another test build

Signed-off-by: Peter Jones <pjones@redhat.com>
2020-07-06 16:43:27 -04:00 · 2020-07-06 16:43:27 -04:00 · 38e8425bf8
commit 38e8425bf8
parent 15d1a5085d
4 changed files with 132 additions and 230 deletions
--- a/0006-client-try-run-and-var-run-for-the-socket-path.patch
+++ b/0006-client-try-run-and-var-run-for-the-socket-path.patch
@ -0,0 +1,86 @@
+From c662ad097eaa0d8c3691a22254f5d0e9622b26b7 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 6 Jul 2020 16:13:09 -0400
+Subject: [PATCH 6/7] client: try /run and /var/run for the socket path.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ src/client.c | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/src/client.c b/src/client.c
+index 2119ef33bf8..a38383415d5 100644
+--- a/src/client.c
+++ b/src/client.c
+@@ -49,24 +49,24 @@ print_flag_name(FILE *f, int flag)
+ }
+ 
+ static int
+-connect_to_server(void)
+connect_to_server_helper(const char * const sockpath)
+ {
+-	int rc = access(SOCKPATH, R_OK);
+	int rc = access(sockpath, R_OK);
+ 	if (rc != 0) {
+-		fprintf(stderr, "pesign-client: could not connect to server: "
+-			"%m\n");
+-		exit(1);
+		warn("could not access socket \"%s\"", sockpath);
+		return rc;
+ 	}
+ 
+ 	struct sockaddr_un addr_un = {
+ 		.sun_family = AF_UNIX,
+-		.sun_path = SOCKPATH,
+ 	};
+	strncpy(addr_un.sun_path, sockpath, sizeof(addr_un.sun_path));
+	addr_un.sun_path[sizeof(addr_un.sun_path)-1] = '\0';
+ 
+ 	int sd = socket(AF_UNIX, SOCK_STREAM, 0);
+ 	if (sd < 0) {
+-		fprintf(stderr, "pesign-client: could not open socket: %m\n");
+-		exit(1);
+		warn("could not open socket \"%s\"", sockpath);
+		return sd;
+ 	}
+ 
+ 	socklen_t len = strlen(addr_un.sun_path) +
+@@ -74,14 +74,32 @@ connect_to_server(void)
+ 
+ 	rc = connect(sd, (struct sockaddr *)&addr_un, len);
+ 	if (rc < 0) {
+-		fprintf(stderr, "pesign-client: could not connect to daemon: "
+-			"%m\n");
+-		exit(1);
+		warn("could not connect to daemon");
+		return sd;
+ 	}
+ 
+ 	return sd;
+ }
+ 
+static int
+connect_to_server(void)
+{
+	int rc, i;
+	const char * const sockets[] = {
+		"/run/pesign/socket",
+		"/var/run/pesign/socket",
+		NULL
+	};
+
+	for (i = 0; sockets[i] != NULL; i++) {
+		rc = connect_to_server_helper(sockets[i]);
+		if (rc >= 0)
+			return rc;
+	}
+
+	exit(1);
+}
+
+ static int32_t
+ check_response(int sd, char **srvmsg);
+ 
+-- 
+2.26.2
+
--- a/0007-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
+++ b/0007-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
@ -1,15 +1,15 @@
-From 8499f7b340e4f6fbb5701db21fbabc25b8883c54 Mon Sep 17 00:00:00 2001
+From 22658f290fcf66213ca6237e37ae97bba39a8a0b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Mon, 6 Jul 2020 13:54:35 -0400
-Subject: [PATCH 6/7] Move most of macros.pesign to pesign-rpmbuild-helper
+Subject: [PATCH] Move most of macros.pesign to pesign-rpmbuild-helper

 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 src/Makefile               |   1 +
- src/macros.pesign          |  73 +++++-------------
- src/pesign-rpmbuild-helper | 153 +++++++++++++++++++++++++++++++++++++
- 3 files changed, 174 insertions(+), 53 deletions(-)
- create mode 100755 src/pesign-rpmbuild-helper
+ src/macros.pesign          |  73 +++++------------
+ src/pesign-rpmbuild-helper | 163 +++++++++++++++++++++++++++++++++++++
+ 3 files changed, 184 insertions(+), 53 deletions(-)
+ create mode 100644 src/pesign-rpmbuild-helper

 diff --git a/src/Makefile b/src/Makefile
 index 74327ba13f3..c9e9cc6cd1b 100644
@ -102,7 +102,7 @@ index 5a6da1c6809..e3a0de9c2f4 100644
 +    %{?__pesign_client_token:--client-token %{__pesign_client_token}}	\\\
 +    %{?__pesign_client_cert:--client-cert %{__pesign_client_cert}}	\\\
 +    %{?__pesign_token:%{__pesign_token}}				\\\
-+    %{?-n:--cert "%{-n*}"}%{?!-n:--cert "%{__pesign_cert}"}		\\\
+    %{?-n:--cert "\"%{-n*}\""}%{?!-n:--cert "\"%{__pesign_cert}\""}		\\\
 +    %{?_rhel:--rhelver "%{_rhel}"}					\\\
 +    %{?-a:--cafile "%{-a*}"}						\\\
 +    %{?-c:--certfile "%{-c*}"}						\\\
@ -114,14 +114,15 @@ index 5a6da1c6809..e3a0de9c2f4 100644
 +    ;									\
 +%{nil}
 diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
-new file mode 100755
-index 00000000000..fd385d1625d
+new file mode 100644
+index 00000000000..f3d66320bcc
 --- /dev/null
 +++ b/src/pesign-rpmbuild-helper
-@@ -0,0 +1,153 @@
+@@ -0,0 +1,162 @@
 +#!/bin/sh
 +
 +set -eu
+set -x
 +
 +main() {
 +	local target_cpu="${1}" && shift
@ -130,7 +131,6 @@ index 00000000000..fd385d1625d
 +
 +	local cafile="" || :
 +	local certfile="" || :
-+	local certname="" || :
 +
 +	local certout=() || :
 +	local sattrout=() || :
@ -153,32 +153,41 @@ index 00000000000..fd385d1625d
 +		" --certfile ")
 +			certfile="${2}"
 +			;;
-+		" --certname ")
-+			certname="${2}"
-+			;;
 +		" --certout ")
-+			certout=(-C "${2}")
+			certout[0]=-C
+			certout[1]="${2}"
 +			;;
 +		" --sattrout ")
-+			sattrout=(-e "${2}")
+			sattrout[0]=-e
+			sattrout[1]="${2}"
 +			;;
 +		" --client-token ")
-+			client_token=(-t "${2}")
+			client_token[0]=-t
+			client_token[1]="${2}"
 +			;;
 +		" --client-cert ")
-+			client_cert=(-c "${2}")
+			client_cert[0]=-c
+			client_cert[1]="${2}"
 +			;;
 +		" --token ")
-+			token=(-t "${2}")
+			token[0]=-t
+			token="${2}"
 +			;;
 +		" --cert ")
-+			cert=(-c "${2}")
+			cert[0]=-c
+			cert[1]="${2}"
+			;;
+		" --certname ")
+			cert[0]=-c
+			cert[1]="${2}"
 +			;;
 +		" --in ")
-+			input=(-i "${2}")
+			input[0]=-i
+			input[1]="${2}"
 +			;;
 +		" --out ")
-+			output=(-o "${2}")
+			output[0]=-o
+			output[1]="${2}"
 +			;;
 +		" --rhelver ")
 +			rhelver="${2}"
@ -196,8 +205,8 @@ index 00000000000..fd385d1625d
 +	fi
 +
 +	local nssdir=/etc/pki/pesign
-+	if [ "${certname}" == "Red Hat Test Certificate" ] ||
-+	   [ "${#cert[@]}" -eq 2 -a "${cert[1]}" == "Red Hat Test Certificate" ] ; then
+	if [ "${#cert[@]}" -eq 2 ] &&
+	   [ "${cert[1]}" == "Red Hat Test Certificate" ] ; then
 +		nssdir=/etc/pki/pesign-rh-test
 +	fi
 +
@ -246,24 +255,24 @@ index 00000000000..fd385d1625d
 +		certutil -A -n "signer" -t "CTu,CTu,CTu" -i "${certfile}" -d ${nssdir}
 +		sattrs="$(mktemp -p $PWD --suffix=.der)"
 +		"${bin}" -E "${sattrs}" --certdir "${nssdir}" \
-+			${input[@]} --force
-+		rpm-sign --key "${certname}" --rsadgstsign "${sattrs}"
+			"${input[@]}" --force
+		rpm-sign --key "${cert[1]}" --rsadgstsign "${sattrs}"
 +		"${bin}" -R "${sattrs}.sig" -I "${sattrs}" \
 +			--certdir "${nssdir}" -c signer \
-+			${input[@]} ${output[@]}
+			"${input[@]}" "${output[@]}"
 +		rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
 +	elif [ -n "${socket}" ] ; then
-+		"${client}" ${client_token[@]} ${client_cert[@]}	\
