diff --git a/0001-Don-t-set-SO_PASSCRED.patch b/0001-Don-t-set-SO_PASSCRED.patch new file mode 100644 index 0000000..4e31256 --- /dev/null +++ b/0001-Don-t-set-SO_PASSCRED.patch @@ -0,0 +1,43 @@ +From c877f0187d337374960f02046800a313d2326848 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 29 May 2014 16:10:05 -0400 +Subject: [PATCH] Don't set SO_PASSCRED. + +It would appear that on recent kernels, setting SO_PASSCRED means you +always get SCM_CREDENTIALS control messages back instead of what +sendmsg() sent you, and SCM_RIGHTS works just fine without it. + +Signed-off-by: Peter Jones +--- + src/daemon.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/src/daemon.c b/src/daemon.c +index 55c08c3..af3a2b6 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -744,20 +744,12 @@ set_up_socket(context *ctx) + exit(1); + } + +- int one = 1; +- int rc = setsockopt(sd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)); +- if (rc < 0) { +- ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, +- "unable to set socket options: %m"); +- exit(1); +- } +- + struct sockaddr_un addr_un = { + .sun_family = AF_UNIX, + .sun_path = SOCKPATH, + }; + +- rc = bind(sd, &addr_un, sizeof(addr_un)); ++ int rc = bind(sd, &addr_un, sizeof(addr_un)); + if (rc < 0) { + ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR, + "unable to bind to \"%s\": %m", +-- +1.9.0 + diff --git a/pesign.spec b/pesign.spec index 69bccc7..8b6b2f2 100644 --- a/pesign.spec +++ b/pesign.spec @@ -1,11 +1,11 @@ Summary: Signing utility for UEFI binaries Name: pesign Version: 0.108 -Release: 1%{?dist} +Release: 2%{?dist} Group: Development/System License: GPLv2 URL: https://github.com/vathpela/pesign -BuildRequires: git gnu-efi nspr nss nss-util popt-devel +BuildRequires: git nspr nss nss-util popt-devel BuildRequires: coolkey opensc nss-tools BuildRequires: nspr-devel >= 4.9.2-1 BuildRequires: nss-devel >= 3.13.6-1 @@ -21,6 +21,7 @@ BuildRequires: rh-signing-tools >= 1.20-2 # git checkout %%{version} Source0: pesign-%{version}.tar.bz2 Source1: rh-test-certs.tar.bz2 +Patch0001: 0001-Don-t-set-SO_PASSCRED.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -99,6 +100,9 @@ exit 0 %endif %changelog +* Thu May 29 2014 Peter Jones - 0.108-2 +- Fix a networking problem nirik observed when reinstalling builders. + * Sat Aug 10 2013 Peter Jones - 0.108-1 - Remove errant result files and raise an error from %%pesign