From b58922c480ce87b354b555fada21a27c8f124b1f Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 19 Oct 2012 10:24:10 -0400 Subject: [PATCH] setfacl u:kojibuilder:rw /var/run/pesign/socket - Fix command line checking in client - Add client stdin pin reading. --- ...erseCertsForNicknameInSlot-after-all.patch | 2 +- 0002-Remove-an-unused-field.patch | 2 +- ...cate-list-we-make-once-we-re-done-us.patch | 2 +- ...ually-look-up-the-certificate-when-n.patch | 2 +- ...or-allocations-on-tokenname-certname.patch | 2 +- ...te-valgrind.supp-for-newer-codepaths.patch | 2 +- ...id-string-once-we-re-done-writing-it.patch | 2 +- ...omplain-about-unlocking-a-key-and-ke.patch | 2 +- 0009-Only-try-to-register-OIDs-once.patch | 2 +- 0010-Check-for-NSS_Shutdown-failure.patch | 2 +- ...stdin-stdout-stderr-if-we-don-t-fork.patch | 2 +- ...grind-Add-SECMOD_LoadModule-codepath.patch | 2 +- ...t-set-up-digests-in-cms_context_init.patch | 2 +- ...ster_oids-where-we-re-doing-NSS_Init.patch | 2 +- ...down-actually-close-the-NSS-database.patch | 2 +- ...-of-error-messages-to-be-vaguely-con.patch | 2 +- ...e-PORT_ArenaStrdup-where-appropriate.patch | 2 +- 0018-Minor-whitespace-fixes.patch | 2 +- ...-inpe-is-initialized-before-all-erro.patch | 2 +- ...context-rather-than-having-it-on-the.patch | 2 +- ...alize-nss-only-if-we-re-not-a-daemon.patch | 2 +- ...Handle-errors-on-pesign_context_init.patch | 2 +- ...ing-to-make-sure-we-don-t-emit-unini.patch | 2 +- ...e-the-token-cert-we-get-from-the-com.patch | 2 +- ...-down-nss-in-pesign.c-if-we-re-not-t.patch | 2 +- ...k-setup_digests-and-teardown_digests.patch | 2 +- ...d-Environment-NSS_STRICT_NOFORK-DISA.patch | 2 +- 0028-Fix-errors-found-by-coverity.patch | 2 +- 0029-Don-t-keep-the-DEPS-list-twice.patch | 2 +- 0030-Don-t-build-util-right-now.patch | 2 +- ...temd-and-install_sysvinit-separate-t.patch | 2 +- ...Get-rid-of-an-unnecessary-allocation.patch | 2 +- 0033-Allow-use-of-e-from-rpm-macro.patch | 2 +- ...e-like-pesign-does-rather-than-detac.patch | 2 +- ...systemd-to-remove-socket-and-pidfile.patch | 2 +- ...use-the-default-fedora-signer-if-the.patch | 2 +- 0037-Fix-command-line-checking-for-s.patch | 28 +++ ...to-read-the-pin-from-stdin-in-client.patch | 178 ++++++++++++++++++ ...uthentication-failure-error-reportin.patch | 60 ++++++ ...ysvinit-script-to-allow-kojibuilder-.patch | 28 +++ ...te-so-immediately-if-we-re-the-paren.patch | 33 ++++ pesign.spec | 12 +- 42 files changed, 374 insertions(+), 37 deletions(-) create mode 100644 0037-Fix-command-line-checking-for-s.patch create mode 100644 0038-Add-support-to-read-the-pin-from-stdin-in-client.patch create mode 100644 0039-Fix-token-auth-authentication-failure-error-reportin.patch create mode 100644 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch create mode 100644 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch diff --git a/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch b/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch index 8c3ae67..35b19b7 100644 --- a/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch +++ b/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch @@ -1,7 +1,7 @@ From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 09:53:07 -0400 -Subject: [PATCH 01/36] Use PK11_TraverseCertsForNicknameInSlot after all. +Subject: [PATCH 01/41] Use PK11_TraverseCertsForNicknameInSlot after all. As of 76bc13c it doesn't appear to be leaky any more, and it does a better job of disinguishing between certificates with the same nickname diff --git a/0002-Remove-an-unused-field.patch b/0002-Remove-an-unused-field.patch index 3d9daa5..7fa6b72 100644 --- a/0002-Remove-an-unused-field.patch +++ b/0002-Remove-an-unused-field.patch @@ -1,7 +1,7 @@ From e4aa0a2755d7b00e31760a7f90561b0566445fa4 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 09:54:10 -0400 -Subject: [PATCH 02/36] Remove an unused field. +Subject: [PATCH 02/41] Remove an unused field. Signed-off-by: Peter Jones --- diff --git a/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch b/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch index ad1cf6e..e82eba1 100644 --- a/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch +++ b/0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch @@ -1,7 +1,7 @@ From df5afd0e6d92f31a804f5f1631b6fae3b8ef4d8b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 