Make it work on the -el6 branch as well.

This commit is contained in:
Peter Jones 2012-10-18 13:12:46 -04:00
parent 48279a49da
commit c0e5984614
33 changed files with 303 additions and 60 deletions

View File

@ -1,7 +1,7 @@
From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 09:53:07 -0400
Subject: [PATCH 01/30] Use PK11_TraverseCertsForNicknameInSlot after all.
Subject: [PATCH 01/32] Use PK11_TraverseCertsForNicknameInSlot after all.
As of 76bc13c it doesn't appear to be leaky any more, and it does a
better job of disinguishing between certificates with the same nickname

View File

@ -1,7 +1,7 @@
From e4aa0a2755d7b00e31760a7f90561b0566445fa4 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 09:54:10 -0400
Subject: [PATCH 02/30] Remove an unused field.
Subject: [PATCH 02/32] Remove an unused field.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From df5afd0e6d92f31a804f5f1631b6fae3b8ef4d8b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 09:54:37 -0400
Subject: [PATCH 03/30] Free the certificate list we make once we're done
Subject: [PATCH 03/32] Free the certificate list we make once we're done
using it.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From c13cc0b03dcae9a743cc49aaa62c3923a3e7d8f9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 09:55:02 -0400
Subject: [PATCH 04/30] Make sure we actually look up the certificate when not
Subject: [PATCH 04/32] Make sure we actually look up the certificate when not
in daemon mode.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From 844138e07535a8aa2be80496378c9929acaa1687 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 10:35:41 -0400
Subject: [PATCH 05/30] Fix check for allocations on tokenname,certname.
Subject: [PATCH 05/32] Fix check for allocations on tokenname,certname.
If we didn't have anything to start with, we won't have anything when
we're done...

View File

@ -1,7 +1,7 @@
From 682233d107460b49071017b4d88c0430373dbd35 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 10:55:25 -0400
Subject: [PATCH 06/30] Update valgrind.supp for newer codepaths.
Subject: [PATCH 06/32] Update valgrind.supp for newer codepaths.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 81bf0e36a82a3d746a01aee50d8ee460dc794b19 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 10:57:20 -0400
Subject: [PATCH 07/30] Free the pid string once we're done writing it.
Subject: [PATCH 07/32] Free the pid string once we're done writing it.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 50c50c8fbebab3d8b5efff35dc1a7ca4b44d6b19 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 11:08:30 -0400
Subject: [PATCH 08/30] [valgrind] Don't complain about unlocking a key and
Subject: [PATCH 08/32] [valgrind] Don't complain about unlocking a key and
keeping the handle.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From b71f1d2e8f7ad6853e5e68134a66baf9dea2471b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 11:26:04 -0400
Subject: [PATCH 09/30] Only try to register OIDs once.
Subject: [PATCH 09/32] Only try to register OIDs once.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From f966137c17f74fc3e343dfb6e04300a9d179de03 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 12:05:29 -0400
Subject: [PATCH 10/30] Check for NSS_Shutdown() failure.
Subject: [PATCH 10/32] Check for NSS_Shutdown() failure.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 0dddfd5e738232403220b0d18888f94fa0032a59 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 12:17:39 -0400
Subject: [PATCH 11/30] Don't destroy stdin/stdout/stderr if we don't fork.
Subject: [PATCH 11/32] Don't destroy stdin/stdout/stderr if we don't fork.
I like being able to read my error messages.

View File

@ -1,7 +1,7 @@
From 19c8e797d092e17f2882d249d5446728a76db050 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 14:29:30 -0400
Subject: [PATCH 12/30] [valgrind] Add SECMOD_LoadModule codepath.
Subject: [PATCH 12/32] [valgrind] Add SECMOD_LoadModule codepath.
This is called once when we initialize the database.

