Try to fix the db problem nirik is seeing trying to upgrade the builders.
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
parent
c2cd4a27db
commit
c270f900a8
|
@ -1,7 +1,7 @@
|
|||
From 33bcca8303cad962606df3bfc6a031a9b0626375 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Thu, 21 Apr 2016 10:47:34 -0400
|
||||
Subject: [PATCH 01/24] cms: kill generate_integer(), it doesn't build on i686
|
||||
Subject: [PATCH 01/25] cms: kill generate_integer(), it doesn't build on i686
|
||||
and it's unused.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 5be0515dee24308fd7e270bf2e0fb5e5a7a78f32 Mon Sep 17 00:00:00 2001
|
||||
From: Julien Cristau <jcristau@debian.org>
|
||||
Date: Thu, 9 Jun 2016 14:30:37 +0200
|
||||
Subject: [PATCH 02/24] Fix command line parsing
|
||||
Subject: [PATCH 02/25] Fix command line parsing
|
||||
|
||||
The gettext translation domain should be passed as .arg, not .descrip,
|
||||
otherwise popt won't process any of the command line options (it stops
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 6de291458cbab99bcc317e282c16e1523d6de9b8 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 10 Aug 2016 17:12:39 -0400
|
||||
Subject: [PATCH 03/24] gcc: don't error on stuff in includes.
|
||||
Subject: [PATCH 03/25] gcc: don't error on stuff in includes.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From b20fc54c08e8afe1365e56cacade3ec39984da8d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 18 Apr 2017 19:00:34 -0400
|
||||
Subject: [PATCH 04/24] Fix "certficate" argument name.
|
||||
Subject: [PATCH 04/25] Fix "certficate" argument name.
|
||||
|
||||
This fixes our typoed argument name by making the incorrectly spelled
|
||||
version be a popt alias, and fixing the real implementation to be
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 7bc8e8b04c74be5c4e0ebf211affc37cf9f5db37 Mon Sep 17 00:00:00 2001
|
||||
From: Julien Cristau <jcristau@debian.org>
|
||||
Date: Mon, 27 Jun 2016 15:38:38 +0200
|
||||
Subject: [PATCH 05/24] Fix description of --ascii-armor option in manpage
|
||||
Subject: [PATCH 05/25] Fix description of --ascii-armor option in manpage
|
||||
|
||||
The --ascii option does not exist.
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 9f411f4e797e983d2e8cb51dc5b9ab8db250c2e3 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 18 Apr 2017 19:05:40 -0400
|
||||
Subject: [PATCH 06/24] Make --ascii work, since we documented it.
|
||||
Subject: [PATCH 06/25] Make --ascii work, since we documented it.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From d618de733865eab359890b4e677c368a133dad99 Mon Sep 17 00:00:00 2001
|
||||
From: Pat Riehecky <riehecky@fnal.gov>
|
||||
Date: Mon, 7 Nov 2016 11:37:08 -0600
|
||||
Subject: [PATCH 07/24] Switch pesign client to also accept token/cert macros
|
||||
Subject: [PATCH 07/25] Switch pesign client to also accept token/cert macros
|
||||
rather than use hard coded values
|
||||
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 2cd211bcc612ad8cb99c778461ca02a9f3e5e44b Mon Sep 17 00:00:00 2001
|
||||
From: David Michael <david.michael@coreos.com>
|
||||
Date: Thu, 16 Feb 2017 15:08:30 -0800
|
||||
Subject: [PATCH 08/24] pesigcheck: Verify with the cert as an object signer
|
||||
Subject: [PATCH 08/25] pesigcheck: Verify with the cert as an object signer
|
||||
|
||||
---
|
||||
src/certdb.c | 2 +-
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From e0238e2363f9668aee07b2e44a8f358e694551c0 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 24 Apr 2017 15:18:10 -0400
|
||||
Subject: [PATCH 09/24] pesigcheck: make --certfile actually work
|
||||
Subject: [PATCH 09/25] pesigcheck: make --certfile actually work
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 799808b265ac6f82fa1268fd696d70357acce69c Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 16:15:07 -0400
|
||||
Subject: [PATCH 10/24] signerInfos: make sure err is always initialized
|
||||
Subject: [PATCH 10/25] signerInfos: make sure err is always initialized
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 868b42b338d919917ea31cfbf0f96e9586947eaf Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 16:23:36 -0400
|
||||
Subject: [PATCH 11/24] pesign: make "pesign -h" tell you the file name.
