fb1e5968c8
Related: rhbz#1283475 Related: rhbz#1284063 Related: rhbz#1284561 Signed-off-by: Peter Jones <pjones@redhat.com>
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From bfa02b50f9bbb60c3b04f159864aa4a87b0020e2 Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Mon, 30 Nov 2015 15:34:35 -0500
|
|
Subject: [PATCH 5/5] Do a better job of isolating pesign-rh-test-crap
|
|
|
|
---
|
|
src/Makefile | 1 +
|
|
src/macros.pesign | 10 ++++++++--
|
|
2 files changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/Makefile b/src/Makefile
|
|
index af3fd07..1822d3f 100644
|
|
--- a/src/Makefile
|
|
+++ b/src/Makefile
|
|
@@ -65,6 +65,7 @@ install_sysvinit: pesign.sysvinit
|
|
|
|
install :
|
|
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
|
+ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
|
|
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
|
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
|
|
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
|
|
diff --git a/src/macros.pesign b/src/macros.pesign
|
|
index 39374ce..9644940 100644
|
|
--- a/src/macros.pesign
|
|
+++ b/src/macros.pesign
|
|
@@ -7,7 +7,7 @@
|
|
# And magically get the right thing.
|
|
|
|
%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
|
|
-%__pesign_cert %{!?pe_signing_cert:-c "Red Hat Test Certificate"}%{?pe_signing_cert:-c "%{pe_signing_cert}"}
|
|
+%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
|
|
|
%_pesign /usr/bin/pesign
|
|
%_pesign_client /usr/bin/pesign-client
|
|
@@ -21,6 +21,10 @@
|
|
# -a <input ca cert filename> # rhel only
|
|
# -s # perform signing
|
|
%pesign(i:o:C:e:c:n:a:s) \
|
|
+ _pesign_nssdir=/etc/pki/pesign \
|
|
+ if [ %{__pesign_cert} = "Red Hat Test Certificate" ]; then \
|
|
+ _pesign_nssdir=/etc/pki/pesign-rh-test \
|
|
+ fi \
|
|
if [ -x %{_pesign} ] && \\\
|
|
[ "%{_target_cpu}" == "x86_64" -o \\\
|
|
"%{_target_cpu}" == "aarch64" ]; then \
|
|
@@ -39,9 +43,10 @@
|
|
elif [ -S /var/run/pesign/socket ]; then \
|
|
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
|
|
-c "/CN=Fedora Secure Boot Signer" \\\
|
|
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
|
else \
|
|
- %{_pesign} %{__pesign_token} %{__pesign_cert} \\\
|
|
+ %{_pesign} %{__pesign_token} -c %{__pesign_cert} \\\
|
|
+ --certdir ${_pesign_nssdir} \\\
|
|
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
|
fi \
|
|
else \
|
|
--
|
|
2.5.0
|
|
|