Update to 0.98
- Add client/server mode.
This commit is contained in:
parent
60f1503bcc
commit
e7f0d0243b
@ -1,27 +0,0 @@
|
|||||||
From 1caa864e41ebd26a2289bf69d44183e88b76b207 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Tue, 14 Aug 2012 11:52:29 -0400
|
|
||||||
Subject: [PATCH] Make macros.pesign work a bit better.
|
|
||||||
|
|
||||||
---
|
|
||||||
src/macros.pesign | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
|
||||||
index d12ad05..beb6489 100644
|
|
||||||
--- a/src/macros.pesign
|
|
||||||
+++ b/src/macros.pesign
|
|
||||||
@@ -6,8 +6,8 @@
|
|
||||||
# %pesign -s -i shim.orig -o shim.efi
|
|
||||||
# And magically get the right thing.
|
|
||||||
|
|
||||||
-%__pesign_token %{expand: %%{?defined(pe_signing_token):%{nil}}%%{!?defined(pe_signing_token):-t "%%{pe_signing_token}"}}
|
|
||||||
-%__pesign_cert %{expand: %%{?defined(pe_signing_cert):%{nil}}%%{!?defined(pe_signing_cert):-c "%%{pe_signing_cert}"}}
|
|
||||||
+%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
|
|
||||||
+%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
|
|
||||||
|
|
||||||
%_pesign /usr/bin/pesign
|
|
||||||
%pesign \
|
|
||||||
--
|
|
||||||
1.7.11.4
|
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
From 3b8ca0d0068e452e7c97e761a69a34757cbd135c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Wed, 15 Aug 2012 11:32:40 -0400
|
|
||||||
Subject: [PATCH] Simplify macros.pesign some more.
|
|
||||||
|
|
||||||
---
|
|
||||||
src/macros.pesign | 16 ++++++++++++----
|
|
||||||
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
|
||||||
index 7932629..703edbb 100644
|
|
||||||
--- a/src/macros.pesign
|
|
||||||
+++ b/src/macros.pesign
|
|
||||||
@@ -6,9 +6,17 @@
|
|
||||||
# %pesign -s -i shim.orig -o shim.efi
|
|
||||||
# And magically get the right thing.
|
|
||||||
|
|
||||||
-%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
|
|
||||||
-%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
|
|
||||||
+%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
|
|
||||||
+%__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"}
|
|
||||||
|
|
||||||
-%_pesign %{expand:%%([ %%{_arch} == x86_64 ] && echo /usr/bin/pesign || echo /usr/bin/true)}
|
|
||||||
+%_pesign /usr/bin/pesign
|
|
||||||
+
|
|
||||||
+%pesign(i:o:C:s) \
|
|
||||||
+ if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
|
|
||||||
+ %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-s} \
|
|
||||||
+ else \
|
|
||||||
+ if [ -n "%{-i*}" -a -n "%{-o*}" ]; then \
|
|
||||||
+ mv %{-i*} %{-o*} \
|
|
||||||
+ fi \
|
|
||||||
+ fi ;
|
|
||||||
|
|
||||||
-%pesign %{_pesign} %{__pesign_token} %{__pesign_cert}
|
|
||||||
--
|
|
||||||
1.7.11.2
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From a967a147079085fce9b3a4d66cbdd28ccbab559f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Fri, 28 Sep 2012 14:27:54 -0400
|
|
||||||
Subject: [PATCH] Fix missing section relocation when we've added space.
|
|
||||||
|
|
||||||
---
|
|
||||||
libdpe/pe_allocspace.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/libdpe/pe_allocspace.c b/libdpe/pe_allocspace.c
|
|
||||||
index d766503..0ae1f5d 100644
|
|
||||||
--- a/libdpe/pe_allocspace.c
|
|
||||||
+++ b/libdpe/pe_allocspace.c
|
|
||||||
@@ -46,6 +46,7 @@ pe_fix_addresses(Pe *pe, int64_t offset)
|
|
||||||
&pe->state.pe.shdr[cnt];
|
|
||||||
|
|
||||||
adjust(pe->state.pe.scns.data[cnt].rawdata_base, offset);
|
|
||||||
+ adjust(pe->state.pe.scns.data[cnt].data_base, offset);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#undef adjust
|
|
||||||
--
|
|
||||||
1.7.12.1
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From a8e0e93a15ae57dcfc2bf20921fc5fe604dee3fa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Tue, 14 Aug 2012 15:44:26 -0400
|
|
||||||
Subject: [PATCH] Only sign things on x86_64.