-+			${sattrout[@]} ${certout[@]}			\
-+			${sign} ${input[@]} ${output[@]}
+		"${client}" "${client_token[@]}" "${client_cert[@]}"	\
+			"${sattrout[@]}" "${certout[@]}"		\
+			${sign} "${input[@]}" "${output[@]}"
 +	else
-+		"${bin}" --certdir "${nssdir}" ${token[@]} ${cert[@]}	\
-+			${sign} ${sattrout[@]} ${certout[@]}		\
-+			${input[@]} ${output[@]}
+		"${bin}" --certdir "${nssdir}" "${token[@]}"		\
+			"${cert[@]}" ${sign} "${sattrout[@]}"		\
+			"${certout[@]}"	"${input[@]}" "${output[@]}"
 +	fi
 +
 +	# if there's a 0-sized output file, delete it and error out
-+	if [ ! -s "${output[1]}" ] ; then
+	if [ "${#output[@]}" -eq 2 ] && ! [ -s "${output[1]}" ] ; then
 +		if [ -e "${output[1]}" ] ; then
 +			rm -f "${output[1]}"
 +		fi
--- a/0007-client-try-run-and-var-run-for-the-socket-path.patch
+++ b/0007-client-try-run-and-var-run-for-the-socket-path.patch
@ -1,193 +0,0 @@
-From c98b16d890a1e4651b3683853acb69fedd5a10dd Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 6 Jul 2020 16:13:09 -0400
-Subject: [PATCH 7/7] client: try /run and /var/run for the socket path.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- src/client.c               | 40 ++++++++++++++++++++--------
- src/pesign-rpmbuild-helper | 54 ++++++++++++++++++++++----------------
- 2 files changed, 61 insertions(+), 33 deletions(-)
-
-diff --git a/src/client.c b/src/client.c
-index a4f1d1dbbe7..0082be1f597 100644
--- a/src/client.c
-+++ b/src/client.c
-@@ -61,24 +61,24 @@ print_flag_name(FILE *f, int flag)
- }
- 
- static int
-connect_to_server(void)
-+connect_to_server_helper(const char * const sockpath)
- {
-	int rc = access(SOCKPATH, R_OK);
-+	int rc = access(sockpath, R_OK);
- 	if (rc != 0) {
-		fprintf(stderr, "pesign-client: could not connect to server: "
-			"%m\n");
-		exit(1);
-+		warn("could not access socket \"%s\"", sockpath);
-+		return rc;
- 	}
- 
- 	struct sockaddr_un addr_un = {
- 		.sun_family = AF_UNIX,
-		.sun_path = SOCKPATH,
- 	};
-+	strncpy(addr_un.sun_path, sockpath, sizeof(addr_un.sun_path));
-+	addr_un.sun_path[sizeof(addr_un.sun_path)-1] = '\0';
- 
- 	int sd = socket(AF_UNIX, SOCK_STREAM, 0);
- 	if (sd < 0) {
-		fprintf(stderr, "pesign-client: could not open socket: %m\n");
-		exit(1);
-+		warn("could not open socket \"%s\"", sockpath);
-+		return sd;
- 	}
- 
- 	socklen_t len = strlen(addr_un.sun_path) +
-@@ -86,14 +86,32 @@ connect_to_server(void)
- 
- 	rc = connect(sd, (struct sockaddr *)&addr_un, len);
- 	if (rc < 0) {
-		fprintf(stderr, "pesign-client: could not connect to daemon: "
-			"%m\n");
-		exit(1);
-+		warn("could not connect to daemon");
-+		return sd;
- 	}
- 
- 	return sd;
- }
- 
-+static int
-+connect_to_server(void)
-+{
-+	int rc, i;
-+	const char * const sockets[] = {
-+		"/run/pesign/socket",
-+		"/var/run/pesign/socket",
-+		NULL
-+	};
-+
-+	for (i = 0; sockets[i] != NULL; i++) {
-+		rc = connect_to_server_helper(sockets[i]);
-+		if (rc >= 0)
-+			return rc;
-+	}
-+
-+	exit(1);
-+}
-+
- static int32_t
- check_response(int sd, char **srvmsg);
- 
-diff --git a/src/pesign-rpmbuild-helper b/src/pesign-rpmbuild-helper
-index fd385d1625d..68b53ddf022 100755
--- a/src/pesign-rpmbuild-helper
-+++ b/src/pesign-rpmbuild-helper
-@@ -1,6 +1,7 @@
- #!/bin/sh
- 
- set -eu
-+set -x
- 
- main() {
- 	local target_cpu="${1}" && shift
-@@ -32,32 +33,41 @@ main() {
- 		" --certfile ")