09:54:37 -0400 -Subject: [PATCH 03/36] Free the certificate list we make once we're done +Subject: [PATCH 03/41] Free the certificate list we make once we're done using it. Signed-off-by: Peter Jones diff --git a/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch b/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch index b79d680..4a0fb36 100644 --- a/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch +++ b/0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch @@ -1,7 +1,7 @@ From c13cc0b03dcae9a743cc49aaa62c3923a3e7d8f9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 09:55:02 -0400 -Subject: [PATCH 04/36] Make sure we actually look up the certificate when not +Subject: [PATCH 04/41] Make sure we actually look up the certificate when not in daemon mode. Signed-off-by: Peter Jones diff --git a/0005-Fix-check-for-allocations-on-tokenname-certname.patch b/0005-Fix-check-for-allocations-on-tokenname-certname.patch index 94d7a74..6fca165 100644 --- a/0005-Fix-check-for-allocations-on-tokenname-certname.patch +++ b/0005-Fix-check-for-allocations-on-tokenname-certname.patch @@ -1,7 +1,7 @@ From 844138e07535a8aa2be80496378c9929acaa1687 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 10:35:41 -0400 -Subject: [PATCH 05/36] Fix check for allocations on tokenname,certname. +Subject: [PATCH 05/41] Fix check for allocations on tokenname,certname. If we didn't have anything to start with, we won't have anything when we're done... diff --git a/0006-Update-valgrind.supp-for-newer-codepaths.patch b/0006-Update-valgrind.supp-for-newer-codepaths.patch index 91cbf56..54aa698 100644 --- a/0006-Update-valgrind.supp-for-newer-codepaths.patch +++ b/0006-Update-valgrind.supp-for-newer-codepaths.patch @@ -1,7 +1,7 @@ From 682233d107460b49071017b4d88c0430373dbd35 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 10:55:25 -0400 -Subject: [PATCH 06/36] Update valgrind.supp for newer codepaths. +Subject: [PATCH 06/41] Update valgrind.supp for newer codepaths. Signed-off-by: Peter Jones --- diff --git a/0007-Free-the-pid-string-once-we-re-done-writing-it.patch b/0007-Free-the-pid-string-once-we-re-done-writing-it.patch index 811a72d..d02d84f 100644 --- a/0007-Free-the-pid-string-once-we-re-done-writing-it.patch +++ b/0007-Free-the-pid-string-once-we-re-done-writing-it.patch @@ -1,7 +1,7 @@ From 81bf0e36a82a3d746a01aee50d8ee460dc794b19 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 10:57:20 -0400 -Subject: [PATCH 07/36] Free the pid string once we're done writing it. +Subject: [PATCH 07/41] Free the pid string once we're done writing it. Signed-off-by: Peter Jones --- diff --git a/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch b/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch index 2a468c0..b6a8f0d 100644 --- a/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch +++ b/0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch @@ -1,7 +1,7 @@ From 50c50c8fbebab3d8b5efff35dc1a7ca4b44d6b19 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 11:08:30 -0400 -Subject: [PATCH 08/36] [valgrind] Don't complain about unlocking a key and +Subject: [PATCH 08/41] [valgrind] Don't complain about unlocking a key and keeping the handle. Signed-off-by: Peter Jones diff --git a/0009-Only-try-to-register-OIDs-once.patch b/0009-Only-try-to-register-OIDs-once.patch index cd23784..25843ba 100644 --- a/0009-Only-try-to-register-OIDs-once.patch +++ b/0009-Only-try-to-register-OIDs-once.patch @@ -1,7 +1,7 @@ From b71f1d2e8f7ad6853e5e68134a66baf9dea2471b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 11:26:04 -0400 -Subject: [PATCH 09/36] Only try to register OIDs once. +Subject: [PATCH 09/41] Only try to register OIDs once. Signed-off-by: Peter Jones --- diff --git a/0010-Check-for-NSS_Shutdown-failure.patch b/0010-Check-for-NSS_Shutdown-failure.patch index ad14586..2e6042c 100644 --- a/0010-Check-for-NSS_Shutdown-failure.patch +++ b/0010-Check-for-NSS_Shutdown-failure.patch @@ -1,7 +1,7 @@ From f966137c17f74fc3e343dfb6e04300a9d179de03 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 12:05:29 -0400 -Subject: [PATCH 10/36] Check for NSS_Shutdown() failure. +Subject: [PATCH 10/41] Check for NSS_Shutdown() failure. Signed-off-by: Peter Jones --- diff --git a/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch