Commit Graph

125 Commits

Author SHA1 Message Date
Peter Jones
9d0cbc4fd8 Don't Req: or BuildReq: coolkey or opensc; those belong in system deploy
scripts.
  Related: rhbz#1349073

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-01-06 13:39:24 -05:00
Peter Jones
308cdbf784 Build as -4 to make bodhi happy.
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-08-17 12:07:57 -04:00
Adam Williamson
8a2c40e6cb backport fix for command line parsing from upstream master 2016-08-12 14:26:14 -07:00
Peter Jones
ea1746905e Build with newer efivar.
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-08-11 14:19:36 -04:00
Peter Jones
2299376a23 Fix build error on i686.
Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-21 10:48:49 -04:00
Peter Jones
ecaa79e058 Update to 0.112
- Also fix up some spec file woes:
  - dumb things in %setup
  - find-debuginfo.sh not working right for some source files...

Signed-off-by: Peter Jones <pjones@redhat.com>
2016-04-21 10:33:41 -04:00
Fedora Release Engineering
3fceb7af7d - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 16:53:37 +00:00
Peter Jones
2e5e2372fa Obsolete pesign-rh-test-certs
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-10 15:12:20 -05:00
Peter Jones
fb1e5968c8 *Don't* use --certdir if we're using the socket.
Related: rhbz#1283475
  Related: rhbz#1284063
  Related: rhbz#1284561

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-02 13:23:41 -05:00
Peter Jones
b24daeac79 Actually do a better job of choosing which cert to use when, so people will
stop seeing any of this problem.  (Thanks for the thought, jforbes.)
  Resolves: rhbz#1283475
  Resolves: rhbz#1284063
  Resolves: rhbz#1284561

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 15:36:38 -05:00
Peter Jones
6765b54235 Try a completely different thing for the test certs...
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 15:30:17 -05:00
Peter Jones
d9833768d9 Setfacl even harder.
Resolves: rhbz#1284561
  Resolves: rhbz#1283475

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-12-01 14:57:22 -05:00
Peter Jones
49c6a13cfd Better ACL setting code.
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-11-20 19:25:12 -05:00
Peter Jones
d7b39bc640 Allow the mockbuild user to read the nss database if the account exists.
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-11-19 13:35:31 -05:00
Peter Jones
4b6a6c731a Rebase to 0.111
- Split test certs out into a "Recommends" subpackage.

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-10-28 16:04:28 -04:00
Peter Jones
15ed9eb9c2 Rebase to 0.111
- Split test certs out into a "Recommends" subpackage.

Signed-off-by: Peter Jones <pjones@redhat.com>
2015-10-28 15:44:03 -04:00
Dennis Gilmore
79e3b6ac67 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 13:50:17 +00:00
Ville Skyttä
c597dc0761 Install macros in %{_rpmconfigdir}/macros.d where available (#1074281) 2015-03-04 22:00:18 +02:00
Peter Jones
0302103f3b Missing build dep.
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-24 17:07:19 -04:00
Peter Jones
1b5f35e5b4 Update to pesign-0.110
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-24 16:32:01 -04:00
Peter Robinson
0a12908cd3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 18:14:55 +00:00
Dennis Gilmore
d241d61da2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 08:09:40 -05:00
Peter Jones
c88197ace8 Fix a networking problem nirik observed when reinstalling builders. 2014-05-29 16:16:37 -04:00
Peter Jones
e83259c5ef Remove errant result files and raise an error from %pesign 2013-08-10 11:10:52 -04:00
Peter Jones
e3986cb40f Remove errant result files and raise an error from %pesign
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-08-10 10:56:34 -04:00
Peter Jones
7d6ce00fe5 Remove errant result files and raise an error from %pesign 2013-08-10 10:30:26 -04:00
Peter Jones
2915fd2186 Fix for new %doc rules. 2013-08-05 09:19:38 -04:00
Dennis Gilmore
ba809202a6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 21:23:08 -05:00
Peter Jones
a26d3b3975 Update to 0.106
- Hopefully fix the segfault dgilmore was seeing.
2013-05-21 13:42:50 -04:00
Peter Jones
e937c15fca Update to 0.105-1
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-20 16:28:07 -04:00
Peter Jones
8d87de3fdd Add opensc modules to the reference db during package build.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-20 16:26:54 -04:00
Peter Jones
aae58a2c11 Update to 0.104 (#963361)
This makes us generate signed images wich multiple signatures aligned on
8-byte boundaries, which is what finally wound up going into the spec.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-16 10:44:04 -04:00
Peter Jones
d11dc191fc Conditionalize systemd bits so they don't show up in RHEL 6 builds
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-02-06 09:42:27 -05:00
Peter Jones
e7eeaa7094 One more compiler problem. Let's expect a few more, shall we? 2013-02-05 15:26:33 -05:00
Peter Jones
3c30b6579a Don't use --std=gnu11 because we have to work on RHEL 6 builders. 2013-02-05 10:45:23 -05:00
Peter Jones
315a5395fd Add efikeygen to files.
Leaving the release at -1 since there are no builds completed.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-02-04 14:26:55 -05:00
Peter Jones
870d99b8c9 Update to 0.101 to fix more "pesign -E" issues. 2013-02-04 14:05:57 -05:00
Peter Jones
308dd72e6c Fix insertion of signatures from a file. 2012-12-03 08:52:17 -05:00
Peter Jones
5aca172458 Fix insertion of signatures from a file. 2012-11-30 17:09:41 -05:00
Matthew Garrett
47e695fb59 Add a patch needed for new shim builds 2012-11-26 19:38:34 -05:00
Peter Jones
575fc2adda Require specific nspr and nss packages (#868581)
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-22 10:32:38 -04:00
Peter Jones
7f163d7465 Yeah, modutil here didn't work.
+ modutil -force -dbdir
/builddir/build/BUILDROOT/pesign-0.99-8.fc18.x86_64/etc/pki/pesign -add
coolkey -libfile /usr/lib64/pkcs11/libcoolkeypk11.so
ERROR: Failed to add module "coolkey". Probable cause : "A PKCS #11
module returned CKR_GENERAL_ERROR, indicating that an unrecoverable
error has occurred.".