- 			certfile="${2}"
- 			;;
-		" --certname ")
-			certname="${2}"
-			;;
- 		" --certout ")
-			certout=(-C "${2}")
-+			certout[0]=-C
-+			certout[1]="${2}"
- 			;;
- 		" --sattrout ")
-			sattrout=(-e "${2}")
-+			sattrout[0]=-e
-+			sattrout[1]="${2}"
- 			;;
- 		" --client-token ")
-			client_token=(-t "${2}")
-+			client_token[0]=-t
-+			client_token[1]="${2}"
- 			;;
- 		" --client-cert ")
-			client_cert=(-c "${2}")
-+			client_cert[0]=-c
-+			client_cert[1]="${2}"
- 			;;
- 		" --token ")
-			token=(-t "${2}")
-+			token[0]=-t
-+			token="${2}"
- 			;;
- 		" --cert ")
-			cert=(-c "${2}")
-+			cert[0]=-c
-+			cert[1]="${2}"
-+			;;
-+		" --certname ")
-+			cert[0]=-c
-+			cert[1]="${2}"
- 			;;
- 		" --in ")
-			input=(-i "${2}")
-+			input[0]=-i
-+			input[1]="${2}"
- 			;;
- 		" --out ")
-			output=(-o "${2}")
-+			output[0]=-o
-+			output[1]="${2}"
- 			;;
- 		" --rhelver ")
- 			rhelver="${2}"
-@@ -75,8 +85,8 @@ main() {
- 	fi
- 
- 	local nssdir=/etc/pki/pesign
-	if [ "${certname}" == "Red Hat Test Certificate" ] ||
-	   [ "${#cert[@]}" -eq 2 -a "${cert[1]}" == "Red Hat Test Certificate" ] ; then
-+	if [ "${#cert[@]}" -eq 2 ] &&
-+	   [ "${cert[1]}" == "Red Hat Test Certificate" ] ; then
- 		nssdir=/etc/pki/pesign-rh-test
- 	fi
- 
-@@ -125,20 +135,20 @@ main() {
- 		certutil -A -n "signer" -t "CTu,CTu,CTu" -i "${certfile}" -d ${nssdir}
- 		sattrs="$(mktemp -p $PWD --suffix=.der)"
- 		"${bin}" -E "${sattrs}" --certdir "${nssdir}" \
-			${input[@]} --force
-		rpm-sign --key "${certname}" --rsadgstsign "${sattrs}"
-+			"${input[@]}" --force
-+		rpm-sign --key "${cert[1]}" --rsadgstsign "${sattrs}"
- 		"${bin}" -R "${sattrs}.sig" -I "${sattrs}" \
- 			--certdir "${nssdir}" -c signer \
-			${input[@]} ${output[@]}
-+			"${input[@]}" "${output[@]}"
- 		rm -rf "${sattrs}" "${sattrs}.sig" "${nssdir}"
- 	elif [ -n "${socket}" ] ; then
-		"${client}" ${client_token[@]} ${client_cert[@]}	\
-			${sattrout[@]} ${certout[@]}			\
-			${sign} ${input[@]} ${output[@]}
-+		"${client}" "${client_token[@]}" "${client_cert[@]}"	\
-+			"${sattrout[@]}" "${certout[@]}"		\
-+			${sign} "${input[@]}" "${output[@]}"
- 	else
-		"${bin}" --certdir "${nssdir}" ${token[@]} ${cert[@]}	\
-			${sign} ${sattrout[@]} ${certout[@]}		\
-			${input[@]} ${output[@]}
-+		"${bin}" --certdir "${nssdir}" "${token[@]}"		\
-+			"${cert[@]}" ${sign} "${sattrout[@]}"		\
-+			"${certout[@]}"	"${input[@]}" "${output[@]}"
- 	fi
- 
- 	# if there's a 0-sized output file, delete it and error out
-- 
-2.26.2
-
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 113
-Release: 5~3%{?dist}
+Release: 5~5%{?dist}
 License: GPLv2
 URL:     https://github.com/vathpela/pesign

@ -46,8 +46,8 @@ Patch0002: 0002-pesigcheck-Fix-a-wrong-assignment.patch
 Patch0003: 0003-Make-0.112-client-and-server-work-with-the-113-proto.patch
 Patch0004: 0004-Rename-var-run-to-run.patch
 Patch0005: 0005-Apparently-opensc-got-updated-and-the-token-name-cha.patch
-Patch0006: 0006-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch
-Patch0007: 0007-client-try-run-and-var-run-for-the-socket-path.patch
+Patch0006: 0006-client-try-run-and-var-run-for-the-socket-path.patch
+Patch0007: 0007-Move-most-of-macros.pesign-to-pesign-rpmbuild-helper.patch

 %description
 This package contains the pesign utility for signing UEFI binaries as