Automatically select daemon as signer when using rpm macros.

Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-18 15:18:31 -04:00 · 2012-10-18 15:18:31 -04:00 · 9e2491cafb
commit 9e2491cafb
parent c0e5984614
37 changed files with 285 additions and 33 deletions
--- a/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
+++ b/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
@ -1,7 +1,7 @@
 From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 09:53:07 -0400
-Subject: [PATCH 01/32] Use PK11_TraverseCertsForNicknameInSlot after all.
+Subject: [PATCH 01/36] Use PK11_TraverseCertsForNicknameInSlot after all.
 As of 76bc13c it doesn't appear to be leaky any more, and it does a
 better job of disinguishing between certificates with the same nickname
--- a/0002-Remove-an-unused-field.patch
+++ b/0002-Remove-an-unused-field.patch
@ -1,7 +1,7 @@
 From e4aa0a2755d7b00e31760a7f90561b0566445fa4 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 09:54:10 -0400
-Subject: [PATCH 02/32] Remove an unused field.
+Subject: [PATCH 02/36] Remove an unused field.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
+++ b/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
@ -1,7 +1,7 @@
 From df5afd0e6d92f31a804f5f1631b6fae3b8ef4d8b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 09:54:37 -0400
-Subject: [PATCH 03/32] Free the certificate list we make once we're done
+Subject: [PATCH 03/36] Free the certificate list we make once we're done
 using it.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
+++ b/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
@ -1,7 +1,7 @@
 From c13cc0b03dcae9a743cc49aaa62c3923a3e7d8f9 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 09:55:02 -0400
-Subject: [PATCH 04/32] Make sure we actually look up the certificate when not
+Subject: [PATCH 04/36] Make sure we actually look up the certificate when not
 in daemon mode.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0005-Fix-check-for-allocations-on-tokenname-certname.patch
+++ b/0005-Fix-check-for-allocations-on-tokenname-certname.patch
@ -1,7 +1,7 @@
 From 844138e07535a8aa2be80496378c9929acaa1687 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 10:35:41 -0400
-Subject: [PATCH 05/32] Fix check for allocations on tokenname,certname.
+Subject: [PATCH 05/36] Fix check for allocations on tokenname,certname.
 If we didn't have anything to start with, we won't have anything when
 we're done...
--- a/0006-Update-valgrind.supp-for-newer-codepaths.patch
+++ b/0006-Update-valgrind.supp-for-newer-codepaths.patch
@ -1,7 +1,7 @@
 From 682233d107460b49071017b4d88c0430373dbd35 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 10:55:25 -0400
-Subject: [PATCH 06/32] Update valgrind.supp for newer codepaths.
+Subject: [PATCH 06/36] Update valgrind.supp for newer codepaths.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0007-Free-the-pid-string-once-we-re-done-writing-it.patch
+++ b/0007-Free-the-pid-string-once-we-re-done-writing-it.patch
@ -1,7 +1,7 @@
 From 81bf0e36a82a3d746a01aee50d8ee460dc794b19 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 10:57:20 -0400
-Subject: [PATCH 07/32] Free the pid string once we're done writing it.
+Subject: [PATCH 07/36] Free the pid string once we're done writing it.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
+++ b/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
@ -1,7 +1,7 @@
 From 50c50c8fbebab3d8b5efff35dc1a7ca4b44d6b19 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 11:08:30 -0400
-Subject: [PATCH 08/32] [valgrind] Don't complain about unlocking a key and
+Subject: [PATCH 08/36] [valgrind] Don't complain about unlocking a key and
 keeping the handle.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0009-Only-try-to-register-OIDs-once.patch
+++ b/0009-Only-try-to-register-OIDs-once.patch
@ -1,7 +1,7 @@
 From b71f1d2e8f7ad6853e5e68134a66baf9dea2471b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 11:26:04 -0400
-Subject: [PATCH 09/32] Only try to register OIDs once.
