Make it work on the -el6 branch as well.
This commit is contained in:
parent
48279a49da
commit
c0e5984614
@ -1,7 +1,7 @@
|
||||
From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 09:53:07 -0400
|
||||
Subject: [PATCH 01/30] Use PK11_TraverseCertsForNicknameInSlot after all.
|
||||
Subject: [PATCH 01/32] Use PK11_TraverseCertsForNicknameInSlot after all.
|
||||
|
||||
As of 76bc13c it doesn't appear to be leaky any more, and it does a
|
||||
better job of disinguishing between certificates with the same nickname
|
||||
|
@ -1,7 +1,7 @@
|
||||
From e4aa0a2755d7b00e31760a7f90561b0566445fa4 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 09:54:10 -0400
|
||||
Subject: [PATCH 02/30] Remove an unused field.
|
||||
Subject: [PATCH 02/32] Remove an unused field.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From df5afd0e6d92f31a804f5f1631b6fae3b8ef4d8b Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 09:54:37 -0400
|
||||
Subject: [PATCH 03/30] Free the certificate list we make once we're done
|
||||
Subject: [PATCH 03/32] Free the certificate list we make once we're done
|
||||
using it.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From c13cc0b03dcae9a743cc49aaa62c3923a3e7d8f9 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 09:55:02 -0400
|
||||
Subject: [PATCH 04/30] Make sure we actually look up the certificate when not
|
||||
Subject: [PATCH 04/32] Make sure we actually look up the certificate when not
|
||||
in daemon mode.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 844138e07535a8aa2be80496378c9929acaa1687 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 10:35:41 -0400
|
||||
Subject: [PATCH 05/30] Fix check for allocations on tokenname,certname.
|
||||
Subject: [PATCH 05/32] Fix check for allocations on tokenname,certname.
|
||||
|
||||
If we didn't have anything to start with, we won't have anything when
|
||||
we're done...
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 682233d107460b49071017b4d88c0430373dbd35 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 10:55:25 -0400
|
||||
Subject: [PATCH 06/30] Update valgrind.supp for newer codepaths.
|
||||
Subject: [PATCH 06/32] Update valgrind.supp for newer codepaths.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 81bf0e36a82a3d746a01aee50d8ee460dc794b19 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 10:57:20 -0400
|
||||
Subject: [PATCH 07/30] Free the pid string once we're done writing it.
|
||||
Subject: [PATCH 07/32] Free the pid string once we're done writing it.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 50c50c8fbebab3d8b5efff35dc1a7ca4b44d6b19 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 11:08:30 -0400
|
||||
Subject: [PATCH 08/30] [valgrind] Don't complain about unlocking a key and
|
||||
Subject: [PATCH 08/32] [valgrind] Don't complain about unlocking a key and
|
||||
keeping the handle.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From b71f1d2e8f7ad6853e5e68134a66baf9dea2471b Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 11:26:04 -0400
|
||||
Subject: [PATCH 09/30] Only try to register OIDs once.
|
||||
Subject: [PATCH 09/32] Only try to register OIDs once.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From f966137c17f74fc3e343dfb6e04300a9d179de03 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 12:05:29 -0400
|
||||
Subject: [PATCH 10/30] Check for NSS_Shutdown() failure.
|
||||
Subject: [PATCH 10/32] Check for NSS_Shutdown() failure.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 0dddfd5e738232403220b0d18888f94fa0032a59 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 12:17:39 -0400
|
||||
Subject: [PATCH 11/30] Don't destroy stdin/stdout/stderr if we don't fork.
|
||||
Subject: [PATCH 11/32] Don't destroy stdin/stdout/stderr if we don't fork.
|
||||
|
||||
I like being able to read my error messages.
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 19c8e797d092e17f2882d249d5446728a76db050 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 14:29:30 -0400
|
||||
Subject: [PATCH 12/30] [valgrind] Add SECMOD_LoadModule codepath.
|
||||
Subject: [PATCH 12/32] [valgrind] Add SECMOD_LoadModule codepath.
|
||||
|
||||
This is called once when we initialize the database.