View File

@ -1,7 +1,7 @@
From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 14:33:35 -0400
Subject: [PATCH 13/30] Don't set up digests in cms_context_init.
Subject: [PATCH 13/32] Don't set up digests in cms_context_init.
Move digest setup out of cms_context_init, so we can avoid leaking the
reference to the digests by not having them in ctx->backup_cms in the

View File

@ -1,7 +1,7 @@
From e1f8d4e38f4ad08fb407691a3f59edc19a1f15e2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 14:41:18 -0400
Subject: [PATCH 14/30] Do register_oids() where we're doing NSS_Init()
Subject: [PATCH 14/32] Do register_oids() where we're doing NSS_Init()
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 092e3f81233655849156b0948a53f3b5f51b8c97 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 14:43:58 -0400
Subject: [PATCH 15/30] Make daemon shutdown actually close the NSS databases
Subject: [PATCH 15/32] Make daemon shutdown actually close the NSS databases
and whatnot.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:18:08 -0400
Subject: [PATCH 16/30] Reformat a bunch of error messages to be vaguely
Subject: [PATCH 16/32] Reformat a bunch of error messages to be vaguely
consistent.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From 8ffe6943f04d42314f81eb8b5e3350d4ccc41895 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:26:23 -0400
Subject: [PATCH 17/30] Use PORT_ArenaStrdup() where appropriate.
Subject: [PATCH 17/32] Use PORT_ArenaStrdup() where appropriate.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From c196b462ad5267e8ed20c0b855b9921268b22a7b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:26:47 -0400
Subject: [PATCH 18/30] Minor whitespace fixes.
Subject: [PATCH 18/32] Minor whitespace fixes.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 7a8c50f620c7484af9d750f484df8a6837e6b2a5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:27:03 -0400
Subject: [PATCH 19/30] [daemon] Make sure inpe is initialized before all
Subject: [PATCH 19/32] [daemon] Make sure inpe is initialized before all
error handling.
find_certificate() and set_up_inpe() errors wind up being at the same

View File

@ -1,7 +1,7 @@
From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:31:15 -0400
Subject: [PATCH 20/30] Allocate pesign_context rather than having it on the
Subject: [PATCH 20/32] Allocate pesign_context rather than having it on the
stack.
This way it won't try to re-initialize cms_context when it's cleaned up.

View File

@ -1,7 +1,7 @@
From 444a514e1a7c9a27953f914cf416d559ef5be083 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:32:57 -0400
Subject: [PATCH 21/30] [pesign] initialize nss only if we're not a daemon.
Subject: [PATCH 21/32] [pesign] initialize nss only if we're not a daemon.
If it's a deamon, NSS_Init, register_oids, and setup_digests will be
done in the daemon code, not in the normal tool code.

View File

@ -1,7 +1,7 @@
From a1ce809e199c7fbbd6f5c0e75f27a4234fcbd2bc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:34:00 -0400
Subject: [PATCH 22/30] Handle errors on pesign_context_init()
Subject: [PATCH 22/32] Handle errors on pesign_context_init()
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 4ed91a1bb65769401c0fd6c1c5b2a3c64c0c1266 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 16:35:43 -0400
Subject: [PATCH 23/30] Add sanity checking to make sure we don't emit
Subject: [PATCH 23/32] Add sanity checking to make sure we don't emit
uninitialized hashes.
Signed-off-by: Peter Jones <pjones@redhat.com>

View File

@ -1,7 +1,7 @@
From d8ead122f34375a496d280bcc803f730542ca78d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 17:47:49 -0400
Subject: [PATCH 24/30] Make sure we free the token/cert we get from the
Subject: [PATCH 24/32] Make sure we free the token/cert we get from the
command line.
This probably needs some further examination, but valgrind likes what's

View File

@ -1,7 +1,7 @@
From 2030d382b49a1b957de829a67f74d9cc127c55ee Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 17:48:44 -0400
Subject: [PATCH 25/30] [pesign] Only shut down nss in pesign.c if we're not
Subject: [PATCH 25/32] [pesign] Only shut down nss in pesign.c if we're not
the daemon.
The daemon does its own init and shutdown.

