Hello community, here is the log from the commit of package mokutil for openSUSE:Factory checked in at 2014-03-25 13:23:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mokutil (Old) and /work/SRC/openSUSE:Factory/.mokutil.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mokutil" Changes: -------- --- /work/SRC/openSUSE:Factory/mokutil/mokutil.changes 2014-02-25 07:33:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mokutil.new/mokutil.changes 2014-03-25 13:23:54.000000000 +0100 @@ -1,0 +2,8 @@ +Mon Mar 24 07:37:39 UTC 2014 - g...@suse.com + +- Add mokutil-more-details-for-skipped-keys.patch to show the + reason to skip the key +- Add mokutil-check-secure-boot-support.patch to check whether the + system supports Secure Boot or not + +------------------------------------------------------------------- New: ---- mokutil-check-secure-boot-support.patch mokutil-more-details-for-skipped-keys.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mokutil.spec ++++++ --- /var/tmp/diff_new_pack.wEdHhx/_old 2014-03-25 13:23:54.000000000 +0100 +++ /var/tmp/diff_new_pack.wEdHhx/_new 2014-03-25 13:23:54.000000000 +0100 @@ -32,6 +32,10 @@ Patch3: mokutil-fix-hash-list-size.patch # PATCH-FIX-UPSTREAM mokutil-clean-request.patch g...@suse.com -- Clear the request if all keys are removed Patch4: mokutil-clean-request.patch +# PATCH-FIX-UPSTREAM mokutil-more-details-for-skipped-keys.patch g...@suse.com -- Be more verbose while skipping a key +Patch5: mokutil-more-details-for-skipped-keys.patch +# PATCH-FIX-UPSTREAM mokutil-check-secure-boot-support.patch g...@suse.com -- Check whether the system supports secure boot or not +Patch6: mokutil-check-secure-boot-support.patch # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch g...@suse.com -- Add an option to revoke the built-in certificate Patch100: mokutil-support-revoke-builtin-cert.patch BuildRequires: autoconf @@ -57,6 +61,8 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch100 -p1 %build ++++++ mokutil-check-secure-boot-support.patch ++++++ >From e8899f1f26a77dfd870388156381489d53e5548c Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Mon, 24 Mar 2014 15:20:27 +0800 Subject: [PATCH] Check whether the system supports Secure Boot or not Signed-off-by: Gary Ching-Pang Lin <g...@suse.com> --- src/mokutil.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/mokutil.c b/src/mokutil.c index cd039f0..149df2b 100644 --- a/src/mokutil.c +++ b/src/mokutil.c @@ -2211,6 +2211,23 @@ main (int argc, char *argv[]) if (hash_file && use_root_pw) command |= HELP; + if (!(command & HELP)) { + /* Check whether the machine supports Secure Boot or not */ + efi_variable_t var; + efi_status_t status; + + memset (&var, 0, sizeof(var)); + var.VariableName = "SecureBoot"; + var.VendorGuid = EFI_GLOBAL_VARIABLE; + status = read_variable (&var); + if (status != EFI_SUCCESS) { + fprintf (stderr, "This system doesn't support Secure Boot\n"); + ret = -1; + goto out; + } + free (var.Data); + } + switch (command) { case LIST_ENROLLED: case LIST_ENROLLED | MOKX: @@ -2331,6 +2348,7 @@ main (int argc, char *argv[]) break; } +out: if (files) { for (i = 0; i < total; i++) free (files[i]); -- 1.8.4.5 ++++++ mokutil-more-details-for-skipped-keys.patch ++++++ >From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Thu, 13 Feb 2014 14:32:18 +0800 Subject: [PATCH 1/3] Be more verbose while skipping a key Signed-off-by: Gary Ching-Pang Lin <g...@suse.com> --- src/mokutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mokutil.c b/src/mokutil.c index 1c32313..3655b92 100644 --- a/src/mokutil.c +++ b/src/mokutil.c @@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req, printf ("Removed %s from %s\n", files[i], reverse_req); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } else { - printf ("Skip %s\n", files[i]); + printf ("%s is already enrolled or in %s request\n", files[i], + import?"an enrollment":"a deletion"); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } -- 1.8.4.5 >From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Mon, 24 Mar 2014 14:48:53 +0800 Subject: [PATCH 2/3] Show more details when skipping a key Signed-off-by: Gary Ching-Pang Lin <g...@suse.com> --- src/mokutil.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/mokutil.c b/src/mokutil.c index 3655b92..cd039f0 100644 --- a/src/mokutil.c +++ b/src/mokutil.c @@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size, return 0; } +static void +print_skip_message (const char *filename, void *mok, uint32_t mok_size, + uint8_t import) +{ + if (import) { + if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE)) + printf ("SKIP: %s is already in PK\n", filename); + else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE)) + printf ("SKIP: %s is already in KEK\n", filename); + else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID)) + printf ("SKIP: %s is already in db\n", filename); + else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID)) + printf ("SKIP: %s is already enrolled\n", filename); + else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID)) + printf ("SKIP: %s is already in the enrollement request\n", filename); + } else { + if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID)) + printf ("SKIP: %s is not in MokList\n", filename); + else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID)) + printf ("SKIP: %s is already in the deletion request\n", filename); + } +} + static int issue_mok_request (char **files, uint32_t total, MokRequest req, const char *hash_file, const int root_pw) @@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req, printf ("Removed %s from %s\n", files[i], reverse_req); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } else { - printf ("%s is already enrolled or in %s request\n", files[i], - import?"an enrollment":"a deletion"); + print_skip_message (files[i], ptr, sizes[i], import); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } -- 1.8.4.5 >From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Mon, 24 Mar 2014 16:27:06 +0800 Subject: [PATCH 3/3] Merge MokX for print_skip_message() Signed-off-by: Gary Ching-Pang Lin <g...@suse.com> --- src/mokutil.c | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/src/mokutil.c b/src/mokutil.c index cd039f0..492dffc 100644 --- a/src/mokutil.c +++ b/src/mokutil.c @@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size, static void print_skip_message (const char *filename, void *mok, uint32_t mok_size, - uint8_t import) + MokRequest req) { - if (import) { - if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE)) + efi_guid_t type = EfiCertX509Guid; + + switch (req) { + case ENROLL_MOK: + if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK")) printf ("SKIP: %s is already in PK\n", filename); - else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE)) + else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK")) printf ("SKIP: %s is already in KEK\n", filename); - else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID)) + else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db")) printf ("SKIP: %s is already in db\n", filename); - else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID)) + else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT")) printf ("SKIP: %s is already enrolled\n", filename); - else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID)) + else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew")) printf ("SKIP: %s is already in the enrollement request\n", filename); - } else { - if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID)) + break; + case DELETE_MOK: + if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT")) printf ("SKIP: %s is not in MokList\n", filename); - else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID)) + else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel")) printf ("SKIP: %s is already in the deletion request\n", filename); + break; + case ENROLL_BLACKLIST: + if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT")) + printf ("SKIP: %s is already in MokListX\n", filename); + else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew")) + printf ("SKIP: %s is already in the MokX enrollment request\n", filename); + break; + case DELETE_BLACKLIST: + if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT")) + printf ("SKIP: %s is not in MokListX\n", filename); + else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel")) + printf ("SKIP: %s is already in the MokX deletion request\n", filename); + break; } } @@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req, printf ("Removed %s from %s\n", files[i], reverse_req); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } else { - print_skip_message (files[i], ptr, sizes[i], import); + print_skip_message (files[i], ptr, sizes[i], req); ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t); } -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org