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 14:33:35 -0400
|
||||
Subject: [PATCH 13/30] Don't set up digests in cms_context_init.
|
||||
Subject: [PATCH 13/32] Don't set up digests in cms_context_init.
|
||||
|
||||
Move digest setup out of cms_context_init, so we can avoid leaking the
|
||||
reference to the digests by not having them in ctx->backup_cms in the
|
||||
|
@ -1,7 +1,7 @@
|
||||
From e1f8d4e38f4ad08fb407691a3f59edc19a1f15e2 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 14:41:18 -0400
|
||||
Subject: [PATCH 14/30] Do register_oids() where we're doing NSS_Init()
|
||||
Subject: [PATCH 14/32] Do register_oids() where we're doing NSS_Init()
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 092e3f81233655849156b0948a53f3b5f51b8c97 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 14:43:58 -0400
|
||||
Subject: [PATCH 15/30] Make daemon shutdown actually close the NSS databases
|
||||
Subject: [PATCH 15/32] Make daemon shutdown actually close the NSS databases
|
||||
and whatnot.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From b6ff405da1bf4627a40fc104457a539788c9f470 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:18:08 -0400
|
||||
Subject: [PATCH 16/30] Reformat a bunch of error messages to be vaguely
|
||||
Subject: [PATCH 16/32] Reformat a bunch of error messages to be vaguely
|
||||
consistent.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 8ffe6943f04d42314f81eb8b5e3350d4ccc41895 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:26:23 -0400
|
||||
Subject: [PATCH 17/30] Use PORT_ArenaStrdup() where appropriate.
|
||||
Subject: [PATCH 17/32] Use PORT_ArenaStrdup() where appropriate.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From c196b462ad5267e8ed20c0b855b9921268b22a7b Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:26:47 -0400
|
||||
Subject: [PATCH 18/30] Minor whitespace fixes.
|
||||
Subject: [PATCH 18/32] Minor whitespace fixes.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 7a8c50f620c7484af9d750f484df8a6837e6b2a5 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:27:03 -0400
|
||||
Subject: [PATCH 19/30] [daemon] Make sure inpe is initialized before all
|
||||
Subject: [PATCH 19/32] [daemon] Make sure inpe is initialized before all
|
||||
error handling.
|
||||
|
||||
find_certificate() and set_up_inpe() errors wind up being at the same
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:31:15 -0400
|
||||
Subject: [PATCH 20/30] Allocate pesign_context rather than having it on the
|
||||
Subject: [PATCH 20/32] Allocate pesign_context rather than having it on the
|
||||
stack.
|
||||
|
||||
This way it won't try to re-initialize cms_context when it's cleaned up.
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 444a514e1a7c9a27953f914cf416d559ef5be083 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:32:57 -0400
|
||||
Subject: [PATCH 21/30] [pesign] initialize nss only if we're not a daemon.
|
||||
Subject: [PATCH 21/32] [pesign] initialize nss only if we're not a daemon.
|
||||
|
||||
If it's a deamon, NSS_Init, register_oids, and setup_digests will be
|
||||
done in the daemon code, not in the normal tool code.
|
||||
|
@ -1,7 +1,7 @@
|
||||
From a1ce809e199c7fbbd6f5c0e75f27a4234fcbd2bc Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 15:34:00 -0400
|
||||
Subject: [PATCH 22/30] Handle errors on pesign_context_init()
|
||||
Subject: [PATCH 22/32] Handle errors on pesign_context_init()
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 4ed91a1bb65769401c0fd6c1c5b2a3c64c0c1266 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 16:35:43 -0400
|
||||
Subject: [PATCH 23/30] Add sanity checking to make sure we don't emit
|
||||
Subject: [PATCH 23/32] Add sanity checking to make sure we don't emit
|
||||
uninitialized hashes.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
@ -1,7 +1,7 @@
|
||||
From d8ead122f34375a496d280bcc803f730542ca78d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 17:47:49 -0400
|
||||
Subject: [PATCH 24/30] Make sure we free the token/cert we get from the
|
||||
Subject: [PATCH 24/32] Make sure we free the token/cert we get from the
|
||||
command line.
|
||||
|
||||
This probably needs some further examination, but valgrind likes what's
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 2030d382b49a1b957de829a67f74d9cc127c55ee Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 17:48:44 -0400
|
||||
Subject: [PATCH 25/30] [pesign] Only shut down nss in pesign.c if we're not
|
||||
Subject: [PATCH 25/32] [pesign] Only shut down nss in pesign.c if we're not
|
||||
the daemon.
|
||||
|
||||
The daemon does its own init and shutdown.
