rpms/pesign
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b142cf3763
pesign/0001-Make-the-RHEL-pesign-macro-a-little-better.patch

62 lines
2.4 KiB
Diff
Raw Blame History

From 2933901ce69d3830e0dad983d20d5d17e8087c75 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 23 Jul 2013 16:58:32 -0400
Subject: [PATCH 1/9] Make the RHEL %%pesign macro a little better.
Use mktemp to avoid clobering anybody's local files, and document the
arguments better.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/macros.pesign | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index 26f1dd7..8b123fa 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -12,21 +12,31 @@
%_pesign /usr/bin/pesign
%_pesign_client /usr/bin/pesign-client
-%pesign(i:o:C:e:c:s) \
+# -i <input filename>
+# -o <output filename>
+# -C <output cert filename>
+# -e <output sattr filename>
+# -c <input certificate filename> # rhel only
+# -n <input certificate name> # rhel only
+# -a <input ca cert filename> # rhel only
+# -s # perform signing
+%pesign(i:o:C:e:c:n:a:s) \
if [ -x %{_pesign} -a "%{_target_cpu}" == "x86_64" ]; then \
if [ -e /var/run/pesign/socket ]; then \
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
elif [ -e /etc/rhel-release ]; then \
- mkdir nss \
- certutil -d nss -N \
- certutil -A -n "ca" -t "CT,C," -i %{-c*}.crt -a -d nss \
- certutil -A -n %{-c*} -t ",c," -i %{-c*}.crt -a -d nss \
- %{_pesign} %{-i} -E sattrs.der --certdir nss \
- rpm-sign --key "%{-c*}" --rsasign sattrs.der \
- %{_pesign} -R sattrs.der.sig -I sattrs.der %{-i} \\\
- --certdir nss %{-c} %{-o} \
+ nss=$(mktemp -p $PWD -d) \
+ certutil -d ${nss} -N \
+ certutil -A -n "ca" -t "CT,C," -i %{-a*} -a -d ${nss} \
+ certutil -A -n "signer" -t ",c," -i %{-c*} -a -d ${nss} \
+ sattrs=$(mktemp -p $PWD --suffix=.der) \
+ %{_pesign} %{-i} -E ${sattrs} --certdir ${nss} \
+ rpm-sign --key "%{-n*}" --rsasign ${sattrs} \
+ %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
+ --certdir ${nss} -c signer %{-o} \
+ rm -rf ${sattrs} ${sattrs}.sig ${nss} \
else \
%{_pesign} %{__pesign_token} %{__pesign_cert} \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink