Commit Graph

121 Commits

Author SHA1 Message Date
Peter Jones
2e5e2372fa Obsolete pesign-rh-test-certs
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-10 15:12:20 -05:00
Peter Jones
fb1e5968c8 *Don't* use --certdir if we're using the socket.
Related: rhbz#1283475
  Related: rhbz#1284063
  Related: rhbz#1284561

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-02 13:23:41 -05:00
Peter Jones
b24daeac79 Actually do a better job of choosing which cert to use when, so people will
stop seeing any of this problem.  (Thanks for the thought, jforbes.)
  Resolves: rhbz#1283475
  Resolves: rhbz#1284063
  Resolves: rhbz#1284561

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 15:36:38 -05:00
Peter Jones
6765b54235 Try a completely different thing for the test certs...
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 15:30:17 -05:00
Peter Jones
d9833768d9 Setfacl even harder.
Resolves: rhbz#1284561
  Resolves: rhbz#1283475

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 14:57:22 -05:00
Peter Jones
49c6a13cfd Better ACL setting code.
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-11-20 19:25:12 -05:00
Peter Jones
d7b39bc640 Allow the mockbuild user to read the nss database if the account exists.
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-11-19 13:35:31 -05:00
Peter Jones
4b6a6c731a Rebase to 0.111
- Split test certs out into a "Recommends" subpackage.

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-10-28 16:04:28 -04:00
Peter Jones
15ed9eb9c2 Rebase to 0.111
- Split test certs out into a "Recommends" subpackage.

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-10-28 15:44:03 -04:00
Dennis Gilmore
79e3b6ac67 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 13:50:17 +00:00
Ville Skyttä
c597dc0761 Install macros in %{_rpmconfigdir}/macros.d where available (#1074281) 2015-03-04 22:00:18 +02:00
Peter Jones
0302103f3b Missing build dep.
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-24 17:07:19 -04:00
Peter Jones
1b5f35e5b4 Update to pesign-0.110
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-24 16:32:01 -04:00
Peter Robinson
0a12908cd3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 18:14:55 +00:00
Dennis Gilmore
d241d61da2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 08:09:40 -05:00
Peter Jones
c88197ace8 Fix a networking problem nirik observed when reinstalling builders. 2014-05-29 16:16:37 -04:00
Peter Jones
e83259c5ef Remove errant result files and raise an error from %pesign 2013-08-10 11:10:52 -04:00
Peter Jones
e3986cb40f Remove errant result files and raise an error from %pesign
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-08-10 10:56:34 -04:00
Peter Jones
b142cf3763 Remove errant result files and raise an error from %pesign 2013-08-10 10:39:23 -04:00
Peter Jones
7d6ce00fe5 Remove errant result files and raise an error from %pesign 2013-08-10 10:30:26 -04:00
Peter Jones
2915fd2186 Fix for new %doc rules. 2013-08-05 09:19:38 -04:00
Dennis Gilmore
ba809202a6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 21:23:08 -05:00
Peter Jones
a26d3b3975 Update to 0.106
- Hopefully fix the segfault dgilmore was seeing.
2013-05-21 13:42:50 -04:00
Peter Jones
e937c15fca Update to 0.105-1
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-20 16:28:07 -04:00
Peter Jones
8d87de3fdd Add opensc modules to the reference db during package build.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-20 16:26:54 -04:00
Peter Jones
aae58a2c11 Update to 0.104 (#963361)
This makes us generate signed images wich multiple signatures aligned on
8-byte boundaries, which is what finally wound up going into the spec.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-16 10:44:04 -04:00
Peter Jones
d11dc191fc Conditionalize systemd bits so they don't show up in RHEL 6 builds
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-02-06 09:42:27 -05:00
Peter Jones
e7eeaa7094 One more compiler problem. Let's expect a few more, shall we? 2013-02-05 15:26:33 -05:00
Peter Jones
3c30b6579a Don't use --std=gnu11 because we have to work on RHEL 6 builders. 2013-02-05 10:45:23 -05:00
Peter Jones
315a5395fd Add efikeygen to files.
Leaving the release at -1 since there are no builds completed.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-02-04 14:26:55 -05:00
Peter Jones
870d99b8c9 Update to 0.101 to fix more "pesign -E" issues. 2013-02-04 14:05:57 -05:00
Peter Jones
308dd72e6c Fix insertion of signatures from a file. 2012-12-03 08:52:17 -05:00
Peter Jones
5aca172458 Fix insertion of signatures from a file. 2012-11-30 17:09:41 -05:00
Matthew Garrett
47e695fb59 Add a patch needed for new shim builds 2012-11-26 19:38:34 -05:00
Peter Jones
575fc2adda Require specific nspr and nss packages (#868581)
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-22 10:32:38 -04:00
Peter Jones
7f163d7465 Yeah, modutil here didn't work.
+ modutil -force -dbdir
/builddir/build/BUILDROOT/pesign-0.99-8.fc18.x86_64/etc/pki/pesign -add
coolkey -libfile /usr/lib64/pkcs11/libcoolkeypk11.so
ERROR: Failed to add module "coolkey". Probable cause : "A PKCS #11
module returned CKR_GENERAL_ERROR, indicating that an unrecoverable
error has occurred.".

So who knows.

Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-19 19:57:20 -04:00
Peter Jones
e8506b8f23 Use -force when adding pkcs11 modules to our nss database.
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-19 19:43:04 -04:00
Peter Jones
11a11c6946 Get the Fedora signing token name right. 2012-10-19 19:19:24 -04:00
Peter Jones
b5d702b29d Add coolkey and opensc modules to pki database during %install. 2012-10-19 11:26:15 -04:00
Peter Jones
b58922c480 setfacl u:kojibuilder:rw /var/run/pesign/socket
- Fix command line checking in client
- Add client stdin pin reading.
2012-10-19 10:24:10 -04:00
Peter Jones
9e2491cafb Automatically select daemon as signer when using rpm macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-18 15:20:45 -04:00
Peter Jones
c0e5984614 Make it work on the -el6 branch as well. 2012-10-18 13:12:46 -04:00
Peter Jones
48279a49da Explicitly call "make install_systemd" 2012-10-18 12:59:28 -04:00
Peter Jones
18bcd8bfc2 Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.
2012-10-18 11:38:53 -04:00
Peter Jones
0d40135ec1 Fix daemon startup bug from 0.99-2 2012-10-17 10:37:36 -04:00
Peter Jones
70aaeb7aa3 Fix various bugs from 0.99-1
- Don't make the database unreadable just yet.
2012-10-17 09:59:14 -04:00
Peter Jones
428f873263 Actually check in the sources file this time.
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-15 21:11:51 -04:00
Peter Jones
910a59e99d Update to 0.99
- Add documentation for client/server mode.
- Add --pinfd and --pinfile to server mode.
2012-10-15 18:08:59 -04:00
Peter Jones
27eb839fc3 Fix removal of libdpe* to not kill systemd stuff. 2012-10-12 20:24:33 -04:00
Peter Jones
e7f0d0243b Update to 0.98
- Add client/server mode.
2012-10-12 20:11:57 -04:00