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 4efe979d6b781e064fe1afa946753ead9e3bbb9d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 17:49:17 -0400
|
||||
Subject: [PATCH 26/30] Rework setup_digests() and teardown_digests()
|
||||
Subject: [PATCH 26/32] Rework setup_digests() and teardown_digests()
|
||||
|
||||
This fixes the problem I was seeing with empty content_info digests, and
|
||||
makes the code a /little/ bit cleaner in some ways.
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 15cd554d35c5ea8d31671b346dffd84e27e7c6ec Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 17:52:57 -0400
|
||||
Subject: [PATCH 27/30] We shouldn't need
|
||||
Subject: [PATCH 27/32] We shouldn't need
|
||||
Environment=NSS_STRICT_NOFORK=DISABLED any more.
|
||||
|
||||
Since NSS_Init is called from the daemon now, we should get past its
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 1b94dd90f5a1c65df16ffe3b0619ce5dc0ca1f06 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 17 Oct 2012 19:59:49 -0400
|
||||
Subject: [PATCH 28/30] Fix errors found by coverity.
|
||||
Subject: [PATCH 28/32] Fix errors found by coverity.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 95c0fe1d512fcdf3b397359fb0f54dc44e5947c2 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 18 Oct 2012 09:12:25 -0400
|
||||
Subject: [PATCH 29/30] Don't keep the DEPS list twice.
|
||||
Subject: [PATCH 29/32] Don't keep the DEPS list twice.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 44aad110fd3f0a12e1817d95047f882c4d8b0fce Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 18 Oct 2012 11:36:10 -0400
|
||||
Subject: [PATCH 30/30] Don't build util/ right now.
|
||||
Subject: [PATCH 30/32] Don't build util/ right now.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
163
0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
Normal file
163
0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
Normal file
@ -0,0 +1,163 @@
|
||||
From 4c13f6d393db0aa5ff5b327cb5e842ee21522236 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 18 Oct 2012 13:09:58 -0400
|
||||
Subject: [PATCH 31/32] Make "install_systemd" and "install_sysvinit" separate
|
||||
targets
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
Makefile | 6 ++++
|
||||
src/Makefile | 16 +++++++----
|
||||
src/pesign.sysvinit | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 99 insertions(+), 5 deletions(-)
|
||||
create mode 100644 src/pesign.sysvinit
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 5e9bd31..12e0dbb 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -19,6 +19,12 @@ install :
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
|
||||
$(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/
|
||||
|
||||
+install_systemd:
|
||||
+ @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
|
||||
+
|
||||
+install_sysvinit:
|
||||
+ @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
|
||||
+
|
||||
.PHONY: $(SUBDIRS) clean install
|
||||
|
||||
include $(TOPDIR)/Make.rules
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index cb74c12..7e611c8 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -42,7 +42,7 @@ client : $(client_OBJECTS) $(STATIC_LIBS)
|
||||
fuzzsocket_SOURCES = fuzzsocket.c
|
||||
fuzzsocket_OBJECTS = $(foreach source,$(fuzzsocket_SOURCES),$(patsubst %.c,%,$(source)).o)
|
||||
fuzzsocket_DEPS = $(foreach source,$(fuzzsocket_SOURCES),.$(patsubst %.c,%,$(source)).P)
|
||||
-fuzzsocket : $(fuzzsocket_OBJECTS)
|
||||
+fuzzsocket : $(fuzzsocket_OBJECTS) -lrt
|
||||
|
||||
DEPS = $(generic_DEPS)$(authvar_DEPS) $(pesign_DEPS) $(client_DEPS) \
|
||||
$(peverify_DEPS)
|
||||
@@ -57,6 +57,16 @@ depclean :
|
||||
clean : depclean
|
||||
@rm -rfv *.o *.a *.so $(TARGETS)
|
||||
|
||||
+install_systemd:
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
|
||||
+ $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
|
||||
+ $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
|
||||
+
|
||||
+install_sysvinit:
|
||||
+ $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/
|
||||
+ $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign
|
||||
+
|
||||
install :
|
||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
||||
@@ -72,10 +82,6 @@ install :
|
||||
#$(INSTALL) -m 644 peverify.1 $(INSTALLROOT)/usr/share/man/man1/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
|
||||
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
|
||||
- $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
|
||||
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
|
||||
- $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
|
||||
|
||||
.PHONY: all deps clean install
|
||||
|
||||
diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
|
||||
new file mode 100644
|
||||
index 0000000..f955e01
|
||||
--- /dev/null
|
||||
+++ b/src/pesign.sysvinit
|
||||
@@ -0,0 +1,82 @@
|
||||
+#! /bin/sh
|
||||
+#
|
||||
+# pesign This starts the pesign PE signing daemon
|
||||
+#
|
||||
+# chkconfig: - 50 50
|
||||
+# processname: /usr/bin/pesign
|
||||
+# pidfile: /var/run/pesign.pid
|
||||
+### BEGIN INIT INFO
|
||||
+# Provides: pesign
|
||||
+# Default-Start:
|
||||
+# Default-Stop:
|
||||
+# Short-Description: The pesign PE signing daemon
|
||||
+# Description: The pesign PE signing daemon
|
||||
+### END INIT INFO
|
||||
+
|
||||
+. /etc/init.d/functions
|
||||
+[ -f /usr/bin/pesign ] || exit 1
|
||||
+
|
||||
+RETVAL=0
|
||||
+
|
||||
+start(){
|
||||
+ echo -n "Starting pesign: "
|
||||
+ daemon /usr/bin/pesign --daemonize
|
||||
+ RETVAL=$?
|
||||
+ echo
|
||||
+ touch /var/lock/subsys/pesign
|
||||
+}
|
||||
+
|
||||
+stop(){
|
||||
+ echo -n "Stopping pesign: "
|
||||
+ killproc -p /var/run/pesign.pid pesignd
|
||||
+ RETVAL=$?
|
||||
+ echo
|
||||
+ rm -f /var/lock/subsys/pesign
|
||||
+}
|
||||
+
|
||||
+restart(){
|
||||
+ stop
|
||||
+ start
|
||||
+}
|
||||
+
|
||||
+reload(){
|
||||
+ stop
|
||||
+ start
|
||||
+}
|
||||
+
|
||||
+condrestart(){
|
||||
+ [ -e /var/lock/subsys/pesign ] && restart
|
||||
+}
|
||||
+
|
||||
+# See how we were called.
|
||||
+case "$1" in
|
||||
+ start)
|
||||
+ start
|
||||
+ ;;
|
||||
+ stop)
|
||||
+ stop
|
||||
+ ;;
|
||||
+ status)
|
||||
+ status /usr/bin/pesign
|
||||
+ ;;
|
||||
+ restart)
|
||||
+ restart
|
||||
+ ;;
|
||||
+ reload)
|
||||
+ reload
|
||||
+ ;;
|
||||
+ force-reload)
|
||||
+ reload
|
||||
+ ;;
|
||||
+ condrestart)
|
||||
+ condrestart
|
||||
+ ;;
|
||||
+ try-restart)
|
||||
+ condrestart
|
||||
+ ;;
|
||||
+ *)
|
||||
+ echo "Usage: pesign {start|stop|status|restart|condrestart|reload}"
|
||||
+ RETVAL=1
|
||||
+esac
|
||||
+
|
||||
+exit $RETVAL
|
||||
--
|
||||
1.7.12.1
|
||||
|
75
0032-Get-rid-of-an-unnecessary-allocation.patch
Normal file
75
0032-Get-rid-of-an-unnecessary-allocation.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From df1b69e304f2a7eb82e2f94e50f07099afbf4578 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 18 Oct 2012 13:10:28 -0400
|
||||
Subject: [PATCH 32/32] Get rid of an unnecessary allocation.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/client.c | 32 ++++++++++++++------------------
|
||||
1 file changed, 14 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/client.c b/src/client.c
|
||||
index 8336749..df1c8f2 100644
|
||||
--- a/src/client.c
|
||||
+++ b/src/client.c
|
||||
@@ -223,25 +223,17 @@ unlock_token(int sd, char *tokenname, char *pin)
|
||||
{
|
||||
struct msghdr msg;
|
||||
struct iovec iov[2];
|
||||
- pesignd_msghdr *pm;
|
||||
+ pesignd_msghdr pm;
|
||||
|
||||
uint32_t size0 = pesignd_string_size(tokenname);
|
||||
|
||||
uint32_t size1 = pesignd_string_size(pin);
|
||||
|
||||
- pm = calloc(1, sizeof(*pm));
|
||||
- if (!pm) {
|
||||
-oom:
|
||||
- fprintf(stderr, "pesign-client: could not allocate memory: "
|
||||
- "%m\n");
|
||||
- exit(1);
|
||||
- }
|
||||
-
|
||||
- pm->version = PESIGND_VERSION;
|
||||
- pm->command = CMD_UNLOCK_TOKEN;
|
||||
- pm->size = size0 + size1;
|
||||
- iov[0].iov_base = pm;
|
||||
- iov[0].iov_len = sizeof (*pm);
|
||||
+ pm.version = PESIGND_VERSION;
|
||||
+ pm.command = CMD_UNLOCK_TOKEN;
|
||||
+ pm.size = size0 + size1;
|
||||
+ iov[0].iov_base = ±
|
||||
+ iov[0].iov_len = sizeof (pm);
|
||||
|
||||
memset(&msg, '\0', sizeof(msg));
|
||||
msg.msg_iov = iov;
|
||||
@@ -257,8 +249,11 @@ oom:
|
||||
|
||||
uint8_t *buffer = NULL;
|
||||
buffer = calloc(1, size0 + size1);
|
||||
- if (!buffer)
|
||||
- goto oom;
|
||||
+ if (!buffer) {
|
||||
+ fprintf(stderr, "pesign-client: could not allocate memory: "
|
||||
+ "%m\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
|
||||
pesignd_string *tn = (pesignd_string *)buffer;
|
||||
pesignd_string_set(tn, tokenname);
|
||||
@@ -478,8 +473,9 @@ main(int argc, char *argv[])
|
||||
|
||||
rc = poptReadDefaultConfig(optCon, 0);
|
||||
if (rc < 0) {
|
||||
- fprintf(stderr, "pesign: poprReadDefaultConfig failed: %s\n",
|
||||
- poptStrerror(rc));
|
||||
+ fprintf(stderr,
|
||||
+ "pesign-client: poptReadDefaultConfig failed: %s\n",
|
||||
+ poptStrerror(rc));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
--
|
||||
1.7.12.1
|
||||
|
65
pesign.spec
65
pesign.spec
@ -1,7 +1,7 @@
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Name: pesign
|
||||
Version: 0.99
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Group: Development/System
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
@ -17,36 +17,38 @@ ExclusiveArch: i686 x86_64 ia64
|
||||
Source0: pesign-%{version}.tar.bz2
|
||||
Source1: rh-test-certs.tar.bz2
|
||||
|
||||
Patch0: 0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
|
||||
Patch1: 0002-Remove-an-unused-field.patch
|
||||
Patch2: 0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
|
||||
Patch3: 0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
|
||||
Patch4: 0005-Fix-check-for-allocations-on-tokenname-certname.patch
|
||||
Patch5: 0006-Update-valgrind.supp-for-newer-codepaths.patch
|
||||
Patch6: 0007-Free-the-pid-string-once-we-re-done-writing-it.patch
|
||||
Patch7: 0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
|
||||
Patch8: 0009-Only-try-to-register-OIDs-once.patch
|
||||
Patch9: 0010-Check-for-NSS_Shutdown-failure.patch
|
||||
Patch10: 0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
|
||||
Patch11: 0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
|
||||
Patch12: 0013-Don-t-set-up-digests-in-cms_context_init.patch
|
||||
Patch13: 0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
|
||||
Patch14: 0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
|
||||
Patch15: 0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
|
||||
Patch16: 0017-Use-PORT_ArenaStrdup-where-appropriate.patch
|
||||