b/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch index 01123d6..333df42 100644 --- a/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch +++ b/0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch @@ -1,7 +1,7 @@ From 0dddfd5e738232403220b0d18888f94fa0032a59 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 12:17:39 -0400 -Subject: [PATCH 11/36] Don't destroy stdin/stdout/stderr if we don't fork. +Subject: [PATCH 11/41] Don't destroy stdin/stdout/stderr if we don't fork. I like being able to read my error messages. diff --git a/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch b/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch index 05294af..d0bc3c4 100644 --- a/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch +++ b/0012-valgrind-Add-SECMOD_LoadModule-codepath.patch @@ -1,7 +1,7 @@ From 19c8e797d092e17f2882d249d5446728a76db050 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 14:29:30 -0400 -Subject: [PATCH 12/36] [valgrind] Add SECMOD_LoadModule codepath. +Subject: [PATCH 12/41] [valgrind] Add SECMOD_LoadModule codepath. This is called once when we initialize the database. diff --git a/0013-Don-t-set-up-digests-in-cms_context_init.patch b/0013-Don-t-set-up-digests-in-cms_context_init.patch index a878f7c..b471ba0 100644 --- a/0013-Don-t-set-up-digests-in-cms_context_init.patch +++ b/0013-Don-t-set-up-digests-in-cms_context_init.patch @@ -1,7 +1,7 @@ From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 14:33:35 -0400 -Subject: [PATCH 13/36] Don't set up digests in cms_context_init. +Subject: [PATCH 13/41] Don't set up digests in cms_context_init. Move digest setup out of cms_context_init, so we can avoid leaking the reference to the digests by not having them in ctx->backup_cms in the diff --git a/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch b/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch index dd10d17..76c5deb 100644 --- a/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch +++ b/0014-Do-register_oids-where-we-re-doing-NSS_Init.patch @@ -1,7 +1,7 @@ From e1f8d4e38f4ad08fb407691a3f59edc19a1f15e2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 14:41:18 -0400 -Subject: [PATCH 14/36] Do register_oids() where we're doing NSS_Init() +Subject: [PATCH 14/41] Do register_oids() where we're doing NSS_Init() Signed-off-by: Peter Jones --- diff --git a/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch b/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch index c191a24..aa173f4 100644 --- a/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch +++ b/0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch @@ -1,7 +1,7 @@ From 092e3f81233655849156b0948a53f3b5f51b8c97 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 14:43:58 -0400 -Subject: [PATCH 15/36] Make daemon shutdown actually close the NSS databases +Subject: [PATCH 15/41] Make daemon shutdown actually close the NSS databases and whatnot. Signed-off-by: Peter Jones diff --git a/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch b/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch index f579b5e..41fbdc9 100644 --- a/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch +++ b/0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch @@ -1,7 +1,7 @@ From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:18:08 -0400 -Subject: [PATCH 16/36] Reformat a bunch of error messages to be vaguely +Subject: [PATCH 16/41] Reformat a bunch of error messages to be vaguely consistent. Signed-off-by: Peter Jones diff --git a/0017-Use-PORT_ArenaStrdup-where-appropriate.patch b/0017-Use-PORT_ArenaStrdup-where-appropriate.patch index 5c8a0b0..393518e 100644 --- a/0017-Use-PORT_ArenaStrdup-where-appropriate.patch +++ b/0017-Use-PORT_ArenaStrdup-where-appropriate.patch @@ -1,7 +1,7 @@ From 8ffe6943f04d42314f81eb8b5e3350d4ccc41895 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:26:23 -0400 -Subject: [PATCH 17/36] Use PORT_ArenaStrdup() where appropriate. +Subject: [PATCH 17/41] Use PORT_ArenaStrdup() where appropriate. Signed-off-by: Peter Jones --- diff --git a/0018-Minor-whitespace-fixes.patch b/0018-Minor-whitespace-fixes.patch index 40152ac..d64c9a5 100644 --- a/0018-Minor-whitespace-fixes.patch +++ b/0018-Minor-whitespace-fixes.patch @@ -1,7 +1,7 @@ From c196b462ad5267e8ed20c0b855b9921268b22a7b Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:26:47 -0400 -Subject: [PATCH 18/36] Minor whitespace fixes. +Subject: [PATCH 18/41] Minor whitespace fixes. Signed-off-by: Peter Jones --- diff --git a/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch b/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch index 5358713..1686740 100644 --- a/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch +++ b/0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch @@ -1,7 +1,7 @@ From 7a8c50f620c7484af9d750f484df8a6837e6b2a5 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:27:03 -0400 -Subject: [PATCH 19/36] [daemon] Make sure inpe is initialized before all +Subject: [PATCH 19/41] [daemon] Make sure inpe is initialized before all error handling. find_certificate() and set_up_inpe() errors wind up being at the same diff --git a/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch b/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch index 562c7f4..f8172f7 100644 --- a/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch +++ b/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch @@ -1,7 +1,7 @@ From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:31:15 -0400 -Subject: [PATCH 20/36] Allocate pesign_context rather than having it on the +Subject: [PATCH 20/41] Allocate pesign_context rather than having it on the stack. This way it won't try to re-initialize cms_context when it's cleaned up. diff --git a/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch b/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch index 5e1e8a3..666dcd6 100644 --- a/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch +++ b/0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch @@ -1,7 +1,7 @@ From 444a514e1a7c9a27953f914cf416d559ef5be083 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:32:57 -0400 -Subject: [PATCH 21/36] [pesign] initialize nss only if we're not a daemon. +Subject: [PATCH 21/41] [pesign] initialize nss only if we're not a daemon. If it's a deamon, NSS_Init, register_oids, and setup_digests will be done in the daemon code, not in the normal tool code. diff --git a/0022-Handle-errors-on-pesign_context_init.patch b/0022-Handle-errors-on-pesign_context_init.patch index f8da7e6..6ed0b8c 100644 --- a/0022-Handle-errors-on-pesign_context_init.patch +++ b/0022-Handle-errors-on-pesign_context_init.patch @@ -1,7 +1,7 @@ From a1ce809e199c7fbbd6f5c0e75f27a4234fcbd2bc Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:34:00 -0400 -Subject: [PATCH 22/36] Handle errors on pesign_context_init() +Subject: [PATCH 22/41] Handle errors on pesign_context_init() Signed-off-by: Peter Jones --- diff --git a/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch b/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch index 9e812e3..6c1aca1 100644 --- a/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch +++ b/0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch @@ -1,7 +1,7 @@ From 4ed91a1bb65769401c0fd6c1c5b2a3c64c0c1266 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 16:35:43 -0400 -Subject: [PATCH 23/36] Add sanity checking to make sure we don't emit +Subject: [PATCH 23/41] Add sanity checking to make sure we don't emit uninitialized hashes. Signed-off-by: Peter Jones diff --git a/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch b/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch index 7260ea5..61e0493 100644 --- a/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch +++ b/0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch @@ -1,7 +1,7 @@ From d8ead122f34375a496d280bcc803f730542ca78d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 17:47:49 -0400 -Subject: [PATCH 24/36] Make sure we free the token/cert we get from the +Subject: [PATCH 24/41] Make sure we free the token/cert we get from the command line. This probably needs some further examination, but valgrind likes what's diff --git a/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch b/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch index 77f1de4..d5b6b92 100644 --- a/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch +++ b/0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch @@ -1,7 +1,7 @@ From 2030d382b49a1b957de829a67f74d9cc127c55ee Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 17:48:44 -0400 -Subject: [PATCH 25/36] [pesign] Only