View File

@ -1,7 +1,7 @@
From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 17:49:17 -0400
Subject: [PATCH 26/30] Rework setup_digests() and teardown_digests()
Subject: [PATCH 26/32] Rework setup_digests() and teardown_digests()
This fixes the problem I was seeing with empty content_info digests, and
makes the code a /little/ bit cleaner in some ways.

View File

@ -1,7 +1,7 @@
From 15cd554d35c5ea8d31671b346dffd84e27e7c6ec Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 17:52:57 -0400
Subject: [PATCH 27/30] We shouldn't need
Subject: [PATCH 27/32] We shouldn't need
Environment=NSS_STRICT_NOFORK=DISABLED any more.
Since NSS_Init is called from the daemon now, we should get past its

View File

@ -1,7 +1,7 @@
From 1b94dd90f5a1c65df16ffe3b0619ce5dc0ca1f06 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 19:59:49 -0400
Subject: [PATCH 28/30] Fix errors found by coverity.
Subject: [PATCH 28/32] Fix errors found by coverity.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 95c0fe1d512fcdf3b397359fb0f54dc44e5947c2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Oct 2012 09:12:25 -0400
Subject: [PATCH 29/30] Don't keep the DEPS list twice.
Subject: [PATCH 29/32] Don't keep the DEPS list twice.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -1,7 +1,7 @@
From 44aad110fd3f0a12e1817d95047f882c4d8b0fce Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Oct 2012 11:36:10 -0400
Subject: [PATCH 30/30] Don't build util/ right now.
Subject: [PATCH 30/32] Don't build util/ right now.
Signed-off-by: Peter Jones <pjones@redhat.com>
---

View File

@ -0,0 +1,163 @@
From 4c13f6d393db0aa5ff5b327cb5e842ee21522236 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Oct 2012 13:09:58 -0400
Subject: [PATCH 31/32] Make "install_systemd" and "install_sysvinit" separate
targets
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Makefile | 6 ++++
src/Makefile | 16 +++++++----
src/pesign.sysvinit | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 99 insertions(+), 5 deletions(-)
create mode 100644 src/pesign.sysvinit
diff --git a/Makefile b/Makefile
index 5e9bd31..12e0dbb 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,12 @@ install :
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
$(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
+install_systemd:
+ @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
+
+install_sysvinit:
+ @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
+
.PHONY: $(SUBDIRS) clean install
include $(TOPDIR)/Make.rules
diff --git a/src/Makefile b/src/Makefile
index cb74c12..7e611c8 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -42,7 +42,7 @@ client : $(client_OBJECTS) $(STATIC_LIBS)
fuzzsocket_SOURCES = fuzzsocket.c
fuzzsocket_OBJECTS = $(foreach source,$(fuzzsocket_SOURCES),$(patsubst %.c,%,$(source)).o)
fuzzsocket_DEPS = $(foreach source,$(fuzzsocket_SOURCES),.$(patsubst %.c,%,$(source)).P)
-fuzzsocket : $(fuzzsocket_OBJECTS)
+fuzzsocket : $(fuzzsocket_OBJECTS) -lrt
DEPS = $(generic_DEPS)$(authvar_DEPS) $(pesign_DEPS) $(client_DEPS) \
$(peverify_DEPS)
@@ -57,6 +57,16 @@ depclean :
clean : depclean
@rm -rfv *.o *.a *.so $(TARGETS)
+install_systemd:
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
+ $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
+ $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
+
+install_sysvinit:
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/
+ $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign
+
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
@@ -72,10 +82,6 @@ install :
#$(INSTALL) -m 644 peverify.1 $(INSTALLROOT)/usr/share/man/man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
- $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
- $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
.PHONY: all deps clean install
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
new file mode 100644
index 0000000..f955e01
--- /dev/null
+++ b/src/pesign.sysvinit
@@ -0,0 +1,82 @@
+#! /bin/sh
+#
+# pesign This starts the pesign PE signing daemon
+#
+# chkconfig: - 50 50
+# processname: /usr/bin/pesign
+# pidfile: /var/run/pesign.pid
+### BEGIN INIT INFO
+# Provides: pesign
+# Default-Start:
+# Default-Stop:
+# Short-Description: The pesign PE signing daemon
+# Description: The pesign PE signing daemon
+### END INIT INFO
+
+. /etc/init.d/functions
+[ -f /usr/bin/pesign ] || exit 1
+
+RETVAL=0
+
+start(){
+ echo -n "Starting pesign: "
+ daemon /usr/bin/pesign --daemonize
+ RETVAL=$?
+ echo
+ touch /var/lock/subsys/pesign
+}
+
+stop(){
+ echo -n "Stopping pesign: "
+ killproc -p /var/run/pesign.pid pesignd
+ RETVAL=$?
+ echo
+ rm -f /var/lock/subsys/pesign
+}
+
+restart(){
+ stop
+ start
+}
+
+reload(){
+ stop
+ start
+}
+
+condrestart(){
+ [ -e /var/lock/subsys/pesign ] && restart
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status /usr/bin/pesign
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ reload
+ ;;
+ force-reload)
+ reload
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ try-restart)
+ condrestart
+ ;;
+ *)
+ echo "Usage: pesign {start|stop|status|restart|condrestart|reload}"
+ RETVAL=1
+esac
+
+exit $RETVAL
--
1.7.12.1