Patch17: 0018-Minor-whitespace-fixes.patch
|
||||
Patch18: 0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
|
||||
Patch19: 0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
|
||||
Patch20: 0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
|
||||
Patch21: 0022-Handle-errors-on-pesign_context_init.patch
|
||||
Patch22: 0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
|
||||
Patch23: 0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
|
||||
Patch24: 0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
|
||||
Patch25: 0026-Rework-setup_digests-and-teardown_digests.patch
|
||||
Patch26: 0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
|
||||
Patch27: 0028-Fix-errors-found-by-coverity.patch
|
||||
Patch28: 0029-Don-t-keep-the-DEPS-list-twice.patch
|
||||
Patch1: 0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
|
||||
Patch2: 0002-Remove-an-unused-field.patch
|
||||
Patch3: 0003-Free-the-certificate-list-we-make-once-we-re-done-us.patch
|
||||
Patch4: 0004-Make-sure-we-actually-look-up-the-certificate-when-n.patch
|
||||
Patch5: 0005-Fix-check-for-allocations-on-tokenname-certname.patch
|
||||
Patch6: 0006-Update-valgrind.supp-for-newer-codepaths.patch
|
||||
Patch7: 0007-Free-the-pid-string-once-we-re-done-writing-it.patch
|
||||
Patch8: 0008-valgrind-Don-t-complain-about-unlocking-a-key-and-ke.patch
|
||||
Patch9: 0009-Only-try-to-register-OIDs-once.patch
|
||||
Patch10: 0010-Check-for-NSS_Shutdown-failure.patch
|
||||
Patch11: 0011-Don-t-destroy-stdin-stdout-stderr-if-we-don-t-fork.patch
|
||||
Patch12: 0012-valgrind-Add-SECMOD_LoadModule-codepath.patch
|
||||
Patch13: 0013-Don-t-set-up-digests-in-cms_context_init.patch
|
||||
Patch14: 0014-Do-register_oids-where-we-re-doing-NSS_Init.patch
|
||||
Patch15: 0015-Make-daemon-shutdown-actually-close-the-NSS-database.patch
|
||||
Patch16: 0016-Reformat-a-bunch-of-error-messages-to-be-vaguely-con.patch
|
||||
Patch17: 0017-Use-PORT_ArenaStrdup-where-appropriate.patch
|
||||
Patch18: 0018-Minor-whitespace-fixes.patch
|
||||
Patch19: 0019-daemon-Make-sure-inpe-is-initialized-before-all-erro.patch
|
||||
Patch20: 0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
|
||||
Patch21: 0021-pesign-initialize-nss-only-if-we-re-not-a-daemon.patch
|
||||
Patch22: 0022-Handle-errors-on-pesign_context_init.patch
|
||||
Patch23: 0023-Add-sanity-checking-to-make-sure-we-don-t-emit-unini.patch
|
||||
Patch24: 0024-Make-sure-we-free-the-token-cert-we-get-from-the-com.patch
|
||||
Patch25: 0025-pesign-Only-shut-down-nss-in-pesign.c-if-we-re-not-t.patch
|
||||
Patch26: 0026-Rework-setup_digests-and-teardown_digests.patch
|
||||
Patch27: 0027-We-shouldn-t-need-Environment-NSS_STRICT_NOFORK-DISA.patch
|
||||
Patch28: 0028-Fix-errors-found-by-coverity.patch
|
||||
Patch29: 0029-Don-t-keep-the-DEPS-list-twice.patch
|
||||
Patch30: 0030-Don-t-build-util-right-now.patch
|
||||
Patch31: 0031-Make-install_systemd-and-install_sysvinit-separate-t.patch
|
||||
Patch32: 0032-Get-rid-of-an-unnecessary-allocation.patch
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
@ -111,6 +113,9 @@ exit 0
|
||||
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
||||
|
||||
%changelog
|
||||
* Thu Oct 18 2012 Peter Jones <pjones@redhat.com> - 0.99-5
|
||||
- Make it work on the -el6 branch as well.
|
||||
|
||||
* Wed Oct 17 2012 Peter Jones <pjones@redhat.com> - 0.99-4
|
||||
- Fix some more bugs found by valgrind and coverity.
|
||||
- Don't build utils/ ; we're not using them and they're not ready anyway.
|
||||
|
Loading…
Reference in New Issue
Block a user