shut down nss in pesign.c if we're not +Subject: [PATCH 25/41] [pesign] Only shut down nss in pesign.c if we're not the daemon. The daemon does its own init and shutdown. diff --git a/0026-Rework-setup_digests-and-teardown_digests.patch b/0026-Rework-setup_digests-and-teardown_digests.patch index e75ceba..91adea6 100644 --- a/0026-Rework-setup_digests-and-teardown_digests.patch +++ b/0026-Rework-setup_digests-and-teardown_digests.patch @@ -1,7 +1,7 @@ From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 17:49:17 -0400 -Subject: [PATCH 26/36] Rework setup_digests() and teardown_digests() +Subject: [PATCH 26/41] Rework setup_digests() and teardown_digests() This fixes the problem I was seeing with empty content_info digests, and makes the code a /little/ bit cleaner in some ways. diff --git a/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch b/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch index 231214d..d8bba7d 100644 --- a/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch +++ b/0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch @@ -1,7 +1,7 @@ From 15cd554d35c5ea8d31671b346dffd84e27e7c6ec Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 17:52:57 -0400 -Subject: [PATCH 27/36] We shouldn't need +Subject: [PATCH 27/41] We shouldn't need Environment=NSS_STRICT_NOFORK=DISABLED any more. Since NSS_Init is called from the daemon now, we should get past its diff --git a/0028-Fix-errors-found-by-coverity.patch b/0028-Fix-errors-found-by-coverity.patch index e3c87c5..9c77d62 100644 --- a/0028-Fix-errors-found-by-coverity.patch +++ b/0028-Fix-errors-found-by-coverity.patch @@ -1,7 +1,7 @@ From 1b94dd90f5a1c65df16ffe3b0619ce5dc0ca1f06 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 19:59:49 -0400 -Subject: [PATCH 28/36] Fix errors found by coverity. +Subject: [PATCH 28/41] Fix errors found by coverity. Signed-off-by: Peter Jones --- diff --git a/0029-Don-t-keep-the-DEPS-list-twice.patch b/0029-Don-t-keep-the-DEPS-list-twice.patch index cc15c07..e3ae001 100644 --- a/0029-Don-t-keep-the-DEPS-list-twice.patch +++ b/0029-Don-t-keep-the-DEPS-list-twice.patch @@ -1,7 +1,7 @@ From 95c0fe1d512fcdf3b397359fb0f54dc44e5947c2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 09:12:25 -0400 -Subject: [PATCH 29/36] Don't keep the DEPS list twice. +Subject: [PATCH 29/41] Don't keep the DEPS list twice. Signed-off-by: Peter Jones --- diff --git a/0030-Don-t-build-util-right-now.patch b/0030-Don-t-build-util-right-now.patch index 869c12a..6ac8bf2 100644 --- a/0030-Don-t-build-util-right-now.patch +++ b/0030-Don-t-build-util-right-now.patch @@ -1,7 +1,7 @@ From 44aad110fd3f0a12e1817d95047f882c4d8b0fce Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 11:36:10 -0400 -Subject: [PATCH 30/36] Don't build util/ right now. +Subject: [PATCH 30/41] Don't build util/ right now. Signed-off-by: Peter Jones --- diff --git a/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch b/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch index 4fc2145..7a91b6c 100644 --- a/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch +++ b/0031-Make-install_systemd-and-install_sysvinit-separate-t.patch @@ -1,7 +1,7 @@ From 4c13f6d393db0aa5ff5b327cb5e842ee21522236 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 13:09:58 -0400 -Subject: [PATCH 31/36] Make "install_systemd" and "install_sysvinit" separate +Subject: [PATCH 31/41] Make "install_systemd" and "install_sysvinit" separate targets Signed-off-by: Peter Jones diff --git a/0032-Get-rid-of-an-unnecessary-allocation.patch b/0032-Get-rid-of-an-unnecessary-allocation.patch index 2f0fef3..15a6166 100644 --- a/0032-Get-rid-of-an-unnecessary-allocation.patch +++ b/0032-Get-rid-of-an-unnecessary-allocation.patch @@ -1,7 +1,7 @@ From df1b69e304f2a7eb82e2f94e50f07099afbf4578 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 13:10:28 -0400 -Subject: [PATCH 32/36] Get rid of an unnecessary allocation. +Subject: [PATCH 32/41] Get rid of an unnecessary allocation. Signed-off-by: Peter Jones --- diff --git a/0033-Allow-use-of-e-from-rpm-macro.patch b/0033-Allow-use-of-e-from-rpm-macro.patch index 1e7686f..90f68f8 100644 --- a/0033-Allow-use-of-e-from-rpm-macro.patch +++ b/0033-Allow-use-of-e-from-rpm-macro.patch @@ -1,7 +1,7 @@ From 24a63eab7ddbe2be3ab6b25b04602d8e3fe5d775 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 14:28:36 -0400 -Subject: [PATCH 33/36] Allow use of -e from rpm macro. +Subject: [PATCH 33/41] Allow use of -e from rpm macro. Signed-off-by: Peter Jones --- diff --git a/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch b/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch index 189c2f2..4a2eaea 100644 --- a/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch +++ b/0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch @@ -1,7 +1,7 @@ From e5c632516a2a31f3e184d0ca9d8ac5ceba1f9015 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 14:55:07 -0400 -Subject: [PATCH 34/36] Make client use -e like pesign does, rather than +Subject: [PATCH 34/41] Make client use -e like pesign does, rather than --detached. This way we can use the same macros for them. diff --git a/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch b/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch index dd4e125..c97a79b 100644 --- a/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch +++ b/0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch @@ -1,7 +1,7 @@ From f1a2f097cfb290951702251703abcd34ca0bf9e6 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 15:13:11 -0400 -Subject: [PATCH 35/36] Fix shutdown by systemd to remove socket and pidfile. +Subject: [PATCH 35/41] Fix shutdown by systemd to remove socket and pidfile. Signed-off-by: Peter Jones --- diff --git a/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch b/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch index 1b5a9b9..9766d3e 100644 --- a/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch +++ b/0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch @@ -1,7 +1,7 @@ From 22308fbfb540b5215efb9ce96a4dfdce08ef9165 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 18 Oct 2012 15:16:05 -0400 -Subject: [PATCH 36/36] Make the macros use the default (fedora) signer if +Subject: [PATCH 36/41] Make the macros use the default (fedora) signer if there's a daemon running. Signed-off-by: Peter Jones diff --git a/0037-Fix-command-line-checking-for-s.patch b/0037-Fix-command-line-checking-for-s.patch new file mode 100644 index 0000000..67d7cac --- /dev/null +++ b/0037-Fix-command-line-checking-for-s.patch @@ -0,0 +1,28 @@ +From abe7981ba049b23ae9c42da92559576c6e0cc53b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2012 10:07:40 -0400 +Subject: [PATCH 37/41] Fix command line checking for -s. + +Accidentally applied when not using -s. Woops. + +Signed-off-by: Peter Jones +--- + src/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/client.c b/src/client.c +index 5e5399d..777197a 100644 +--- a/src/client.c ++++ b/src/client.c +@@ -496,7 +496,7 @@ main(int argc, char *argv[]) + exit(1); + } + +- if (!outfile && !exportfile) { ++ if (action & SIGN_BINARY && (!outfile && !exportfile)) { + fprintf(stderr, "pesign-client: neither --outfile nor --export " + "specified\n"); + exit(1); +-- +1.7.12.1 + diff --git a/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch b/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch new file mode 100644 index 0000000..cca71f2 --- /dev/null +++ b/0038-Add-support-to-read-the-pin-from-stdin-in-client.patch @@ -0,0 +1,178 @@ +From 8067d9bace148a254528fdf752f083d2a0debada Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2012 10:08:26 -0400 +Subject: [PATCH 38/41] Add support to read the pin from stdin in client. + +Signed-off-by: Peter Jones +--- + src/client.c | 10 +++++++--- + src/password.c | 41 +++++++++++++++++++++++++++++++++++++++++ + src/password.h | 1 + + src/signer_info.c | 45 +-------------------------------------------- + 4 files changed, 50 insertions(+), 47 deletions(-) + +diff --git a/src/client.c b/src/client.c +index 777197a..1ec582b 100644 +--- a/src/client.c ++++ b/src/client.c +@@ -212,10 +212,14 @@ get_token_pin(int pinfd, char *pinfile, char *envname) + + fclose(pinf); + return pin; +- } else +- return strdup(getenv(envname)); ++ } else { ++ pin = getenv(envname); ++ if (pin) ++ return strdup(pin); ++ } + +- return NULL; ++ pin = readpw(NULL, PR_FALSE, NULL); ++ return pin; + } + + static void +diff --git a/src/password.c b/src/password.c +index 100c584..c663955 100644 +--- a/src/password.c ++++ b/src/password.c +@@ -17,6 +17,7 @@ + * Author(s): Peter Jones + */ + ++#include + #include + #include + #include +@@ -289,4 +290,44 @@ SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg) + return NULL; + } + ++#if 0 ++#warning investigate killing readpw ++#endif ++char * ++readpw(PK11SlotInfo *slot, PRBool retry, void *arg) ++{ ++ struct termios sio, tio; ++ char line[LINE_MAX], *p; + ++ if (tcgetattr(fileno(stdin), &sio) < 0) { ++ fprintf(stderr, "Could not read password from standard input.