So who knows.

Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-19 19:57:20 -04:00
Peter Jones
e8506b8f23 Use -force when adding pkcs11 modules to our nss database.
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-19 19:43:04 -04:00
Peter Jones
11a11c6946 Get the Fedora signing token name right. 2012-10-19 19:19:24 -04:00
Peter Jones
b5d702b29d Add coolkey and opensc modules to pki database during %install. 2012-10-19 11:26:15 -04:00
Peter Jones
b58922c480 setfacl u:kojibuilder:rw /var/run/pesign/socket
- Fix command line checking in client
- Add client stdin pin reading.
2012-10-19 10:24:10 -04:00
Peter Jones
9e2491cafb Automatically select daemon as signer when using rpm macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-18 15:20:45 -04:00
Peter Jones
c0e5984614 Make it work on the -el6 branch as well. 2012-10-18 13:12:46 -04:00
Peter Jones
48279a49da Explicitly call "make install_systemd" 2012-10-18 12:59:28 -04:00
Peter Jones
18bcd8bfc2 Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.
2012-10-18 11:38:53 -04:00
Peter Jones
0d40135ec1 Fix daemon startup bug from 0.99-2 2012-10-17 10:37:36 -04:00
Peter Jones
70aaeb7aa3 Fix various bugs from 0.99-1
- Don't make the database unreadable just yet.
2012-10-17 09:59:14 -04:00
Peter Jones
910a59e99d Update to 0.99
- Add documentation for client/server mode.
- Add --pinfd and --pinfile to server mode.
2012-10-15 18:08:59 -04:00
Peter Jones
27eb839fc3 Fix removal of libdpe* to not kill systemd stuff. 2012-10-12 20:24:33 -04:00
Peter Jones
e7f0d0243b Update to 0.98
- Add client/server mode.
2012-10-12 20:11:57 -04:00
Peter Jones
60f1503bcc Fix missing section address fixup. 2012-10-01 11:28:56 -04:00
Peter Jones
56b5348eee Make macros.pesign even better (and make it work right for i686 packages) 2012-08-15 11:42:25 -04:00
Peter Jones
cc70e8687e Only sign things on x86_64; all else ignore gracefully. 2012-08-14 15:46:35 -04:00
Peter Jones
a28df7d436 Make macros.pesign more reliable 2012-08-14 14:31:05 -04:00
Peter Jones
aaf8993881 Update to 0.10
- Include rpm macros to support easy custom signing of signed packages.
2012-08-13 15:42:07 -04:00
Peter Jones
c813a03c02 Update to 0.9
- Bug fix from Gary Ching-Pang Lin
- Support NSS Token selection for use with smart cards.
2012-08-10 16:42:18 -04:00
Peter Jones
97454ce035 Update to 0.8
- Don't open the db read-write
- Fix permissions on keystore (everybody can sign with test keys)
2012-08-08 11:25:42 -04:00
Peter Jones
ca4b435190 Include test keys. 2012-08-08 09:39:35 -04:00
Peter Jones
23bf592710 Update to 0.7
- Better fix for MS compatibility.
2012-07-30 15:46:23 -04:00
Peter Jones
6ee859bcc8 Update to 0.6
- Bug-for-bug compatibility with signtool.exe .
2012-07-30 15:05:25 -04:00
Dennis Gilmore
636910cd49 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-20 18:04:24 -05:00
Peter Jones
74121f1774 Rebase to 0.5
- Do more rigorous bounds checking when hashing a new binary.
2012-07-11 15:06:04 -04:00
Peter Jones
a056b5594a Rebase to 0.4 2012-07-10 16:06:31 -04:00
Peter Jones
0f6fcf3f98 Add ExclusiveArch since this doesn't make sense on non-EFI platforms. 2012-06-27 09:12:37 -04:00
Peter Jones
b252c93b62 Move man page to a more reasonable place. 2012-06-22 16:18:39 -04:00
Peter Jones
7640155de5 Update to upstream's 0.3 . 2012-06-22 11:41:09 -04:00
Peter Jones
92dbf7ed33 Do not build with smp flags. 2012-06-21 11:04:53 -04:00
Peter Jones
ed349fc2d7 Make it build on i686, though it's unclear it'll ever be necessary. 2012-06-21 10:55:08 -04:00
Peter Jones
dccc1c90c3 Fix compile problem with f18's compiler. 2012-06-21 09:46:54 -04:00
Peter Jones
d6e5c968ad Fix some rpmlint complaints nirik pointed out
- Add popt-devel build dep
2012-06-21 09:33:06 -04:00