*Don't* use --certdir if we're using the socket.

Related: rhbz#1283475 Related: rhbz#1284063 Related: rhbz#1284561 Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-02 13:23:21 -05:00 · 2015-12-02 13:23:21 -05:00 · fb1e5968c8
commit fb1e5968c8
parent b24daeac79
2 changed files with 8 additions and 3 deletions
--- a/0005-Do-a-better-job-of-isolating-pesign-rh-test-crap.patch
+++ b/0005-Do-a-better-job-of-isolating-pesign-rh-test-crap.patch
@ -44,11 +44,10 @@ index 39374ce..9644940 100644
   if [ -x %{_pesign} ] &&  						\\\
        [ "%{_target_cpu}" == "x86_64" -o 				\\\
          "%{_target_cpu}" == "aarch64" ]; then				\
-@@ -39,9 +43,11 @@
+@@ -39,9 +43,10 @@
     elif [ -S /var/run/pesign/socket ]; then				\
       %{_pesign_client} -t "OpenSC Card (Fedora Signer)"		\\\
                         -c "/CN=Fedora Secure Boot Signer"		\\\
 +			--certdir ${_pesign_nssdir}			\\\
                         %{-i} %{-o} %{-e} %{-s} %{-C}			\
     else								\
 -      %{_pesign} %{__pesign_token} %{__pesign_cert}			\\\
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Summary: Signing utility for UEFI binaries
 Name: pesign
 Version: 0.111
-Release: 5%{?dist}
+Release: 6%{?dist}
 Group: Development/System
 License: GPLv2
 URL: https://github.com/vathpela/pesign
@ -135,6 +135,12 @@ modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
 %endif
 %changelog
 * Wed Dec 02 2015 Peter Jones <pjones@redhat.com> - 0.111-6
 - *Don't* use --certdir if we're using the socket.
  Related: rhbz#1283475
  Related: rhbz#1284063
  Related: rhbz#1284561
 * Tue Dec 01 2015 Peter Jones <pjones@redhat.com> - 0.111-5
 - Actually do a better job of choosing which cert to use when, so people will
  stop seeing any of this problem.  (Thanks for the thought, jforbes.)