another test build
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
parent
35ff4c5da1
commit
b61c40cec6
@ -1,30 +1,30 @@
|
|||||||
From 873345b4970a28c7c590ca0c4e04bf88dd19e3b5 Mon Sep 17 00:00:00 2001
|
From 853167a32574ce175c7de2ee730afc1a835191f4 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Mon, 6 Jul 2020 13:54:35 -0400
|
Date: Mon, 6 Jul 2020 13:54:35 -0400
|
||||||
Subject: [PATCH] Move most of macros.pesign to pesign-rpmbuild-helper
|
Subject: [PATCH 6/7] Move most of macros.pesign to pesign-rpmbuild-helper
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
src/Makefile | 1 +
|
src/Makefile | 1 +
|
||||||
src/macros.pesign | 71 +++++-------------
|
src/macros.pesign | 72 +++++-------------
|
||||||
src/pesign-rpmbuild-helper | 143 +++++++++++++++++++++++++++++++++++++
|
src/pesign-rpmbuild-helper | 152 +++++++++++++++++++++++++++++++++++++
|
||||||
3 files changed, 163 insertions(+), 52 deletions(-)
|
3 files changed, 173 insertions(+), 52 deletions(-)
|
||||||
create mode 100644 src/pesign-rpmbuild-helper
|
create mode 100755 src/pesign-rpmbuild-helper
|
||||||
|
|
||||||
diff --git a/src/Makefile b/src/Makefile
|
diff --git a/src/Makefile b/src/Makefile
|
||||||
index 74327ba13f3..af8bef6d9ff 100644
|
index 74327ba13f3..c9e9cc6cd1b 100644
|
||||||
--- a/src/Makefile
|
--- a/src/Makefile
|
||||||
+++ b/src/Makefile
|
+++ b/src/Makefile
|
||||||
@@ -94,6 +94,7 @@ install :
|
@@ -94,6 +94,7 @@ install :
|
||||||
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
||||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(libexecdir)/pesign/
|
$(INSTALL) -d -m 755 $(INSTALLROOT)$(libexecdir)/pesign/
|
||||||
$(INSTALL) -m 750 pesign-authorize $(INSTALLROOT)$(libexecdir)/pesign/
|
$(INSTALL) -m 750 pesign-authorize $(INSTALLROOT)$(libexecdir)/pesign/
|
||||||
+ $(INSTALL) -m 750 pesign-rpmbuild-helper $(INSTALLROOT)$(libexecdir)/pesign/
|
+ $(INSTALL) -m 755 pesign-rpmbuild-helper $(INSTALLROOT)$(libexecdir)/pesign/
|
||||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pesign
|
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pesign
|
||||||
$(INSTALL) -m 600 pesign-users $(INSTALLROOT)/etc/pesign/users
|
$(INSTALL) -m 600 pesign-users $(INSTALLROOT)/etc/pesign/users
|
||||||
$(INSTALL) -m 600 pesign-groups $(INSTALLROOT)/etc/pesign/groups
|
$(INSTALL) -m 600 pesign-groups $(INSTALLROOT)/etc/pesign/groups
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||||
index 5a6da1c6809..104586beca5 100644
|
index 5a6da1c6809..4caf0ba9c8d 100644
|
||||||
--- a/src/macros.pesign
|
--- a/src/macros.pesign
|
||||||
+++ b/src/macros.pesign
|
+++ b/src/macros.pesign
|
||||||
@@ -6,7 +6,7 @@
|
@@ -6,7 +6,7 @@
|
||||||
@ -36,7 +36,7 @@ index 5a6da1c6809..104586beca5 100644
|
|||||||
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
||||||
|
|
||||||
%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
|
%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||||
@@ -24,54 +24,21 @@
|
@@ -24,54 +24,22 @@
|
||||||
# -a <input ca cert filename> # rhel only
|
# -a <input ca cert filename> # rhel only
|
||||||
# -s # perform signing
|
# -s # perform signing
|
||||||
%pesign(i:o:C:e:c:n:a:s) \
|
%pesign(i:o:C:e:c:n:a:s) \
|
||||||
@ -108,13 +108,14 @@ index 5a6da1c6809..104586beca5 100644
|
|||||||
+ %{?-i*:--in "%{i*}"} \\\
|
+ %{?-i*:--in "%{i*}"} \\\
|
||||||
+ %{?-o*:--out "%{o*}"} \\\
|
+ %{?-o*:--out "%{o*}"} \\\
|
||||||
+ %{?-s:--sign} \\\
|
+ %{?-s:--sign} \\\
|
||||||
|
+ ; \
|
||||||
+%{nil}
|
+%{nil}
|
||||||
diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
|
diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
|
||||||
new file mode 100644
|
new file mode 100755
|
||||||
index 00000000000..69b430940ec
|
index 00000000000..24514aa0b5d
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/src/pesign-rpmbuild-helper
|
+++ b/src/pesign-rpmbuild-helper
|
||||||
@@ -0,0 +1,143 @@
|
@@ -0,0 +1,152 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+
|
+
|
||||||
+set -eu
|
+set -eu
|
||||||
@ -139,6 +140,8 @@ index 00000000000..69b430940ec
|
|||||||
+ local rhelver=0 || :
|
+ local rhelver=0 || :
|
||||||
+ local sign="" || :
|
+ local sign="" || :
|
||||||
+
|
+
|
||||||
|
+ local username="$(id -un)"
|
||||||
|
+
|
||||||
+ while [[ $# -ge 2 ]] ; do
|
+ while [[ $# -ge 2 ]] ; do
|
||||||
+ case " ${1} " in
|
+ case " ${1} " in
|
||||||
+ " --cafile ")
|
+ " --cafile ")
|
||||||
@ -212,16 +215,23 @@ index 00000000000..69b430940ec
|
|||||||
+ return 0
|
+ return 0
|
||||||
+ fi
|
+ fi
|
||||||
+
|
+
|
||||||
+ if grep -q ID=fedora /etc/os-release &&
|
+ local socket="" || :
|
||||||
+ [ "${rhelver}" -lt 7 ] &&
|
+ if grep -q ID=fedora /etc/os-release && [ "${rhelver}" -lt 7 ] &&
|
||||||
+ [ "$(id -un)" = "kojibuilder" -o
|
+ [ "${username}" = "kojibuilder" -o "${username}" = "mockbuilder" ] ; then
|
||||||
+ "$(id -un)" = "mockbuilder" ] &&
|
+ if [ -S /run/pesign/socket ] ; then
|
||||||
+ ! [ -S /run/pesign/socket ]; then
|
+ socket=/run/pesign/socket
|
||||||
+ echo "Warning: no socket even though this is $(id -un)" 1>&2
|
+ elif [ -S /var/run/pesign/socket ]; then
|
||||||
+ echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
+ socket=/var/run/pesign/socket
|
||||||
+ ls -ld /run/pesign 1>&2
|
+ else
|
||||||
+ ls -l /run/pesign/socket 1>&2
|
+ echo "Warning: no pesign socket even though user is ${username}" 1>&2
|
||||||
+ getfacl /run/pesign /run/pesign/socket 1>&2
|
+ echo "Warning: if this is a non-scratch koji build, this is wrong" 1>&2
|
||||||
|
+ ls -ld /run/pesign 1>&2
|
||||||
|
+ ls -l /run/pesign/socket 1>&2
|
||||||
|
+ getfacl /run/pesign /run/pesign/socket 1>&2
|
||||||
|
+ ls -ld /var/run/pesign 1>&2
|
||||||
|
+ ls -l /var/run/pesign/socket 1>&2
|
||||||
|
+ getfacl /var/run/pesign /var/run/pesign/socket 1>&2
|
||||||
|
+ fi
|
||||||
+ fi
|
+ fi
|
||||||
+
|
+
|
||||||
+ if [ "${rhelver}" -ge 7 ] ; then
|
+ if [ "${rhelver}" -ge 7 ] ; then
|
||||||
@ -238,7 +248,7 @@ index 00000000000..69b430940ec
|
|||||||
+ --certdir "${nssdir}" -c signer \
|
+ --certdir "${nssdir}" -c signer \
|
||||||
+ ${input[@]} ${output[@]}
|
+ ${input[@]} ${output[@]}
|
||||||
+ rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
|
+ rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
|
||||||
+ elif [ -S /run/pesign/socket ] ; then
|
+ elif [ -n "${socket}" ] ; then
|
||||||
+ "${client}" ${client_token[@]} ${client_cert[@]} \
|
+ "${client}" ${client_token[@]} ${client_cert[@]} \
|
||||||
+ ${sattrout[@]} ${certout[@]} \
|
+ ${sattrout[@]} ${certout[@]} \
|
||||||
+ ${sign} ${input[@]} ${output[@]}
|
+ ${sign} ${input[@]} ${output[@]}
|
||||||
|
86
0007-client-try-run-and-var-run-for-the-socket-path.patch
Normal file
86
0007-client-try-run-and-var-run-for-the-socket-path.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
From 7ca77cc1d498db72fd6ea6103defaf7d76f4e946 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Jones <pjones@redhat.com>
|
||||||
|
Date: Mon, 6 Jul 2020 16:13:09 -0400
|
||||||
|
Subject: [PATCH 7/7] client: try /run and /var/run for the socket path.
