Compare commits
No commits in common. "a8" and "c8s" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,4 @@
|
||||
SOURCES/certs.tar.xz
|
||||
SOURCES/pesign-0.112.tar.bz2
|
||||
/certs.tar.xz
|
||||
/pesign-0.112.tar.bz2
|
||||
|
@ -1,2 +0,0 @@
|
||||
53d9b43ef6eadb4512ce9738b5a6efbb40477983 SOURCES/certs.tar.xz
|
||||
7cba5cfddabc425d0a927edfdd6865cc92f00c7b SOURCES/pesign-0.112.tar.bz2
|
151
0030-Replace-var-run-with-run.patch
Normal file
151
0030-Replace-var-run-with-run.patch
Normal file
@ -0,0 +1,151 @@
|
||||
From cd26e9e9a7816efe2c1ce9c36d9cb14988c70dc9 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Mon, 8 Nov 2021 17:58:09 -0500
|
||||
Subject: [PATCH] Replace /var/run with /run
|
||||
|
||||
This change is in violation of the FHS and is forced by systemd being
|
||||
obnoxious and logging warnings about it as if it's some kind of problem.
|
||||
|
||||
This commit is a subset of the work in
|
||||
02d473fbfd782863a0dcef7e44822d1e7e56a4b3,
|
||||
f97d3b04a2eafb42272ede24e1353dd0a7f4347c,
|
||||
5f9058677e7241cc88b4e8620654bbaa08a4bce4, and
|
||||
cffa10d9b5eec9a9def3533b181a32b64fc29913 (all by pjones) because they
|
||||
don't backport well.
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
src/Makefile | 2 +-
|
||||
src/daemon.h | 4 ++--
|
||||
src/macros.pesign | 12 ++++++------
|
||||
src/pesign-authorize | 2 +-
|
||||
src/pesign.service.in | 2 +-
|
||||
src/pesign.sysvinit.in | 10 +++++-----
|
||||
src/tmpfiles.conf | 2 +-
|
||||
7 files changed, 17 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index 7d68fa1..a11e2b4 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -68,7 +68,7 @@ install_sysvinit: pesign.sysvinit
|
||||
install :
|
||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
|
||||
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
||||
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
|
||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
|
||||
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
|
||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
|
||||
diff --git a/src/daemon.h b/src/daemon.h
|
||||
index d97eab9..db42c16 100644
|
||||
--- a/src/daemon.h
|
||||
+++ b/src/daemon.h
|
||||
@@ -49,7 +49,7 @@ typedef enum {
|
||||
} pesignd_cmd;
|
||||
|
||||
#define PESIGND_VERSION 0x2a9edaf0
|
||||
-#define SOCKPATH "/var/run/pesign/socket"
|
||||
-#define PIDFILE "/var/run/pesign.pid"
|
||||
+#define SOCKPATH "/run/pesign/socket"
|
||||
+#define PIDFILE "/run/pesign.pid"
|
||||
|
||||
#endif /* DAEMON_H */
|
||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||
index dfdac02..f135c29 100644
|
||||
--- a/src/macros.pesign
|
||||
+++ b/src/macros.pesign
|
||||
@@ -48,17 +48,17 @@
|
||||
"$(uname -m)" == "x86_64" ] && \\\
|
||||
grep -q ID=fedora /etc/os-release && \\\
|
||||
[[ "%{_buildhost}" =~ ^bkernel.* ]] && \\\
|
||||
- ! [ -S /var/run/pesign/socket ]; then \
|
||||
+ ! [ -S /run/pesign/socket ]; then \
|
||||
echo "No socket even though this is %{_buildhost}" \
|
||||
- ls -ld /var/run/pesign || : \
|
||||
- getfacl /var/run/pesign || : \
|
||||
- ls -l /var/run/pesign/socket || : \