View File

@ -0,0 +1,75 @@
From df1b69e304f2a7eb82e2f94e50f07099afbf4578 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 18 Oct 2012 13:10:28 -0400
Subject: [PATCH 32/32] Get rid of an unnecessary allocation.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/client.c | 32 ++++++++++++++------------------
1 file changed, 14 insertions(+), 18 deletions(-)
diff --git a/src/client.c b/src/client.c
index 8336749..df1c8f2 100644
--- a/src/client.c
+++ b/src/client.c
@@ -223,25 +223,17 @@ unlock_token(int sd, char *tokenname, char *pin)
{
struct msghdr msg;
struct iovec iov[2];
- pesignd_msghdr *pm;
+ pesignd_msghdr pm;
uint32_t size0 = pesignd_string_size(tokenname);
uint32_t size1 = pesignd_string_size(pin);
- pm = calloc(1, sizeof(*pm));
- if (!pm) {
-oom:
- fprintf(stderr, "pesign-client: could not allocate memory: "
- "%m\n");
- exit(1);
- }
-
- pm->version = PESIGND_VERSION;
- pm->command = CMD_UNLOCK_TOKEN;
- pm->size = size0 + size1;
- iov[0].iov_base = pm;
- iov[0].iov_len = sizeof (*pm);
+ pm.version = PESIGND_VERSION;
+ pm.command = CMD_UNLOCK_TOKEN;
+ pm.size = size0 + size1;
+ iov[0].iov_base = &pm;
+ iov[0].iov_len = sizeof (pm);
memset(&msg, '\0', sizeof(msg));
msg.msg_iov = iov;
@@ -257,8 +249,11 @@ oom:
uint8_t *buffer = NULL;
buffer = calloc(1, size0 + size1);
- if (!buffer)
- goto oom;
+ if (!buffer) {
+ fprintf(stderr, "pesign-client: could not allocate memory: "
+ "%m\n");
+ exit(1);
+ }
pesignd_string *tn = (pesignd_string *)buffer;
pesignd_string_set(tn, tokenname);
@@ -478,8 +473,9 @@ main(int argc, char *argv[])
rc = poptReadDefaultConfig(optCon, 0);
if (rc < 0) {
- fprintf(stderr, "pesign: poprReadDefaultConfig failed: %s\n",
- poptStrerror(rc));
+ fprintf(stderr,
+ "pesign-client: poptReadDefaultConfig failed: %s\n",
+ poptStrerror(rc));
exit(1);
}
--
1.7.12.1