|
||||||
|
|
||||||
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
|
---
|
||||||
|
src/client.c | 40 +++++++++++++++++++++++++++++-----------
|
||||||
|
1 file changed, 29 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/client.c b/src/client.c
|
||||||
|
index 2119ef33bf8..a38383415d5 100644
|
||||||
|
--- a/src/client.c
|
||||||
|
+++ b/src/client.c
|
||||||
|
@@ -49,24 +49,24 @@ print_flag_name(FILE *f, int flag)
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
-connect_to_server(void)
|
||||||
|
+connect_to_server_helper(const char * const sockpath)
|
||||||
|
{
|
||||||
|
- int rc = access(SOCKPATH, R_OK);
|
||||||
|
+ int rc = access(sockpath, R_OK);
|
||||||
|
if (rc != 0) {
|
||||||
|
- fprintf(stderr, "pesign-client: could not connect to server: "
|
||||||
|
- "%m\n");
|
||||||
|
- exit(1);
|
||||||
|
+ warn("could not access socket \"%s\"", sockpath);
|
||||||
|
+ return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct sockaddr_un addr_un = {
|
||||||
|
.sun_family = AF_UNIX,
|
||||||
|
- .sun_path = SOCKPATH,
|
||||||
|
};
|
||||||
|
+ strncpy(addr_un.sun_path, sockpath, sizeof(addr_un.sun_path));
|
||||||
|
+ addr_un.sun_path[sizeof(addr_un.sun_path)-1] = '\0';
|
||||||
|
|
||||||
|
int sd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
|
if (sd < 0) {
|
||||||
|
- fprintf(stderr, "pesign-client: could not open socket: %m\n");
|
||||||
|
- exit(1);
|
||||||
|
+ warn("could not open socket \"%s\"", sockpath);
|
||||||
|
+ return sd;
|
||||||
|
}
|
||||||
|
|
||||||
|
socklen_t len = strlen(addr_un.sun_path) +
|
||||||
|
@@ -74,14 +74,32 @@ connect_to_server(void)
|
||||||
|
|
||||||
|
rc = connect(sd, (struct sockaddr *)&addr_un, len);
|
||||||
|
if (rc < 0) {
|
||||||
|
- fprintf(stderr, "pesign-client: could not connect to daemon: "
|
||||||
|
- "%m\n");
|
||||||
|
- exit(1);
|
||||||
|
+ warn("could not connect to daemon");
|
||||||
|
+ return sd;
|
||||||
|
}
|
||||||
|
|
||||||
|
return sd;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int
|
||||||
|
+connect_to_server(void)
|
||||||
|
+{
|
||||||
|
+ int rc, i;
|
||||||
|
+ const char * const sockets[] = {
|
||||||
|
+ "/run/pesign/socket",
|
||||||
|
+ "/var/run/pesign/socket",
|
||||||
|
+ NULL
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ for (i = 0; sockets[i] != NULL; i++) {
|
||||||
|
+ rc = connect_to_server_helper(sockets[i]);
|
||||||
|
+ if (rc >= 0)
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ exit(1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int32_t
|
||||||
|
check_response(int sd, char **srvmsg);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
Name: pesign
|
Name: pesign
|
||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Version: 113
|
Version: 113
|
||||||
Release: 4%{?dist}
|
Release: 5~1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/pesign
|
URL: https://github.com/vathpela/pesign
|
||||||
|
|
||||||
@ -47,6 +47,7 @@ Patch0003: 0003-Make-0.112-client-and-server-work-with-the-113-proto.patch
|
|||||||
Patch0004: 0004-Rename-var-run-to-run.patch
|
Patch0004: 0004-Rename-var-run-to-run.patch
|
||||||
Patch0005: 0005-Apparently-opensc-got-updated-and-the-token-name-cha.patch
|
Patch0005: 0005-Apparently-opensc-got-updated-and-the-token-name-cha.patch
|
||||||
Patch0006: 0006-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
|
Patch0006: 0006-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
|
||||||
|
Patch0007: 0007-client-try-run-and-var-run-for-the-socket-path.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
|
Loading…
Reference in New Issue
Block a user