194 lines
4.7 KiB
Diff
194 lines
4.7 KiB
Diff
From c98b16d890a1e4651b3683853acb69fedd5a10dd Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Mon, 6 Jul 2020 16:13:09 -0400
|
|
Subject: [PATCH 7/7] client: try /run and /var/run for the socket path.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
---
|
|
src/client.c | 40 ++++++++++++++++++++--------
|
|
src/pesign-rpmbuild-helper | 54 ++++++++++++++++++++++----------------
|
|
2 files changed, 61 insertions(+), 33 deletions(-)
|
|
|
|
diff --git a/src/client.c b/src/client.c
|
|
index a4f1d1dbbe7..0082be1f597 100644
|
|
--- a/src/client.c
|
|
+++ b/src/client.c
|
|
@@ -61,24 +61,24 @@ print_flag_name(FILE *f, int flag)
|
|
}
|
|
|
|
static int
|
|
-connect_to_server(void)
|
|
+connect_to_server_helper(const char * const sockpath)
|
|
{
|
|
- int rc = access(SOCKPATH, R_OK);
|
|
+ int rc = access(sockpath, R_OK);
|
|
if (rc != 0) {
|
|
- fprintf(stderr, "pesign-client: could not connect to server: "
|
|
- "%m\n");
|
|
- exit(1);
|
|
+ warn("could not access socket \"%s\"", sockpath);
|
|
+ return rc;
|
|
}
|
|
|
|
struct sockaddr_un addr_un = {
|
|
.sun_family = AF_UNIX,
|
|
- .sun_path = SOCKPATH,
|
|
};
|
|
+ strncpy(addr_un.sun_path, sockpath, sizeof(addr_un.sun_path));
|
|
+ addr_un.sun_path[sizeof(addr_un.sun_path)-1] = '\0';
|
|
|
|
int sd = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
if (sd < 0) {
|
|
- fprintf(stderr, "pesign-client: could not open socket: %m\n");
|
|
- exit(1);
|
|
+ warn("could not open socket \"%s\"", sockpath);
|
|
+ return sd;
|
|
}
|
|
|
|
socklen_t len = strlen(addr_un.sun_path) +
|
|
@@ -86,14 +86,32 @@ connect_to_server(void)
|
|
|
|
rc = connect(sd, (struct sockaddr *)&addr_un, len);
|
|
if (rc < 0) {
|
|
- fprintf(stderr, "pesign-client: could not connect to daemon: "
|
|
- "%m\n");
|
|
- exit(1);
|
|
+ warn("could not connect to daemon");
|
|
+ return sd;
|
|
}
|
|
|
|
return sd;
|
|
}
|
|
|
|
+static int
|
|
+connect_to_server(void)
|
|
+{
|
|
+ int rc, i;
|
|
+ const char * const sockets[] = {
|
|
+ "/run/pesign/socket",
|
|
+ "/var/run/pesign/socket",
|
|
+ NULL
|
|
+ };
|
|
+
|
|
+ for (i = 0; sockets[i] != NULL; i++) {
|
|
+ rc = connect_to_server_helper(sockets[i]);
|
|
+ if (rc >= 0)
|
|
+ return rc;
|
|
+ }
|
|
+
|
|
+ exit(1);
|
|
+}
|
|
+
|
|
static int32_t
|
|
check_response(int sd, char **srvmsg);
|
|
|
|
diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
|
|
index fd385d1625d..68b53ddf022 100755
|
|
--- a/src/pesign-rpmbuild-helper
|
|
+++ b/src/pesign-rpmbuild-helper
|
|
@@ -1,6 +1,7 @@
|
|
#!/bin/sh
|
|
|
|
set -eu
|
|
+set -x
|
|
|
|
main() {
|
|
local target_cpu="${1}" && shift
|
|