+Subject: [PATCH 09/36] Only try to register OIDs once.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0010-Check-for-NSS_Shutdown-failure.patch
+++ b/0010-Check-for-NSS_Shutdown-failure.patch
@ -1,7 +1,7 @@
 From f966137c17f74fc3e343dfb6e04300a9d179de03 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 12:05:29 -0400
-Subject: [PATCH 10/32] Check for NSS_Shutdown() failure.
+Subject: [PATCH 10/36] Check for NSS_Shutdown() failure.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
+++ b/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
@ -1,7 +1,7 @@
 From 0dddfd5e738232403220b0d18888f94fa0032a59 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 12:17:39 -0400
-Subject: [PATCH 11/32] Don't destroy stdin/stdout/stderr if we don't fork.
+Subject: [PATCH 11/36] Don't destroy stdin/stdout/stderr if we don't fork.
 I like being able to read my error messages.
--- a/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
+++ b/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
@ -1,7 +1,7 @@
 From 19c8e797d092e17f2882d249d5446728a76db050 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 14:29:30 -0400
-Subject: [PATCH 12/32] [valgrind] Add SECMOD_LoadModule codepath.
+Subject: [PATCH 12/36] [valgrind] Add SECMOD_LoadModule codepath.
 This is called once when we initialize the database.
--- a/0013-Don-t-set-up-digests-in-cms_context_init.patch
+++ b/0013-Don-t-set-up-digests-in-cms_context_init.patch
@ -1,7 +1,7 @@
 From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 14:33:35 -0400
-Subject: [PATCH 13/32] Don't set up digests in cms_context_init.
+Subject: [PATCH 13/36] Don't set up digests in cms_context_init.
 Move digest setup out of cms_context_init, so we can avoid leaking the
 reference to the digests by not having them in ctx->backup_cms in the
--- a/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
+++ b/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
@ -1,7 +1,7 @@
 From e1f8d4e38f4ad08fb407691a3f59edc19a1f15e2 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 14:41:18 -0400
-Subject: [PATCH 14/32] Do register_oids() where we're doing NSS_Init()
+Subject: [PATCH 14/36] Do register_oids() where we're doing NSS_Init()
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
+++ b/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
@ -1,7 +1,7 @@
 From 092e3f81233655849156b0948a53f3b5f51b8c97 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 14:43:58 -0400
-Subject: [PATCH 15/32] Make daemon shutdown actually close the NSS databases
+Subject: [PATCH 15/36] Make daemon shutdown actually close the NSS databases
 and whatnot.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
+++ b/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
@ -1,7 +1,7 @@
 From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:18:08 -0400
-Subject: [PATCH 16/32] Reformat a bunch of error messages to be vaguely
+Subject: [PATCH 16/36] Reformat a bunch of error messages to be vaguely
 consistent.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0017-Use-PORT_ArenaStrdup-where-appropriate.patch
+++ b/0017-Use-PORT_ArenaStrdup-where-appropriate.patch
@ -1,7 +1,7 @@
 From 8ffe6943f04d42314f81eb8b5e3350d4ccc41895 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:26:23 -0400
-Subject: [PATCH 17/32] Use PORT_ArenaStrdup() where appropriate.
+Subject: [PATCH 17/36] Use PORT_ArenaStrdup() where appropriate.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0018-Minor-whitespace-fixes.patch
+++ b/0018-Minor-whitespace-fixes.patch
@ -1,7 +1,7 @@
 From c196b462ad5267e8ed20c0b855b9921268b22a7b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:26:47 -0400
-Subject: [PATCH 18/32] Minor whitespace fixes.
+Subject: [PATCH 18/36] Minor whitespace fixes.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
+++ b/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
@ -1,7 +1,7 @@
 From 7a8c50f620c7484af9d750f484df8a6837e6b2a5 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:27:03 -0400
-Subject: [PATCH 19/32] [daemon] Make sure inpe is initialized before all
+Subject: [PATCH 19/36] [daemon] Make sure inpe is initialized before all
 error handling.
 find_certificate() and set_up_inpe() errors wind up being at the same
--- a/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
+++ b/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
@ -1,7 +1,7 @@
 From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:31:15 -0400
-Subject: [PATCH 20/32] Allocate pesign_context rather than having it on the
+Subject: [PATCH 20/36] Allocate pesign_context rather than having it on the
 stack.
