rpms/pesign
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix the signer name for fedora and some other minor nits

Browse Source 
Related: rhbz#1708773
  Related: rhbz#1678146

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2020-06-12 11:52:32 -04:00
parent edca44f2a2
commit 9b526cffa9
3 changed files with 85 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0004-Rename-var-run-to-run.patch Normal file
View File

@ -0,0 +1,46 @@
From f886b7088dfea224e28c03b097c85c9bc20f5441 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 12 Jun 2020 11:49:44 -0400
Subject: [PATCH] Rename /var/run/ to /run/
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/macros.pesign | 12 ++++++------
src/tmpfiles.conf | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index 56f75cafbc4..5a6da1c6809 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -45,14 +45,14 @@
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
elif [ "$(id -un)" == "kojibuilder" -a \\\
grep -q ID=fedora /etc/os-release -a \\\
- ! -S /var/run/pesign/socket ]; then \
+ ! -S /run/pesign/socket ]; then \
echo "No socket even though this is kojibuilder" 1>&2 \
- ls -ld /var/run/pesign 1>&2 \
- ls -l /var/run/pesign/socket 1>&2 \
- getfacl /var/run/pesign 1>&2 \
- getfacl /var/run/pesign/socket 1>&2 \
+ ls -ld /run/pesign 1>&2 \
+ ls -l /run/pesign/socket 1>&2 \
+ getfacl /run/pesign 1>&2 \
+ getfacl /run/pesign/socket 1>&2 \
exit 1 \
- elif [ -S /var/run/pesign/socket ]; then \
+ elif [ -S /run/pesign/socket ]; then \
%{_pesign_client} -t %{__pesign_client_token} \\\
-c %{__pesign_client_cert} \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
diff --git a/src/tmpfiles.conf b/src/tmpfiles.conf
index c1cf35597d8..3375ad52a44 100644
--- a/src/tmpfiles.conf
+++ b/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -
--
2.26.2

30
0005-Apparently-opensc-got-updated-and-the-token-name-cha.patch Normal file
View File

@ -0,0 +1,30 @@
From 56eaa15e986d808c670381ca375216eb3abd1588 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Tue, 18 Feb 2020 16:37:53 -0500
Subject: [PATCH] Apparently opensc got updated and the token name changed
All the kernel builds started failing yesterday because the signing
token could not be found. Update the token name in the macro shipped by
pesign.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/macros.pesign | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index 7c5cba170e9..56f75cafbc4 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -9,7 +9,7 @@
%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
-%__pesign_client_token %{!?pe_signing_token:"Fedora Signer (OpenSC Card)"}%{?pe_signing_token:"%{pe_signing_token}"}
+%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"}
%_pesign /usr/bin/pesign
--
2.26.2

14
pesign.spec
View File

@ -3,7 +3,7 @@
Name: pesign Name: pesign
Summary: Signing utility for UEFI binaries Summary: Signing utility for UEFI binaries
Version: 113 Version: 113
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2 License: GPLv2
URL: https://github.com/vathpela/pesign URL: https://github.com/vathpela/pesign
@ -44,6 +44,8 @@ Source2: pesign.py
Patch0001: 0001-efikeygen-Fix-the-build-with-nss-3.44.patch Patch0001: 0001-efikeygen-Fix-the-build-with-nss-3.44.patch
Patch0002: 0002-pesigcheck-Fix-a-wrong-assignment.patch Patch0002: 0002-pesigcheck-Fix-a-wrong-assignment.patch
Patch0003: 0003-Make-0.112-client-and-server-work-with-the-113-proto.patch Patch0003: 0003-Make-0.112-client-and-server-work-with-the-113-proto.patch
Patch0004: 0004-Rename-var-run-to-run.patch
Patch0005: 0005-Apparently-opensc-got-updated-and-the-token-name-cha.patch
%description %description
This package contains the pesign utility for signing UEFI binaries as This package contains the pesign utility for signing UEFI binaries as
@ -61,9 +63,6 @@ git am %{patches} </dev/null
git config --unset user.email git config --unset user.email
git config --unset user.name git config --unset user.name
# https://bugzilla.redhat.com/show_bug.cgi?id=1678146
sed -i 's|/var/run/pesign|/run/pesign|' src/tmpfiles.conf
%build %build
make PREFIX=%{_prefix} LIBDIR=%{_libdir} make PREFIX=%{_prefix} LIBDIR=%{_libdir}
@ -101,7 +100,7 @@ install -m 0755 %{SOURCE2} %{buildroot}%{python3_sitelib}/mockbuild/plugins/
%pre %pre
getent group pesign >/dev/null || groupadd -r pesign getent group pesign >/dev/null || groupadd -r pesign
getent passwd pesign >/dev/null || \ getent passwd pesign >/dev/null || \
useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \ useradd -r -g pesign -d /run/pesign -s /sbin/nologin \
-c "Group for the pesign signing daemon" pesign -c "Group for the pesign signing daemon" pesign
exit 0 exit 0
@ -152,6 +151,11 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
%{python3_sitelib}/mockbuild/plugins/pesign.* %{python3_sitelib}/mockbuild/plugins/pesign.*
%changelog %changelog
* Fri Jun 12 2020 Peter Jones <pjones@redhat.com> - 113-3
- Fix the signer name for fedora and some other minor nits
Related: rhbz#1708773
Related: rhbz#1678146
* Thu Jun 11 2020 Peter Jones <pjones@redhat.com> - 113-2 * Thu Jun 11 2020 Peter Jones <pjones@redhat.com> - 113-2
- Fix a signing protocol bug we introduced in 113 that makes the fedora - Fix a signing protocol bug we introduced in 113 that makes the fedora
kernel builders fail. kernel builders fail.