|
||||
Subject: [PATCH 11/25] pesign: make "pesign -h" tell you the file name.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 95327e6d9bd4f70980acd8fd6c9524265990dc4d Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 10 May 2017 10:49:57 -0400
|
||||
Subject: [PATCH 12/24] Add coverity build scripts
|
||||
Subject: [PATCH 12/25] Add coverity build scripts
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 4b9e7cf3e869de36daf2ea705b9efef55ae87ef8 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sat, 8 Jul 2017 16:31:18 -0400
|
||||
Subject: [PATCH 13/24] Document implicit fallthrough.
|
||||
Subject: [PATCH 13/25] Document implicit fallthrough.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From a95e28e5cb10d417c81c8720e8521eb63793da37 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 16 May 2016 15:25:53 -0400
|
||||
Subject: [PATCH 14/24] Actually setfacl /each/ directory of our key storage.
|
||||
Subject: [PATCH 14/25] Actually setfacl /each/ directory of our key storage.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From a3cc2ad5d49ed61187527281da351e80d8f76a89 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 22 Aug 2016 13:31:38 -0400
|
||||
Subject: [PATCH 15/24] oid: add SHIM_EKU_MODULE_SIGNING_ONLY and fix our array
|
||||
Subject: [PATCH 15/25] oid: add SHIM_EKU_MODULE_SIGNING_ONLY and fix our array
|
||||
indices.
|
||||
|
||||
That was all kinds of wrong.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 9b4b12928c0450ac69d83293e179eec439465c03 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 22 Aug 2016 13:43:56 -0400
|
||||
Subject: [PATCH 16/24] efikeygen: add --modsign
|
||||
Subject: [PATCH 16/25] efikeygen: add --modsign
|
||||
|
||||
---
|
||||
src/cms_common.c | 29 ++++++++++++++++++++++++++++
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 0456758e0c0873d1251bdf77d27f0f6175cbf289 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 16:25:02 -0400
|
||||
Subject: [PATCH 17/24] check_cert_db(): try even harder to pick a reasonable
|
||||
Subject: [PATCH 17/25] check_cert_db(): try even harder to pick a reasonable
|
||||
validation time.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 01b89fb7a191f4639a93c5a7c47a80752118ba95 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 16:58:50 -0400
|
||||
Subject: [PATCH 18/24] show which db we're checking
|
||||
Subject: [PATCH 18/25] show which db we're checking
|
||||
|
||||
---
|
||||
src/certdb.c | 35 ++++++++++++++++++++++++++++++++++-
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 713e61448a6ffa3e6029a7c89fad61b8cb08c9ff Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 17:00:46 -0400
|
||||
Subject: [PATCH 19/24] more about the time
|
||||
Subject: [PATCH 19/25] more about the time
|
||||
|
||||
---
|
||||
src/certdb.c | 59 +++++++++++++++++++++++++++++++++--------------------------
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 81583146602bba96728fa7544c8e856b32c22ee4 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 25 Apr 2017 17:01:13 -0400
|
||||
Subject: [PATCH 20/24] try to say why something fails
|
||||
Subject: [PATCH 20/25] try to say why something fails
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From a40c584691ae071e93e8adf4e5c05bcd90c68159 Mon Sep 17 00:00:00 2001
|
||||
From: Julien Cristau <jcristau@debian.org>
|
||||
Date: Sat, 6 May 2017 22:45:34 +0200
|
||||
Subject: [PATCH 21/24] Fix race condition in SEC_GetPassword
|
||||
Subject: [PATCH 21/25] Fix race condition in SEC_GetPassword
|
||||
|
||||
A side effect of echoOff is to discard unread input, so if we print the
|
||||
prompt before echoOff, the user (or process) at the other end might
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 27afa5a4ea8de1679603f5871935096280d0b12e Mon Sep 17 00:00:00 2001
|
||||
From: David Michael <david.michael@coreos.com>
|
||||
Date: Tue, 13 Jun 2017 13:20:16 -0700
|
||||
Subject: [PATCH 22/24] sysvinit: Create the socket directory at runtime
|
||||
Subject: [PATCH 22/25] sysvinit: Create the socket directory at runtime
|
||||
|
||||
This better supports non-systemd configurations with tmpfs on /run.
