*Don't* use --certdir if we're using the socket.

Related: rhbz#1283475
  Related: rhbz#1284063
  Related: rhbz#1284561

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2015-12-02 13:23:21 -05:00
parent b24daeac79
commit fb1e5968c8
2 changed files with 8 additions and 3 deletions

View File

@ -44,11 +44,10 @@ index 39374ce..9644940 100644
if [ -x %{_pesign} ] && \\\
[ "%{_target_cpu}" == "x86_64" -o \\\
"%{_target_cpu}" == "aarch64" ]; then \
@@ -39,9 +43,11 @@
@@ -39,9 +43,10 @@
elif [ -S /var/run/pesign/socket ]; then \
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\
+ --certdir ${_pesign_nssdir} \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
else \
- %{_pesign} %{__pesign_token} %{__pesign_cert} \\\

View File

@ -3,7 +3,7 @@
Summary: Signing utility for UEFI binaries
Name: pesign
Version: 0.111
Release: 5%{?dist}
Release: 6%{?dist}
Group: Development/System
License: GPLv2
URL: https://github.com/vathpela/pesign
@ -135,6 +135,12 @@ modutil -force -dbdir %{_sysconfdir}/pki/pesign -add opensc \
%endif
%changelog
* Wed Dec 02 2015 Peter Jones <pjones@redhat.com> - 0.111-6
- *Don't* use --certdir if we're using the socket.
Related: rhbz#1283475
Related: rhbz#1284063
Related: rhbz#1284561
* Tue Dec 01 2015 Peter Jones <pjones@redhat.com> - 0.111-5
- Actually do a better job of choosing which cert to use when, so people will
stop seeing any of this problem. (Thanks for the thought, jforbes.)