 This way it won't try to re-initialize cms_context when it's cleaned up.
--- a/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
+++ b/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
@ -1,7 +1,7 @@
 From 444a514e1a7c9a27953f914cf416d559ef5be083 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:32:57 -0400
-Subject: [PATCH 21/32] [pesign] initialize nss only if we're not a daemon.
+Subject: [PATCH 21/36] [pesign] initialize nss only if we're not a daemon.
 If it's a deamon, NSS_Init, register_oids, and setup_digests will be
 done in the daemon code, not in the normal tool code.
--- a/0022-Handle-errors-on-pesign_context_init.patch
+++ b/0022-Handle-errors-on-pesign_context_init.patch
@ -1,7 +1,7 @@
 From a1ce809e199c7fbbd6f5c0e75f27a4234fcbd2bc Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 15:34:00 -0400
-Subject: [PATCH 22/32] Handle errors on pesign_context_init()
+Subject: [PATCH 22/36] Handle errors on pesign_context_init()
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
+++ b/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
@ -1,7 +1,7 @@
 From 4ed91a1bb65769401c0fd6c1c5b2a3c64c0c1266 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 16:35:43 -0400
-Subject: [PATCH 23/32] Add sanity checking to make sure we don't emit
+Subject: [PATCH 23/36] Add sanity checking to make sure we don't emit
 uninitialized hashes.
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
+++ b/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
@ -1,7 +1,7 @@
 From d8ead122f34375a496d280bcc803f730542ca78d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 17:47:49 -0400
-Subject: [PATCH 24/32] Make sure we free the token/cert we get from the
+Subject: [PATCH 24/36] Make sure we free the token/cert we get from the
 command line.
 This probably needs some further examination, but valgrind likes what's
--- a/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
+++ b/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
@ -1,7 +1,7 @@
 From 2030d382b49a1b957de829a67f74d9cc127c55ee Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 17:48:44 -0400
-Subject: [PATCH 25/32] [pesign] Only shut down nss in pesign.c if we're not
+Subject: [PATCH 25/36] [pesign] Only shut down nss in pesign.c if we're not
 the daemon.
 The daemon does its own init and shutdown.
--- a/0026-Rework-setup_digests-and-teardown_digests.patch
+++ b/0026-Rework-setup_digests-and-teardown_digests.patch
@ -1,7 +1,7 @@
 From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 17:49:17 -0400
-Subject: [PATCH 26/32] Rework setup_digests() and teardown_digests()
+Subject: [PATCH 26/36] Rework setup_digests() and teardown_digests()
 This fixes the problem I was seeing with empty content_info digests, and
 makes the code a /little/ bit cleaner in some ways.
--- a/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
+++ b/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
@ -1,7 +1,7 @@
 From 15cd554d35c5ea8d31671b346dffd84e27e7c6ec Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 17:52:57 -0400
-Subject: [PATCH 27/32] We shouldn't need
+Subject: [PATCH 27/36] We shouldn't need
 Environment=NSS_STRICT_NOFORK=DISABLED any more.
 Since NSS_Init is called from the daemon now, we should get past its
--- a/0028-Fix-errors-found-by-coverity.patch
+++ b/0028-Fix-errors-found-by-coverity.patch
@ -1,7 +1,7 @@
 From 1b94dd90f5a1c65df16ffe3b0619ce5dc0ca1f06 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Wed, 17 Oct 2012 19:59:49 -0400
-Subject: [PATCH 28/32] Fix errors found by coverity.
+Subject: [PATCH 28/36] Fix errors found by coverity.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0029-Don-t-keep-the-DEPS-list-twice.patch
+++ b/0029-Don-t-keep-the-DEPS-list-twice.patch
@ -1,7 +1,7 @@
 From 95c0fe1d512fcdf3b397359fb0f54dc44e5947c2 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 09:12:25 -0400
-Subject: [PATCH 29/32] Don't keep the DEPS list twice.