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From 31560e2784722b986b8a73cc28e3510870180b07 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 8 Aug 2017 15:44:44 -0400
|
||||
Subject: [PATCH 23/24] Better authorization scripts. Again.
|
||||
Subject: [PATCH 23/25] Better authorization scripts. Again.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From a7b0f7e1ce2de1acea9a8c286a0ff3dd9bc245cb Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Tue, 8 Aug 2017 17:28:19 -0400
|
||||
Subject: [PATCH 24/24] Make the daemon also try to give better errors on
|
||||
Subject: [PATCH 24/25] Make the daemon also try to give better errors on
|
||||
-EPERM etc.
|
||||
|
||||
Basically 6796e5f but also for the daemon. This also tries to fix them
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
From 8836e45b3c863570249fcba005e6f9b151038025 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 9 Aug 2017 17:31:31 -0400
|
||||
Subject: [PATCH 25/25] rpm: Make the client signer use the fedora values
|
||||
unless overridden
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
---
|
||||
src/macros.pesign | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||
index 69280e9..518ca0f 100644
|
||||
--- a/src/macros.pesign
|
||||
+++ b/src/macros.pesign
|
||||
@@ -6,9 +6,12 @@
|
||||
# %pesign -s -i shim.orig -o shim.efi
|
||||
# And magically get the right thing.
|
||||
|
||||
-%__pesign_token %{nil}%{?pe_signing_token:-t "%{pe_signing_token}"}
|
||||
+%__pesign_token %{nil}%{?pe_signing_token:"%{pe_signing_token}"}
|
||||
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
||||
|
||||
+%__pesign_client_token %{!?pe_signing_token:"Fedora Signer (OpenSC Card)"}%{?pe_signing_token:"%{pe_signing_token}}
|
||||
+%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}}
|
||||
+
|
||||
%_pesign /usr/bin/pesign
|
||||
%_pesign_client /usr/bin/pesign-client
|
||||
|
||||
@@ -41,8 +44,8 @@
|
||||
--certdir ${nss} -c signer %{-o} \
|
||||
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
|
||||
elif [ -S /var/run/pesign/socket ]; then \
|
||||
- %{_pesign_client} -t %{__pesign_token} \\\
|
||||
- -c %{__pesign_cert} \\\
|
||||
+ %{_pesign_client} -t %{__pesign_client_token} \\\
|
||||
+ -c %{__pesign_client_cert} \\\
|
||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||
else \
|
||||
%{_pesign} -t %{__pesign_token} -c %{__pesign_cert} \\\
|
||||
--
|
||||
2.13.4
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
Summary: Signing utility for UEFI binaries
|
||||
Name: pesign
|
||||
Version: 0.112
|
||||
Release: 7%{?dist}.pj0
|
||||
Release: 8%{?dist}
|
||||
Group: Development/System
|
||||
License: GPLv2
|
||||
URL: https://github.com/vathpela/pesign
|
||||
|
@ -52,6 +52,7 @@ Patch0021: 0021-Fix-race-condition-in-SEC_GetPassword.patch
|
|||
Patch0022: 0022-sysvinit-Create-the-socket-directory-at-runtime.patch
|
||||
Patch0023: 0023-Better-authorization-scripts.-Again.patch
|
||||
Patch0024: 0024-Make-the-daemon-also-try-to-give-better-errors-on-EP.patch
|
||||
Patch0025: 0025-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch
|
||||
|
||||
%description
|
||||
This package contains the pesign utility for signing UEFI binaries as
|
||||
|
|
Loading…
Reference in New Issue