View File

@ -1,7 +1,7 @@
Summary: Signing utility for UEFI binaries
Name: pesign
Version: 0.99
Release: 4%{?dist}
Release: 5%{?dist}
Group: Development/System
License: GPLv2
URL: https://github.com/vathpela/pesign
@ -17,36 +17,38 @@ ExclusiveArch: i686 x86_64 ia64
Source0: pesign-%{version}.tar.bz2
Source1: rh-test-certs.tar.bz2
Patch0: 0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
Patch1: 0002-Remove-an-unused-field.patch
Patch2: 0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
Patch3: 0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
Patch4: 0005-Fix-check-for-allocations-on-tokenname-certname.patch
Patch5: 0006-Update-valgrind.supp-for-newer-codepaths.patch
Patch6: 0007-Free-the-pid-string-once-we-re-done-writing-it.patch
Patch7: 0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
Patch8: 0009-Only-try-to-register-OIDs-once.patch
Patch9: 0010-Check-for-NSS_Shutdown-failure.patch
Patch10: 0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
Patch11: 0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
Patch12: 0013-Don-t-set-up-digests-in-cms_context_init.patch
Patch13: 0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
Patch14: 0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
Patch15: 0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
Patch16: 0017-Use-PORT_ArenaStrdup-where-appropriate.patch
Patch17: 0018-Minor-whitespace-fixes.patch
Patch18: 0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
Patch19: 0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
Patch20: 0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
Patch21: 0022-Handle-errors-on-pesign_context_init.patch
Patch22: 0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
Patch23: 0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
Patch24: 0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
Patch25: 0026-Rework-setup_digests-and-teardown_digests.patch
Patch26: 0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
Patch27: 0028-Fix-errors-found-by-coverity.patch
Patch28: 0029-Don-t-keep-the-DEPS-list-twice.patch
Patch1: 0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
Patch2: 0002-Remove-an-unused-field.patch
Patch3: 0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
Patch4: 0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
Patch5: 0005-Fix-check-for-allocations-on-tokenname-certname.patch
Patch6: 0006-Update-valgrind.supp-for-newer-codepaths.patch
Patch7: 0007-Free-the-pid-string-once-we-re-done-writing-it.patch
Patch8: 0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
Patch9: 0009-Only-try-to-register-OIDs-once.patch
Patch10: 0010-Check-for-NSS_Shutdown-failure.patch
Patch11: 0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
Patch12: 0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
Patch13: 0013-Don-t-set-up-digests-in-cms_context_init.patch
Patch14: 0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
Patch15: 0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
Patch16: 0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
Patch17: 0017-Use-PORT_ArenaStrdup-where-appropriate.patch
Patch18: 0018-Minor-whitespace-fixes.patch
Patch19: 0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
Patch20: 0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
Patch21: 0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
Patch22: 0022-Handle-errors-on-pesign_context_init.patch
Patch23: 0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
Patch24: 0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
Patch25: 0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
Patch26: 0026-Rework-setup_digests-and-teardown_digests.patch
Patch27: 0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
Patch28: 0028-Fix-errors-found-by-coverity.patch
Patch29: 0029-Don-t-keep-the-DEPS-list-twice.patch
Patch30: 0030-Don-t-build-util-right-now.patch
Patch31: 0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
Patch32: 0032-Get-rid-of-an-unnecessary-allocation.patch
%description
This package contains the pesign utility for signing UEFI binaries as
@ -111,6 +113,9 @@ exit 0
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
%changelog
* Thu Oct 18 2012 Peter Jones <pjones@redhat.com> - 0.99-5
- Make it work on the -el6 branch as well.
* Wed Oct 17 2012 Peter Jones <pjones@redhat.com> - 0.99-4
- Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.