|
||||
- getfacl /var/run/pesign/socket || : \
|
||||
+ ls -ld /run/pesign || : \
|
||||
+ getfacl /run/pesign || : \
|
||||
+ ls -l /run/pesign/socket || : \
|
||||
+ getfacl /run/pesign/socket || : \
|
||||
echo =========== env ============== \
|
||||
set \
|
||||
echo =========== env ============== \
|
||||
exit 1 \
|
||||
- elif [ -S /var/run/pesign/socket ]; then \
|
||||
+ elif [ -S /run/pesign/socket ]; then \
|
||||
%{_pesign_client} -t %{__pesign_client_token} \\\
|
||||
-c %{__pesign_client_cert} \\\
|
||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
||||
index a496f60..83a30cd 100755
|
||||
--- a/src/pesign-authorize
|
||||
+++ b/src/pesign-authorize
|
||||
@@ -47,7 +47,7 @@ update_subdir() {
|
||||
done
|
||||
}
|
||||
|
||||
-for x in /var/run/pesign/ /etc/pki/pesign*/ ; do
|
||||
+for x in /run/pesign/ /etc/pki/pesign*/ ; do
|
||||
if [ -d "${x}" ]; then
|
||||
update_subdir "${x}"
|
||||
else
|
||||
diff --git a/src/pesign.service.in b/src/pesign.service.in
|
||||
index c75a000..4ac2199 100644
|
||||
--- a/src/pesign.service.in
|
||||
+++ b/src/pesign.service.in
|
||||
@@ -4,6 +4,6 @@ Description=Pesign signing daemon
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
-PIDFile=/var/run/pesign.pid
|
||||
+PIDFile=/run/pesign.pid
|
||||
ExecStart=/usr/bin/pesign --daemonize
|
||||
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize
|
||||
diff --git a/src/pesign.sysvinit.in b/src/pesign.sysvinit.in
|
||||
index b0e0f84..bf8edec 100644
|
||||
--- a/src/pesign.sysvinit.in
|
||||
+++ b/src/pesign.sysvinit.in
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
# chkconfig: - 50 50
|
||||
# processname: /usr/bin/pesign
|
||||
-# pidfile: /var/run/pesign.pid
|
||||
+# pidfile: /run/pesign.pid
|
||||
### BEGIN INIT INFO
|
||||
# Provides: pesign
|
||||
# Default-Start:
|
||||
@@ -20,9 +20,9 @@ RETVAL=0
|
||||
|
||||
start(){
|
||||
echo -n "Starting pesign: "
|
||||
- mkdir /var/run/pesign 2>/dev/null &&
|
||||
- chown pesign:pesign /var/run/pesign &&
|
||||
- chmod 0770 /var/run/pesign
|
||||
+ mkdir /run/pesign 2>/dev/null &&
|
||||
+ chown pesign:pesign /run/pesign &&
|
||||
+ chmod 0770 /run/pesign
|
||||
daemon /usr/bin/pesign --daemonize
|
||||
RETVAL=$?
|
||||
echo
|
||||
@@ -32,7 +32,7 @@ start(){
|
||||
|
||||
stop(){
|
||||
echo -n "Stopping pesign: "
|
||||
- killproc -p /var/run/pesign.pid pesignd
|
||||
+ killproc -p /run/pesign.pid pesignd
|
||||
RETVAL=$?
|
||||
echo
|
||||
rm -f /var/lock/subsys/pesign
|
||||
diff --git a/src/tmpfiles.conf b/src/tmpfiles.conf
|
||||
index c1cf355..3375ad5 100644
|
||||
--- a/src/tmpfiles.conf
|
||||
+++ b/src/tmpfiles.conf
|
||||
@@ -1 +1 @@
|
||||
-D /var/run/pesign 0770 pesign pesign -
|
||||
+D /run/pesign 0770 pesign pesign -
|
||||
--
|
||||
2.33.0
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
|
||||
From d1a7496d18dc1e230115b30fa09e4481c485a27d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 14 May 2019 11:28:38 -0400
|
||||
Subject: [PATCH] efikeygen: Fix the build with nss 3.44
|
||||
@ -23,15 +23,16 @@ This is fixed by just making it an int.