@@ -32,32 +33,41 @@ main() {
|
|
" --certfile ")
|
|
certfile="${2}"
|
|
;;
|
|
- " --certname ")
|
|
- certname="${2}"
|
|
- ;;
|
|
" --certout ")
|
|
- certout=(-C "${2}")
|
|
+ certout[0]=-C
|
|
+ certout[1]="${2}"
|
|
;;
|
|
" --sattrout ")
|
|
- sattrout=(-e "${2}")
|
|
+ sattrout[0]=-e
|
|
+ sattrout[1]="${2}"
|
|
;;
|
|
" --client-token ")
|
|
- client_token=(-t "${2}")
|
|
+ client_token[0]=-t
|
|
+ client_token[1]="${2}"
|
|
;;
|
|
" --client-cert ")
|
|
- client_cert=(-c "${2}")
|
|
+ client_cert[0]=-c
|
|
+ client_cert[1]="${2}"
|
|
;;
|
|
" --token ")
|
|
- token=(-t "${2}")
|
|
+ token[0]=-t
|
|
+ token="${2}"
|
|
;;
|
|
" --cert ")
|
|
- cert=(-c "${2}")
|
|
+ cert[0]=-c
|
|
+ cert[1]="${2}"
|
|
+ ;;
|
|
+ " --certname ")
|
|
+ cert[0]=-c
|
|
+ cert[1]="${2}"
|
|
;;
|
|
" --in ")
|
|
- input=(-i "${2}")
|
|
+ input[0]=-i
|
|
+ input[1]="${2}"
|
|
;;
|
|
" --out ")
|
|
- output=(-o "${2}")
|
|
+ output[0]=-o
|
|
+ output[1]="${2}"
|
|
;;
|
|
" --rhelver ")
|
|
rhelver="${2}"
|
|
@@ -75,8 +85,8 @@ main() {
|
|
fi
|
|
|
|
local nssdir=/etc/pki/pesign
|
|
- if [ "${certname}" == "Red Hat Test Certificate" ] ||
|
|
- [ "${#cert[@]}" -eq 2 -a "${cert[1]}" == "Red Hat Test Certificate" ] ; then
|
|
+ if [ "${#cert[@]}" -eq 2 ] &&
|
|
+ [ "${cert[1]}" == "Red Hat Test Certificate" ] ; then
|
|
nssdir=/etc/pki/pesign-rh-test
|
|
fi
|
|
|
|
@@ -125,20 +135,20 @@ main() {
|
|
certutil -A -n "signer" -t "CTu,CTu,CTu" -i "${certfile}" -d ${nssdir}
|
|
sattrs="$(mktemp -p $PWD --suffix=.der)"
|
|
"${bin}" -E "${sattrs}" --certdir "${nssdir}" \
|
|
- ${input[@]} --force
|
|
- rpm-sign --key "${certname}" --rsadgstsign "${sattrs}"
|
|
+ "${input[@]}" --force
|
|
+ rpm-sign --key "${cert[1]}" --rsadgstsign "${sattrs}"
|
|
"${bin}" -R "${sattrs}.sig" -I "${sattrs}" \
|
|
--certdir "${nssdir}" -c signer \
|
|
- ${input[@]} ${output[@]}
|
|
+ "${input[@]}" "${output[@]}"
|
|
rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
|
|
elif [ -n "${socket}" ] ; then
|
|
- "${client}" ${client_token[@]} ${client_cert[@]} \
|
|
- ${sattrout[@]} ${certout[@]} \
|
|
- ${sign} ${input[@]} ${output[@]}
|
|
+ "${client}" "${client_token[@]}" "${client_cert[@]}" \
|
|
+ "${sattrout[@]}" "${certout[@]}" \
|
|
+ ${sign} "${input[@]}" "${output[@]}"
|
|
else
|
|
- "${bin}" --certdir "${nssdir}" ${token[@]} ${cert[@]} \
|
|
- ${sign} ${sattrout[@]} ${certout[@]} \
|
|
- ${input[@]} ${output[@]}
|
|
+ "${bin}" --certdir "${nssdir}" "${token[@]}" \
|
|
+ "${cert[@]}" ${sign} "${sattrout[@]}" \
|
|
+ "${certout[@]}" "${input[@]}" "${output[@]}"
|
|
fi
|
|
|
|
# if there's a 0-sized output file, delete it and error out
|
|
--
|
|
2.26.2
|
|
|