+Subject: [PATCH 29/36] Don't keep the DEPS list twice.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0030-Don-t-build-util-right-now.patch
+++ b/0030-Don-t-build-util-right-now.patch
@ -1,7 +1,7 @@
 From 44aad110fd3f0a12e1817d95047f882c4d8b0fce Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 11:36:10 -0400
-Subject: [PATCH 30/32] Don't build util/ right now.
+Subject: [PATCH 30/36] Don't build util/ right now.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
+++ b/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
@ -1,7 +1,7 @@
 From 4c13f6d393db0aa5ff5b327cb5e842ee21522236 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 13:09:58 -0400
-Subject: [PATCH 31/32] Make "install_systemd" and "install_sysvinit" separate
+Subject: [PATCH 31/36] Make "install_systemd" and "install_sysvinit" separate
 targets
 Signed-off-by: Peter Jones <pjones@redhat.com>
--- a/0032-Get-rid-of-an-unnecessary-allocation.patch
+++ b/0032-Get-rid-of-an-unnecessary-allocation.patch
@ -1,7 +1,7 @@
 From df1b69e304f2a7eb82e2f94e50f07099afbf4578 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 13:10:28 -0400
-Subject: [PATCH 32/32] Get rid of an unnecessary allocation.
+Subject: [PATCH 32/36] Get rid of an unnecessary allocation.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
--- a/0033-Allow-use-of-e-from-rpm-macro.patch
+++ b/0033-Allow-use-of-e-from-rpm-macro.patch
@ -0,0 +1,29 @@
 From 24a63eab7ddbe2be3ab6b25b04602d8e3fe5d775 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 14:28:36 -0400
 Subject: [PATCH 33/36] Allow use of -e from rpm macro.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/macros.pesign | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/macros.pesign b/src/macros.pesign
 index 703edbb..7706050 100644
 --- a/src/macros.pesign
 +++ b/src/macros.pesign
@@ -11,9 +11,9 @@
 %_pesign /usr/bin/pesign
 -%pesign(i:o:C:s) \
 +%pesign(i:o:C:e:s) \
   if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
 -    %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-s} \
 +    %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-e} %{-s} \
   else \
     if [ -n "%{-i*}" -a -n "%{-o*}" ]; then \
       mv %{-i*} %{-o*} \
 -- 
 1.7.12.1
--- a/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
+++ b/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
@ -0,0 +1,81 @@
 From e5c632516a2a31f3e184d0ca9d8ac5ceba1f9015 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 14:55:07 -0400
 Subject: [PATCH 34/36] Make client use -e like pesign does, rather than
 --detached.