|
||||
Fixes github issue #48.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
(cherry picked from commit b535d1ac5cbcdf18a97d97a92581e38080d9e521)
|
||||
---
|
||||
src/efikeygen.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
||||
index ede76ef..2cd953e 100644
|
||||
index 9390578..089e6a7 100644
|
||||
--- a/src/efikeygen.c
|
||||
+++ b/src/efikeygen.c
|
||||
@@ -208,7 +208,7 @@ static int
|
||||
@@ -206,7 +206,7 @@ static int
|
||||
add_cert_type(cms_context *cms, void *extHandle, int is_ca)
|
||||
{
|
||||
SECItem bitStringValue;
|
||||
@ -41,5 +42,5 @@ index ede76ef..2cd953e 100644
|
||||
if (is_ca)
|
||||
type |= NS_CERT_TYPE_SSL_CA |
|
||||
--
|
||||
2.21.0
|
||||
2.33.0
|
||||
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.hardware-pesign.tier0.functional}
|
@ -1,10 +1,9 @@
|
||||
%global dist %{?dist}.alma
|
||||
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
|
||||
|
||||
Name: pesign
|
||||
Summary: Signing utility for UEFI binaries
|
||||
Version: 0.112
|
||||
Release: 25%{?dist}
|
||||
Release: 26%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
|
||||
@ -60,7 +59,8 @@ Patch0026: 0026-Clean-up-gcc-command-lines-a-little.patch
|
||||
Patch0027: 0027-Make-pesign-users-groups-static-in-the-repo.patch
|
||||
Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
|
||||
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
|
||||
Patch0030: 0030-fix-the-build-with-nss-3.44.patch
|
||||
Patch0030: 0030-Replace-var-run-with-run.patch
|
||||
Patch0031: 0031-efikeygen-Fix-the-build-with-nss-3.44.patch
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
@ -115,7 +115,7 @@ install -m 0755 -p %{SOURCE2} %{buildroot}%{python3_sitelib}/mockbuild/plugins/
|
||||
%pre
|
||||
getent group pesign >/dev/null || groupadd -r pesign
|
||||
getent passwd pesign >/dev/null || \
|
||||
useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \
|
||||
useradd -r -g pesign -d /run/pesign -s /sbin/nologin \
|
||||
-c "Group for the pesign signing daemon" pesign
|
||||
exit 0
|
||||
|
||||
@ -154,9 +154,9 @@ exit 0
|
||||
%{_sysconfdir}/popt.d/pesign.popt
|
||||
%{macrosdir}/macros.pesign
|
||||
%{_mandir}/man*/*
|
||||
%dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
|
||||
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
|
||||
%ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
|
||||
%dir %attr(0770, pesign, pesign) /%{_rundir}/%{name}
|
||||
%ghost %attr(0660, -, -) %{_rundir}/%{name}/socket
|
||||
%ghost %attr(0660, -, -) %{_rundir}/%{name}/pesign.pid
|
||||
%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17
|
||||
%{_tmpfilesdir}/pesign.conf
|
||||
%{_unitdir}/pesign.service
|
||||
@ -165,9 +165,9 @@ exit 0
|
||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||
|
||||
%changelog
|
||||
* Sat Dec 21 2019 Eugene Zamriy <ezamriy@cloudlinux.com> - 0.112-25.cloudlinux
|
||||
- Apply 0030-fix-the-build-with-nss-3.44.patch
|
||||
Resolves: https://github.com/rhboot/pesign/issues/48
|
||||
* Mon Nov 08 2021 Robbie Harwood <rharwood@redhat.com> - 0.112-26
|
||||
- Perform the /var/run to /run "migration" stupidity
|
||||
- Resolves: rhbz#1801976
|
||||
|
||||
* Mon Oct 01 2018 Peter Jones <pjones@redhat.com> - 0.112-25
|
||||
- Preserve .py timestamp during install so .pyc/.pyo files have the same
|
13
rpminspect.yaml
Normal file
13
rpminspect.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
inspections:
|
||||
# Not a Java package
|
||||
javabytecode: off
|
||||
|
||||
# These just flag when things change "too much"
|
||||
changedfiles: off
|
||||
filesize: off
|
||||
patches: off
|
||||
upstream: off
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2010936
|
||||
annocheck: off
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
||||
SHA512 (certs.tar.xz) = 5df34f507a365ef87320776c99cbfad76365693901c71eaf64fec008afb9acfd7b615da5906b92a070c864e74f44934395c3f474ce5b33844cfa3df49a8ad188
|
||||
SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c
|
Loading…
Reference in New Issue
Block a user