Update to 0.98

- Add client/server mode.
This commit is contained in:
Peter Jones 2012-10-12 20:11:57 -04:00
parent 60f1503bcc
commit e7f0d0243b
6 changed files with 32 additions and 125 deletions

View File

@ -1,27 +0,0 @@
From 1caa864e41ebd26a2289bf69d44183e88b76b207 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Aug 2012 11:52:29 -0400
Subject: [PATCH] Make macros.pesign work a bit better.
---
src/macros.pesign | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index d12ad05..beb6489 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -6,8 +6,8 @@
# %pesign -s -i shim.orig -o shim.efi
# And magically get the right thing.
-%__pesign_token %{expand: %%{?defined(pe_signing_token):%{nil}}%%{!?defined(pe_signing_token):-t "%%{pe_signing_token}"}}
-%__pesign_cert %{expand: %%{?defined(pe_signing_cert):%{nil}}%%{!?defined(pe_signing_cert):-c "%%{pe_signing_cert}"}}
+%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
+%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
%_pesign /usr/bin/pesign
%pesign \
--
1.7.11.4

View File

@ -1,38 +0,0 @@
From 3b8ca0d0068e452e7c97e761a69a34757cbd135c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 15 Aug 2012 11:32:40 -0400
Subject: [PATCH] Simplify macros.pesign some more.
---
src/macros.pesign | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index 7932629..703edbb 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -6,9 +6,17 @@
# %pesign -s -i shim.orig -o shim.efi
# And magically get the right thing.
-%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
-%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
+%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
+%__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"}
-%_pesign %{expand:%%([ %%{_arch} == x86_64 ] && echo /usr/bin/pesign || echo /usr/bin/true)}
+%_pesign /usr/bin/pesign
+
+%pesign(i:o:C:s) \
+ if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
+ %{_pesign} %{__pesign_token} %{__pesign_cert} %{-i} %{-o} %{-s} \
+ else \
+ if [ -n "%{-i*}" -a -n "%{-o*}" ]; then \
+ mv %{-i*} %{-o*} \
+ fi \
+ fi ;
-%pesign %{_pesign} %{__pesign_token} %{__pesign_cert}
--
1.7.11.2

View File

@ -1,24 +0,0 @@
From a967a147079085fce9b3a4d66cbdd28ccbab559f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 28 Sep 2012 14:27:54 -0400
Subject: [PATCH] Fix missing section relocation when we've added space.
---
libdpe/pe_allocspace.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libdpe/pe_allocspace.c b/libdpe/pe_allocspace.c
index d766503..0ae1f5d 100644
--- a/libdpe/pe_allocspace.c
+++ b/libdpe/pe_allocspace.c
@@ -46,6 +46,7 @@ pe_fix_addresses(Pe *pe, int64_t offset)
&pe->state.pe.shdr[cnt];
adjust(pe->state.pe.scns.data[cnt].rawdata_base, offset);
+ adjust(pe->state.pe.scns.data[cnt].data_base, offset);
}
}
#undef adjust
--
1.7.12.1

View File

@ -1,26 +0,0 @@
From a8e0e93a15ae57dcfc2bf20921fc5fe604dee3fa Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 Aug 2012 15:44:26 -0400
Subject: [PATCH] Only sign things on x86_64.
---
src/macros.pesign | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index beb6489..7932629 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -9,6 +9,6 @@
%__pesign_token %{expand: %%{nil} %%{?pe_signing_token:-t "%%{pe_signing_token}"}}
%__pesign_cert %{expand: %%{!?pe_signing_cert:-c "Red Hat Test Certificate"} %%{?pe_signing_cert:-c "%%{pe_signing_cert}"}}
-%_pesign /usr/bin/pesign
-%pesign \
-%{_pesign} %{__pesign_token} %{__pesign_cert}
+%_pesign %{expand:%%([ %%{_arch} == x86_64 ] && echo /usr/bin/pesign || echo /usr/bin/true)}
+
+%pesign %{_pesign} %{__pesign_token} %{__pesign_cert}
--
1.7.11.4

View File

@ -1,13 +1,14 @@
Summary: Signing utility for UEFI binaries Summary: Signing utility for UEFI binaries
Name: pesign Name: pesign
Version: 0.10 Version: 0.98
Release: 5%{?dist} Release: 1%{?dist}
Group: Development/System Group: Development/System
License: GPLv2 License: GPLv2
URL: https://github.com/vathpela/pesign URL: https://github.com/vathpela/pesign
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: git gnu-efi nspr nspr-devel nss nss-devel nss-util popt-devel BuildRequires: git gnu-efi nspr nspr-devel nss nss-devel nss-util popt-devel
Requires: nspr nss nss-util popt rpm Requires: nspr nss nss-util popt rpm
Requires(pre): shadow-utils
ExclusiveArch: i686 x86_64 ia64 ExclusiveArch: i686 x86_64 ia64
# there is no tarball at github, of course. To get this version do: # there is no tarball at github, of course. To get this version do:
@ -16,11 +17,6 @@ ExclusiveArch: i686 x86_64 ia64
Source0: pesign-%{version}.tar.bz2 Source0: pesign-%{version}.tar.bz2
Source1: rh-test-certs.tar.bz2 Source1: rh-test-certs.tar.bz2
Patch0: pesign-0.10-better-macros.patch
Patch1: pesign-0.10-only-sign-on-x86-64.patch
Patch2: pesign-0.10-even-better-macros.patch
Patch3: pesign-0.10-missing-section-reloc.patch
%description %description
This package contains the pesign utility for signing UEFI binaries as This package contains the pesign utility for signing UEFI binaries as
well as other associated tools. well as other associated tools.
@ -49,17 +45,43 @@ mv rh-test-certs/etc/pki/pesign/* %{buildroot}/etc/pki/pesign/
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
%pre
getent group pesign >/dev/null || groupadd -r pesign
getent passwd pesign >/dev/null || \
useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \
-c "Group for the pesign signing daemon" pesign
exit 0
%post
%systemd_post pesign.service
%preun
%systemd_preun pesign.service
%postun
%systemd_postun_with_restart pesign.service
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc README TODO COPYING %doc README TODO COPYING
%{_bindir}/pesign %{_bindir}/pesign
%{_bindir}/pesign-client
%{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/rpm/macros.pesign %{_sysconfdir}/rpm/macros.pesign
%{_mandir}/man*/* %{_mandir}/man*/*
%attr(0755,root,root) /etc/pki/pesign %{_unitdir}/pesign.service
%attr(0644,root,root) /etc/pki/pesign/* %{_prefix}/lib/tmpfiles.d/pesign.conf
%dir %attr(0770,pesign,pesign) /etc/pki/pesign
%attr(0660,pesign,pesign) /etc/pki/pesign/*
%dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
%changelog %changelog
* Fri Oct 12 2012 Peter Jones <pjones@redhat.com> - 0.98-1
- Update to 0.98
- Add client/server mode.
* Mon Oct 01 2012 Peter Jones <pjones@redhat.com> - 0.10-5 * Mon Oct 01 2012 Peter Jones <pjones@redhat.com> - 0.10-5
- Fix missing section address fixup. - Fix missing section address fixup.

View File

@ -1,2 +1,2 @@
328db7cb27847cb610b7cf8f9c470455 rh-test-certs.tar.bz2 328db7cb27847cb610b7cf8f9c470455 rh-test-certs.tar.bz2
5ce051e54de3373aba09eb7e6f85f85a pesign-0.10.tar.bz2 2974e3ae046e26e53922e148a3a7fee8 pesign-0.98.tar.bz2