 This way we can use the same macros for them.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/client.c        | 22 ++++++++++++++++++++--
 src/pesign-client.1 |  3 ++-
 2 files changed, 22 insertions(+), 3 deletions(-)
 diff --git a/src/client.c b/src/client.c
 index df1c8f2..5e5399d 100644
 --- a/src/client.c
 +++ b/src/client.c
@@ -434,6 +434,7 @@ main(int argc, char *argv[])
 	int action;
 	char *infile = NULL;
 	char *outfile = NULL;
 +	char *exportfile = NULL;
 	int attached = 1;
 	int pinfd = -1;
 	char *pinfile = NULL;
@@ -456,8 +457,9 @@ main(int argc, char *argv[])
 			&infile, 0, "input filename", "<infile>" },
 		{"outfile", 'o', POPT_ARG_STRING,
 			&outfile, 0, "output filename", "<outfile>" },
 -		{"detached", 'd', POPT_ARG_VAL, &attached, 0,
 -			"create detached signature", NULL },
 +		{"export", 'e', POPT_ARG_STRING,
 +			&exportfile, 0, "create detached signature",
 +			"<outfile>" },
 		{"pinfd", 'f', POPT_ARG_INT, &pinfd, -1,
 			"read file descriptor for pin information",
 			"<file descriptor>" },
@@ -494,6 +496,22 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 +	if (!outfile && !exportfile) {
 +		fprintf(stderr, "pesign-client: neither --outfile nor --export "
 +			"specified\n");
 +		exit(1);
 +	}
 +
 +	if (outfile && exportfile) {
 +		fprintf(stderr, "pesign-client: both --outfile and --export "
 +			"specified\n");
 +		exit(1);
 +	}
 +	if (exportfile) {
 +		outfile = exportfile;
 +		attached = 0;
 +	}
 +
 	poptFreeContext(optCon);
 	int sd = connect_to_server();
 diff --git a/src/pesign-client.1 b/src/pesign-client.1
 index 686383e..1ccfbb3 100644
 --- a/src/pesign-client.1
 +++ b/src/pesign-client.1
@@ -5,10 +5,11 @@ pesign-client \- command line tool for signing UEFI applications
 .SH SYNOPSIS
 \fBpesign\fR [--in=\fIinfile\fR | -i \fIinfile\fR]
        [--out=\fIoutfile\fR | -o \fIoutfile\fR]
 +       [--export=\fIexportfile\fR | -e \fIexportfile\fR]
        [--token=\fItoken\fR | -t \fItoken\fR]
        [--certificate=\fInickname\fR | -c \fInickname\fR]
        [--unlock | -u] [--kill | -k] [--sign | -s]
 -       [--detached | -d] [--pinfd=\fIpinfd\fR | -f \fIpinfd\fR]
 +       [--pinfd=\fIpinfd\fR | -f \fIpinfd\fR]
        [--pinfile=\fIpinfile\fR | -F \fIpinfile\fR]
 .SH DESCRIPTION
 -- 
 1.7.12.1
--- a/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
+++ b/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
@ -0,0 +1,93 @@
 From f1a2f097cfb290951702251703abcd34ca0bf9e6 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 15:13:11 -0400
 Subject: [PATCH 35/36] Fix shutdown by systemd to remove socket and pidfile.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/daemon.c | 33 +++++++++++++++------------------
 src/daemon.h |  1 +
 2 files changed, 16 insertions(+), 18 deletions(-)
 diff --git a/src/daemon.c b/src/daemon.c
 index 7ad036c..974a559 100644
 --- a/src/daemon.c
 +++ b/src/daemon.c
@@ -116,15 +116,6 @@ send_response(context *ctx, cms_context *cms, struct pollfd *pollfd, int rc)
 static void
 handle_kill_daemon(context *ctx, struct pollfd *pollfd, socklen_t size)
 {
 -	if (ctx->sd >= 0) {
 -		close(ctx->sd);
 -		unlink(SOCKPATH);
 -	}
 -	xfree(ctx->errstr);
 -
 -	ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
 -			"pesignd exiting (pid %d)", getpid());
 -
 	should_exit = 1;
 }
@@ -602,11 +593,17 @@ handle_event(context *ctx, struct pollfd *pollfd)
 static void
 do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds)
 {
 +	unlink(SOCKPATH);
 +	unlink(PIDFILE);
 +
 +	ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
 +			"pesignd exiting (pid %d)", getpid());
 +
 +	xfree(ctx->errstr);
 +
 	for (int i = 0; i < nsockets; i++)
 		close(pollfds[i].fd);
 	free(pollfds);
 -
 -	xfree(ctx->errstr);
 }
 static int
@@ -843,7 +840,7 @@ daemon_logger(cms_context *cms, int priority, char *fmt, ...)