\n"); ++ return NULL; ++ } ++ tio = sio; ++ tio.c_lflag &= ~ECHO; ++ if (tcsetattr(fileno(stdin), 0, &tio) < 0) { ++ fprintf(stderr, "Could not read password from standard input.\n"); ++ return NULL; ++ } ++ ++ fprintf(stdout, "Enter passphrase for private key: "); ++ if (fgets(line, sizeof(line), stdin) == NULL) { ++ fprintf(stdout, "\n"); ++ tcsetattr(fileno(stdin), 0, &sio); ++ return NULL; ++ } ++ fprintf(stdout, "\n"); ++ tcsetattr(fileno(stdin), 0, &sio); ++ ++ p = line + strcspn(line, "\r\n"); ++ if (p != NULL) ++ *p = '\0'; ++ ++ char *ret = strdup(line); ++ memset(line, '\0', sizeof (line)); ++ if (!ret) { ++ fprintf(stderr, "Could not read passphrase.\n"); ++ return NULL; ++ } ++ return ret; ++} +diff --git a/src/password.h b/src/password.h +index 853bd5a..bcbac44 100644 +--- a/src/password.h ++++ b/src/password.h +@@ -22,5 +22,6 @@ + extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); + extern char *get_password_passthrough(PK11SlotInfo *slot, PRBool retry, void *arg); + extern char *get_password_fail(PK11SlotInfo *slot, PRBool retry, void *arg); ++extern char *readpw(PK11SlotInfo *slot, PRBool retry, void *arg); + + #endif /* PASSWORD_H */ +diff --git a/src/signer_info.c b/src/signer_info.c +index 932b896..f755bf6 100644 +--- a/src/signer_info.c ++++ b/src/signer_info.c +@@ -19,10 +19,8 @@ + + #include "pesign.h" + +-#include + #include + #include +-#include + #include + #include + +@@ -159,47 +157,6 @@ err: + return -1; + } + +-#if 0 +-#warning investigate killing getpw +-#endif +-static char *getpw(PK11SlotInfo *slot, PRBool retry, void *arg) +-{ +- struct termios sio, tio; +- char line[LINE_MAX], *p; +- +- if (tcgetattr(fileno(stdin), &sio) < 0) { +- fprintf(stderr, "Could not read password from standard input.\n"); +- return NULL; +- } +- tio = sio; +- tio.c_lflag &= ~ECHO; +- if (tcsetattr(fileno(stdin), 0, &tio) < 0) { +- fprintf(stderr, "Could not read password from standard input.\n"); +- return NULL; +- } +- +- fprintf(stdout, "Enter passphrase for private key: "); +- if (fgets(line, sizeof(line), stdin) == NULL) { +- fprintf(stdout, "\n"); +- tcsetattr(fileno(stdin), 0, &sio); +- return NULL; +- } +- fprintf(stdout, "\n"); +- tcsetattr(fileno(stdin), 0, &sio); +- +- p = line + strcspn(line, "\r\n"); +- if (p != NULL) +- *p = '\0'; +- +- char *ret = strdup(line); +- memset(line, '\0', sizeof (line)); +- if (!ret) { +- fprintf(stderr, "Could not read passphrase.\n"); +- return NULL; +- } +- return ret; +-} +- + static int + sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content) + { +@@ -216,7 +173,7 @@ sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content) + if (!oid) + goto err; + +- PK11_SetPasswordFunc(cms->func ? cms->func : getpw); ++ PK11_SetPasswordFunc(cms->func ? cms->func : readpw); + SECKEYPrivateKey *privkey = PK11_FindKeyByAnyCert(cms->cert, + cms->pwdata ? cms->pwdata : NULL); + if (!privkey) { +-- +1.7.12.1 + diff --git a/0039-Fix-token-auth-authentication-failure-error-reportin.patch b/0039-Fix-token-auth-authentication-failure-error-reportin.patch new file mode 100644 index 0000000..fb243c8 --- /dev/null +++ b/0039-Fix-token-auth-authentication-failure-error-reportin.patch @@ -0,0 +1,60 @@ +From 3ceb3eb5b1c36ead2a862bcec5e527f74dc91381 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2012 10:08:49 -0400 +Subject: [PATCH 39/41] Fix token auth authentication failure error reporting. + +Signed-off-by: Peter Jones +--- + src/cms_common.c | 4 +++- + src/daemon.c | 4 ++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/cms_common.c b/src/cms_common.c +index 898ddfb..2f3683e 100644 +--- a/src/cms_common.c ++++ b/src/cms_common.c +@@ -316,6 +316,7 @@ unlock_nss_token(cms_context *cms) + secuPWData pwdata_val = { 0, 0 }; + void *pwdata = cms->pwdata ? cms->pwdata : &pwdata_val; + PK11_SetPasswordFunc(cms->func ? cms->func : SECU_GetModulePassword); ++ int rc = -1; + + PK11SlotList *slots = NULL; + slots = PK11_GetAllTokens(CKM_RSA_PKCS, PR_FALSE, PR_TRUE, pwdata); +@@ -323,7 +324,7 @@ unlock_nss_token(cms_context *cms) + cms->log(cms, LOG_ERR, "Could not find certificate \"%s\"", + cms->tokenname); + err: +- return -1; ++ return rc; + } + + PK11SlotListElement *psle = NULL; +@@ -351,6 +352,7 @@ err_slots: + cms->log(cms, LOG_ERR, "Authentication failed for " + "token \"%s\"", cms->tokenname); + PK11_DestroySlotListElement(slots, &psle); ++ rc = -2; + goto err_slots; + } + } +diff --git a/src/daemon.c b/src/daemon.c +index 974a559..bf7485f 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -204,10 +204,10 @@ malformed: + cms_set_pw_callback(ctx->cms, get_password_fail); + cms_set_pw_data(ctx->cms, NULL); + +- if (rc < 0) ++ if (rc == -1) + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "could not find token \"%s\"", tn->value); +- else ++ else if (rc == 0) + ctx->cms->log(ctx->cms, ctx->priority|LOG_NOTICE, + "authentication succeeded for token \"%s\"", + tn->value); +-- +1.7.12.1 + diff --git a/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch b/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch new file mode 100644 index 0000000..e613be2 --- /dev/null +++ b/0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch @@ -0,0 +1,28 @@ +From 9c2daa8d3761b49961498cb9a9bbc8a37e05b0da Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2012 10:19:39 -0400 +Subject: [PATCH 40/41] Use setfacl in sysvinit script to allow kojibuilder + access. + +--- + src/pesign.sysvinit | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit +index f955e01..ea37c58 100644 +--- a/src/pesign.sysvinit ++++ b/src/pesign.sysvinit +@@ -24,6 +24,10 @@ start(){ + RETVAL=$? + echo + touch /var/lock/subsys/pesign ++ setfacl -m u:kojibuilder:x /var/run/pesign ++ setfacl -m u:kojibuilder:rw /var/run/pesign/socket ++ setfacl -m g:kojibuilder:x /var/run/pesign ++ setfacl -m g:kojibuilder:rw /var/run/pesign/socket + } + + stop(){ +-- +1.7.12.1 + diff --git a/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch b/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch new file mode 100644 index 0000000..f98027f --- /dev/null +++ b/0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch @@ -0,0 +1,33 @@ +From 2bd84dcfbdf084bcfb3e6d7c26756ca3783cdae4 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Oct 2012 10:20:40 -0400 +Subject: [PATCH 41/41] Don't return quite so immediately if we're the parent + pid when daemonizing. + +Long term we probably want to look for the socket and/or sigchld instead +of this. + +Signed-off-by: Peter Jones +--- + src/daemon.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/daemon.c b/src/daemon.c +index bf7485f..6951f0a 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -885,8 +885,10 @@ daemonize(cms_context *cms_ctx, int do_fork) + if (do_fork) { + pid_t pid; + +- if ((pid = fork())) ++ if ((pid = fork())) { ++ sleep(2); + return 0; ++ } + } + ctx.pid = getpid(); + write_pid_file(ctx.pid); +-- +1.7.12.1 + diff --git a/pesign.spec b/pesign.spec index 12b8e51..bff8f89 100644 --- a/pesign.spec +++ b/pesign.spec @@ -1,7 +1,7 @@ Summary: Signing utility for UEFI binaries Name: pesign Version: 0.99 -Release: 6%{?dist} +Release: 7%{?dist} Group: Development/System License: GPLv2 URL: https://github.com/vathpela/pesign @@ -53,6 +53,11 @@ Patch33: 0033-Allow-use-of-e-from-rpm-macro.patch Patch34: 0034-Make-client-use-e-like-pesign-does-rather-than-detac.patch Patch35: 0035-Fix-shutdown-by-systemd-to-remove-socket-and-pidfile.patch Patch36: 0036-Make-the-macros-use-the-default-fedora-signer-if-the.patch +Patch37: 0037-Fix-command-line-checking-for-s.patch +Patch38: 0038-Add-support-to-read-the-pin-from-stdin-in-client.patch +Patch39: 0039-Fix-token-auth-authentication-failure-error-reportin.patch +Patch40: 0040-Use-setfacl-in-sysvinit-script-to-allow-kojibuilder-.patch +Patch41: 0041-Don-t-return-quite-so-immediately-if-we-re-the-paren.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -117,6 +122,11 @@ exit 0 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid %changelog +* Fri Oct 19 2012 Peter Jones - 0.99-7 +- setfacl u:kojibuilder:rw /var/run/pesign/socket +- Fix command line checking in client +- Add client stdin pin reading. + * Thu Oct 18 2012 Peter Jones - 0.99-6 - Automatically select daemon as signer when using rpm macros.