|
|
||||||
|
|
||||||
---
|
|
||||||
src/macros.pesign | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
|
||||||
index beb6489..7932629 100644
|
|
||||||
--- a/src/macros.pesign
|
|
||||||
+++ b/src/macros.pesign
|
|
||||||
@@ -9,6 +9,6 @@
|
|
||||||
%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
|
|
||||||
%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
|
|
||||||
|
|
||||||
-%_pesign /usr/bin/pesign
|
|
||||||
-%pesign \
|
|
||||||
-%{_pesign} %{__pesign_token} %{__pesign_cert}
|
|
||||||
+%_pesign %{expand:%%([ %%{_arch} == x86_64 ] && echo /usr/bin/pesign || echo /usr/bin/true)}
|
|
||||||
+
|
|
||||||
+%pesign %{_pesign} %{__pesign_token} %{__pesign_cert}
|
|
||||||
--
|
|
||||||
1.7.11.4
|
|
||||||
|
|
40
pesign.spec
40
pesign.spec
@ -1,13 +1,14 @@
|
|||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Name: pesign
|
Name: pesign
|
||||||
Version: 0.10
|
Version: 0.98
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/pesign
|
URL: https://github.com/vathpela/pesign
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: git gnu-efi nspr nspr-devel nss nss-devel nss-util popt-devel
|
BuildRequires: git gnu-efi nspr nspr-devel nss nss-devel nss-util popt-devel
|
||||||
Requires: nspr nss nss-util popt rpm
|
Requires: nspr nss nss-util popt rpm
|
||||||
|
Requires(pre): shadow-utils
|
||||||
ExclusiveArch: i686 x86_64 ia64
|
ExclusiveArch: i686 x86_64 ia64
|
||||||
|
|
||||||
# there is no tarball at github, of course. To get this version do:
|
# there is no tarball at github, of course. To get this version do:
|
||||||
@ -16,11 +17,6 @@ ExclusiveArch: i686 x86_64 ia64
|
|||||||
Source0: pesign-%{version}.tar.bz2
|
Source0: pesign-%{version}.tar.bz2
|
||||||
Source1: rh-test-certs.tar.bz2
|
Source1: rh-test-certs.tar.bz2
|
||||||
|
|
||||||
Patch0: pesign-0.10-better-macros.patch
|
|
||||||
Patch1: pesign-0.10-only-sign-on-x86-64.patch
|
|
||||||
Patch2: pesign-0.10-even-better-macros.patch
|
|
||||||
Patch3: pesign-0.10-missing-section-reloc.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
well as other associated tools.
|
well as other associated tools.
|
||||||
@ -49,17 +45,43 @@ mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/
|
|||||||
%clean
|
%clean
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
|
|
||||||
|
%pre
|
||||||
|
getent group pesign >/dev/null || groupadd -r pesign
|
||||||
|
getent passwd pesign >/dev/null || \
|
||||||
|
useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \
|
||||||
|
-c "Group for the pesign signing daemon" pesign
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%post
|
||||||
|
%systemd_post pesign.service
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%systemd_preun pesign.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%systemd_postun_with_restart pesign.service
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%doc README TODO COPYING
|
%doc README TODO COPYING
|
||||||
%{_bindir}/pesign
|
%{_bindir}/pesign
|
||||||
|
%{_bindir}/pesign-client
|
||||||
%{_sysconfdir}/popt.d/pesign.popt
|
%{_sysconfdir}/popt.d/pesign.popt
|
||||||
%{_sysconfdir}/rpm/macros.pesign
|
%{_sysconfdir}/rpm/macros.pesign
|
||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
%attr(0755,root,root) /etc/pki/pesign
|
%{_unitdir}/pesign.service
|
||||||
%attr(0644,root,root) /etc/pki/pesign/*
|
%{_prefix}/lib/tmpfiles.d/pesign.conf
|
||||||
|
%dir %attr(0770,pesign,pesign) /etc/pki/pesign
|
||||||
|
%attr(0660,pesign,pesign) /etc/pki/pesign/*
|
||||||
|
%dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
|
||||||
|
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
|
||||||
|
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 12 2012 Peter Jones <pjones@redhat.com> - 0.98-1
|
||||||
|
- Update to 0.98
|
||||||
|
- Add client/server mode.
|
||||||
|
|
||||||
* Mon Oct 01 2012 Peter Jones <pjones@redhat.com> - 0.10-5
|
* Mon Oct 01 2012 Peter Jones <pjones@redhat.com> - 0.10-5
|
||||||
- Fix missing section address fixup.
|
- Fix missing section address fixup.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user