Compare commits

...

No commits in common. "c8s" and "a8-beta" have entirely different histories.
c8s ... a8-beta

39 changed files with 52 additions and 24 deletions

2
.gitignore vendored
View File

@ -1,4 +1,2 @@
SOURCES/certs.tar.xz SOURCES/certs.tar.xz
SOURCES/pesign-0.112.tar.bz2 SOURCES/pesign-0.112.tar.bz2
/certs.tar.xz
/pesign-0.112.tar.bz2

2
.pesign.metadata Normal file
View File

@ -0,0 +1,2 @@
53d9b43ef6eadb4512ce9738b5a6efbb40477983 SOURCES/certs.tar.xz
7cba5cfddabc425d0a927edfdd6865cc92f00c7b SOURCES/pesign-0.112.tar.bz2

View File

@ -0,0 +1,45 @@
From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 14 May 2019 11:28:38 -0400
Subject: [PATCH] efikeygen: Fix the build with nss 3.44
NSS 3.44 adds some certificate types, which changes a type and makes
some encoding stuff weird. As a result, we get:
gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing -g -O0 -g -O0 -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/ -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o
In file included from /usr/local/include/nss/nss/cert.h:22,
from efikeygen.c:39:
efikeygen.c: In function 'add_cert_type':
/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]
(NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
^
efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'
unsigned char type = NS_CERT_TYPE_APP;
^~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
This is fixed by just making it an int.
Fixes github issue #48.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/efikeygen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/efikeygen.c b/src/efikeygen.c
index ede76ef..2cd953e 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -208,7 +208,7 @@ static int
add_cert_type(cms_context *cms, void *extHandle, int is_ca)
{
SECItem bitStringValue;
- unsigned char type = NS_CERT_TYPE_APP;
+ int type = NS_CERT_TYPE_APP;
if (is_ca)
type |= NS_CERT_TYPE_SSL_CA |
--
2.21.0

View File

@ -3,7 +3,7 @@
Name: pesign Name: pesign
Summary: Signing utility for UEFI binaries Summary: Signing utility for UEFI binaries
Version: 0.112 Version: 0.112
Release: 26%{?dist} Release: 26%{?dist}.alma
License: GPLv2 License: GPLv2
URL: https://github.com/vathpela/pesign URL: https://github.com/vathpela/pesign
@ -61,6 +61,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch
Patch0030: 0030-Replace-var-run-with-run.patch Patch0030: 0030-Replace-var-run-with-run.patch
Patch0031: 0031-efikeygen-Fix-the-build-with-nss-3.44.patch Patch0031: 0031-efikeygen-Fix-the-build-with-nss-3.44.patch
Patch0032: 0032-fix-the-build-with-nss-3.44.patch
%description %description
This package contains the pesign utility for signing UEFI binaries as This package contains the pesign utility for signing UEFI binaries as
@ -165,6 +166,9 @@ exit 0
%{python3_sitelib}/mockbuild/plugins/pesign.* %{python3_sitelib}/mockbuild/plugins/pesign.*
%changelog %changelog
* Fri Apr 01 2022 Eduard Abdullin <eabdullin@almalinux.org> - 0.112-26.alma
- AlmaLinux changes
* Mon Nov 08 2021 Robbie Harwood <rharwood@redhat.com> - 0.112-26 * Mon Nov 08 2021 Robbie Harwood <rharwood@redhat.com> - 0.112-26
- Perform the /var/run to /run "migration" stupidity - Perform the /var/run to /run "migration" stupidity
- Resolves: rhbz#1801976 - Resolves: rhbz#1801976

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.hardware-pesign.tier0.functional}

View File

@ -1,13 +0,0 @@
---
inspections:
# Not a Java package
javabytecode: off
# These just flag when things change "too much"
changedfiles: off
filesize: off
patches: off
upstream: off
# https://bugzilla.redhat.com/show_bug.cgi?id=2010936
annocheck: off

View File

@ -1,2 +0,0 @@
SHA512 (certs.tar.xz) = 5df34f507a365ef87320776c99cbfad76365693901c71eaf64fec008afb9acfd7b615da5906b92a070c864e74f44934395c3f474ce5b33844cfa3df49a8ad188
SHA512 (pesign-0.112.tar.bz2) = 96bff27ce5059f1ea299c21ac88998a0c17851b8b06ba2f3e286de5cd4d73651b670ac00ca035481faf9c963338527c89120c63ec891a95ce9ecb9130fbc5e5c