8 @@ main(int argc, char *argv[])
|
||||||
|
POPT_TABLEEND
|
||||||
|
};
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||||
|
|
||||||
|
rc = poptReadDefaultConfig(optCon, 0);
|
||||||
|
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
||||||
|
index 93905782c0c..ad34970a62d 100644
|
||||||
|
--- a/src/efikeygen.c
|
||||||
|
+++ b/src/efikeygen.c
|
||||||
|
@@ -595,6 +595,8 @@ int main(int argc, char *argv[])
|
||||||
|
POPT_TABLEEND
|
||||||
|
};
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||||
|
|
||||||
|
int rc = poptReadDefaultConfig(optCon, 0);
|
||||||
|
diff --git a/src/efisiglist.c b/src/efisiglist.c
|
||||||
|
index a7ed528ca13..b88c4a06ded 100644
|
||||||
|
--- a/src/efisiglist.c
|
||||||
|
+++ b/src/efisiglist.c
|
||||||
|
@@ -177,6 +177,8 @@ main(int argc, char *argv[])
|
||||||
|
POPT_TABLEEND
|
||||||
|
};
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
|
||||||
|
|
||||||
|
rc = poptReadDefaultConfig(optCon, 0);
|
||||||
|
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
|
||||||
|
index c8e10860855..535999ca7fa 100644
|
||||||
|
--- a/src/pesigcheck.c
|
||||||
|
+++ b/src/pesigcheck.c
|
||||||
|
@@ -464,6 +464,8 @@ main(int argc, char *argv[])
|
||||||
|
POPT_TABLEEND
|
||||||
|
};
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
rc = pesigcheck_context_init(ctxp);
|
||||||
|
if (rc < 0) {
|
||||||
|
fprintf(stderr, "pesigcheck: Could not initialize context: %m\n");
|
||||||
|
diff --git a/src/pesign.c b/src/pesign.c
|
||||||
|
index 6ceda34f797..bc12e4d920a 100644
|
||||||
|
--- a/src/pesign.c
|
||||||
|
+++ b/src/pesign.c
|
||||||
|
@@ -416,6 +416,8 @@ main(int argc, char *argv[])
|
||||||
|
char *certdir = "/etc/pki/pesign";
|
||||||
|
char *signum = NULL;
|
||||||
|
|
||||||
|
+ setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);
|
||||||
|
+
|
||||||
|
rc = pesign_context_new(&ctxp);
|
||||||
|
if (rc < 0) {
|
||||||
|
fprintf(stderr, "Could not initialize context: %m\n");
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
10
pesign.spec
10
pesign.spec
@ -3,7 +3,7 @@
|
|||||||
Name: pesign
|
Name: pesign
|
||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Version: 0.112
|
Version: 0.112
|
||||||
Release: 30%{?dist}
|
Release: 31%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/pesign
|
URL: https://github.com/vathpela/pesign
|
||||||
|
|
||||||
@ -72,6 +72,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
|
|||||||
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
|
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
|
||||||
Patch0030: 0030-efikeygen-Fix-the-build-with-nss-3.44.patch
|
Patch0030: 0030-efikeygen-Fix-the-build-with-nss-3.44.patch
|
||||||
Patch0031: 0031-pesigcheck-Fix-a-wrong-assignment.patch
|
Patch0031: 0031-pesigcheck-Fix-a-wrong-assignment.patch
|
||||||
|
Patch0032: 0032-Use-sql-type-nss-database-everywhere-by-default.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
@ -145,6 +146,9 @@ exit 0
|
|||||||
|
|
||||||
%postun
|
%postun
|
||||||
%systemd_postun_with_restart pesign.service
|
%systemd_postun_with_restart pesign.service
|
||||||
|
|
||||||
|
%posttrans
|
||||||
|
certutil -d /etc/pki/pesign/ -X -L > /dev/null
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%files
|
%files
|
||||||
@ -179,6 +183,10 @@ exit 0
|
|||||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 08 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.112-31
|
||||||
|
- Switch default NSS database to SQLite format (pjones)
|
||||||
|
Resolves: rhbz#1827902
|
||||||
|
|
||||||
* Mon Feb 24 2020 Peter Jones <pjones@redhat.com> - 0.112-30
|
* Mon Feb 24 2020 Peter Jones <pjones@redhat.com> - 0.112-30
|
||||||
- Make sure the patch for -29 is actually in the build in f32, and
|
- Make sure the patch for -29 is actually in the build in f32, and
|
||||||
synchronize with master.
|
synchronize with master.
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
e377e0bc924287ee09356a239c5f51a8 certs.tar.xz
|
SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f
|
||||||
eae1d66e160be744ff310ad7592ae31e pesign-0.112.tar.bz2
|
SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c
|
||||||
|
Loading…
Reference in New Issue
Block a user