 static void
 write_pid_file(int pid)
 {
 -	int fd = open("/var/run/pesign.pid", O_WRONLY|O_CREAT|O_TRUNC, 0644);
 +	int fd = open(PIDFILE, O_WRONLY|O_CREAT|O_TRUNC, 0644);
 	if (fd < 0) {
 err:
 		fprintf(stderr, "couldn't open pidfile: %m\n");
@@ -963,12 +960,12 @@ daemonize(cms_context *cms_ctx, int do_fork)
 	setsid();
 	if (do_fork) {
 -		signal(SIGTTOU, SIG_IGN);
 -		signal(SIGTTIN, SIG_IGN);
 -		signal(SIGTSTP, SIG_IGN);
 -		signal(SIGQUIT, quit_handler);
 -		signal(SIGINT, quit_handler);
 -		signal(SIGTERM, quit_handler);
 +		struct sigaction sa = {
 +			.sa_handler = quit_handler,
 +		};
 +		sigaction(SIGQUIT, &sa, NULL);
 +		sigaction(SIGINT, &sa, NULL);
 +		sigaction(SIGTERM, &sa, NULL);
 	}
 	char *homedir = NULL;
 diff --git a/src/daemon.h b/src/daemon.h
 index 56cef17..5485e60 100644
 --- a/src/daemon.h
 +++ b/src/daemon.h
@@ -48,5 +48,6 @@ typedef enum {
 #define PESIGND_VERSION 0xa3cf41cb
 #define SOCKPATH	"/var/run/pesign/socket"
 +#define PIDFILE		"/var/run/pesign.pid"
 #endif /* DAEMON_H */
 -- 
 1.7.12.1
--- a/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
+++ b/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
@ -0,0 +1,42 @@
 From 22308fbfb540b5215efb9ce96a4dfdce08ef9165 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Thu, 18 Oct 2012 15:16:05 -0400
 Subject: [PATCH 36/36] Make the macros use the default (fedora) signer if
 there's a daemon running.
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/macros.pesign | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 diff --git a/src/macros.pesign b/src/macros.pesign
 index 7706050..fb9d21e 100644
 --- a/src/macros.pesign
 +++ b/src/macros.pesign
@@ -10,13 +10,22 @@
 %__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"}
 %_pesign /usr/bin/pesign
 +%_pesign_client /usr/bin/pesign-client
 %pesign(i:o:C:e:s) \
   if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
 -    %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-e} %{-s} \
 +    if [ -e /var/run/pesign/socket ]; then \
 +      %{_pesign_client} -t "OpenSC Card (Fedora Signing CA)" \\\
 +      			-c "/CN=Fedora Secure Boot Signer" \\\
 +			%{-i} %{-o} %{-e} %{-s} \
 +    else \
 +      %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-e} %{-s} \
 +    fi \
   else \
     if [ -n "%{-i*}" -a -n "%{-o*}" ]; then \
       mv %{-i*} %{-o*} \
 +    elif [ -n "%{-i*}" -a -n "%{-e*}" ]; then \
 +      touch %{-e*} \
     fi \
   fi ;
 -- 
 1.7.12.1
--- a/pesign.spec
+++ b/pesign.spec
@ -1,7 +1,7 @@
 Summary: Signing utility for UEFI binaries
 Name: pesign
 Version: 0.99
-Release: 5%{?dist}
+Release: 6%{?dist}
 Group: Development/System
 License: GPLv2
 URL: https://github.com/vathpela/pesign
@ -49,6 +49,10 @@ Patch29: 0029-Don-t-keep-the-DEPS-list-twice.patch
 Patch30: 0030-Don-t-build-util-right-now.patch
 Patch31: 0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
 Patch32: 0032-Get-rid-of-an-unnecessary-allocation.patch
 Patch33: 0033-Allow-use-of-e-from-rpm-macro.patch
 Patch34: 0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch
 Patch35: 0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch
 Patch36: 0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch
 %description
 This package contains the pesign utility for signing UEFI binaries as
@ -113,6 +117,9 @@ exit 0
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
 %changelog
 * Thu Oct 18 2012 Peter Jones <pjones@redhat.com> - 0.99-6
 - Automatically select daemon as signer when using rpm macros.
 * Thu Oct 18 2012 Peter Jones <pjones@redhat.com> - 0.99-5
 - Make it work on the -el6 branch as well.