Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2015-12-23 08:48:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign"
Changes:
--------
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2015-09-03
18:07:01.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2015-12-23
08:48:14.000000000 +0100
@@ -1,0 +2,15 @@
+Tue Nov 10 07:59:48 UTC 2015 - g...@suse.com
+
+- Update to 0.111
+- Add pesign-fix-signness.patch to fix the signness comparison
+- Drop upstreamed patches
+ + pesign-efivar-pkgconfig.patch
+ + pesign-make-efi_guid_t-const.patch
+ + pesign-fix-import-sig-check.patch
+ + pesign-install-supplementary-programs.patch
+- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
+ and pesign-run.patch
+- Update pesign-fix-build-errors.patch
+- Merge use-standard-pid-location.patch into pesign-run.patch
+
+-------------------------------------------------------------------
Old:
----
pesign-0.110.tar.bz2
pesign-efivar-pkgconfig.patch
pesign-fix-import-sig-check.patch
pesign-install-supplementary-programs.patch
pesign-make-efi_guid_t-const.patch
use-standard-pid-location.patch
New:
----
pesign-0.111.tar.bz2
pesign-fix-signness.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign.spec ++++++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:15.000000000 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:15.000000000 +0100
@@ -17,7 +17,7 @@
Name: pesign
-Version: 0.110
+Version: 0.111
Release: 0
Summary: Signing tool for PE-COFF binaries
License: GPL-2.0
@@ -30,20 +30,12 @@
Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff
-# PATCH-FIX-SUSE use-standard-pid-location.patch p.drou...@gmail.com --Use
standard /run instead of /var/run for pidfile
-Patch4: use-standard-pid-location.patch
# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch
-# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch g...@suse.com --
Install the supplementary programs
-Patch7: pesign-install-supplementary-programs.patch
-# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch g...@suse.com -- Fix
the signature size check while importing a signature
-Patch8: pesign-fix-import-sig-check.patch
-# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch g...@suse.com -- Make
efivar compiler parameters come from pkg-config
-Patch9: pesign-efivar-pkgconfig.patch
-# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch g...@suse.com -- make
efi_guid_t's const
-Patch10: pesign-make-efi_guid_t-const.patch
+# PATCH-FIX-UPSTREAM pesign-fix-signness.patch g...@suse.com -- Fix the
signness comparison
+Patch7: pesign-fix-signness.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -63,23 +55,19 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
%build
-make %{?_smp_mflags} OPTFLAGS="%{optflags}"
+make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
%install
-make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages
install
+make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
mkdir -p %{buildroot}%{_sbindir}
-make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
+make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir}
install_systemd
# create rcsymlink
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
@@ -113,6 +101,8 @@
%{_bindir}/efisiglist
%{_bindir}/authvar
%{_sbindir}/rcpesign
+%dir %{_sysconfdir}/pesign
+%{_sysconfdir}/pesign/*
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/
@@ -121,6 +111,8 @@
%{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf
+%dir %{_libexecdir}/pesign
+%{_libexecdir}/pesign/pesign-authorize-*
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
++++++ pesign-0.110.tar.bz2 -> pesign-0.111.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/.gitignore new/pesign-0.111/.gitignore
--- old/pesign-0.110/.gitignore 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/.gitignore 2015-10-28 19:25:51.000000000 +0100
@@ -1,3 +1,14 @@
+.*.d
+.*.P
+.*.sw?
*.der
*.cer
*.strace
+*.E
+*.esl
+*.auth
+*-d719b2cb-3d3a-4596-a3bc-dad00e67656f
+*-8be4df61-93ca-11d2-aa0d-00e098032b8c
+*.tar.*
+*.rpm
+core.*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Make.defaults
new/pesign-0.111/Make.defaults
--- old/pesign-0.110/Make.defaults 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/Make.defaults 2015-10-28 19:25:51.000000000 +0100
@@ -1,41 +1,74 @@
-INSTALLROOT:= $(DESTDIR)
-PREFIX := /usr
+prefix ?= /usr/
+prefix := $(abspath $(prefix))/
+libdir ?= $(prefix)lib64/
+libdatadir ?= $(prefix)lib/
+libexecdir ?= $(prefix)libexec/
+datadir ?= $(prefix)share/
+mandir ?= $(datadir)man/
+includedir ?= $(prefix)include/
+bindir ?= $(prefix)bin/
+pcdir ?= $(libdir)pkgconfig/
+docdir ?= $(prefix)share/doc/
+DESTDIR ?=
+INSTALLROOT = $(DESTDIR)
+
+INSTALL ?= install
+CROSS_COMPILE ?= $(bindir)
+
+PKG_CONFIG = $(CROSS_COMPILE)pkg-config
+CC := $(if $(filter default,$(origin CC)),$(CROSS_COMPILE)gcc,$(CC))
+CCLD := $(if $(filter undefined,$(origin CCLD)),$(CC),$(CCLD))
+CFLAGS ?= -O2 -g
+AS := $(CROSS_COMPILE)as
+AR := $(CROSS_COMPILE)gcc-ar
+RANLIB := $(CROSS_COMPILE)gcc-ranlib
+OBJCOPY := $(CROSS_COMPILE)objcopy
+LD := $(CROSS_COMPILE)ld
+INSTALL := $(CROSS_COMPILE)install
+
+PKGS =
HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
-INCDIR = -I$(TOPDIR)/include
-CPPFLAGS = -DCONFIG_$(ARCH)
-CFLAGS = -g -O0
-BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing
-fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result
-Wno-unused-function
-ASFLAGS = $(ARCH3264)
-LDFLAGS = -nostdlib
-CCLDFLAGS = -shared
-INSTALL = install
-# XXX this is broken
-bindir = /usr/bin/
-
-CC = $(bindir)gcc
-AS = $(bindir)as
-LD = $(bindir)ld.bfd
-AR = $(bindir)ar
-RANLIB = $(bindir)ranlib
-OBJCOPY = $(bindir)objcopy
+
+SOFLAGS = -shared
+clang_cflags =
+gcc_cflags = -Wmaybe-uninitialized
+cflags = $(CFLAGS) $(ARCH3264) \
+ -Wall -Werror -Wno-cpp -Wsign-compare -Wno-unused-result \
+ -Wno-unused-function\
+ -std=gnu11 -fshort-wchar -fPIC -flto -fno-strict-aliasing \
+ -fno-merge-constants \
+ -D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \
+ $(if $(filter $(CC),clang),$(clang_cflags), ) \
+ $(if $(filter $(CC),gcc),$(gcc_cflags), ) \
+ $(call pkg-config-cflags) -Werror
+clang_ccldflags =
+gcc_ccldflags = -fno-merge-constants \
+ -Wl,--fatal-warnings,--no-allow-shlib-undefined,--default-symver \
+ -Wl,-O2 -Wl,--no-undefined-version -Wl,-z,relro,-z,now
+ccldflags = $(cflags) $(CCLDFLAGS) $(LDFLAGS) \
+ $(if $(filter $(CCLD),clang),$(clang_ccldflags),) \
+ $(if $(filter $(CCLD),gcc),$(gcc_ccldflags),) \
+ $(call pkg-config-ccldflags)
+efi_cflags = $(cflags)
+ASFLAGS = $(ARCH3264)
+CPPFLAGS ?=
+
+LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
ifeq ($(ARCH),ia64)
- CFLAGS += -mfixed-range=f32-f127
- LIBDIR = $(PREFIX)/lib64
+ efi_cflags += -mfixed-range=f32-f127
endif
ifeq ($(ARCH), ia32)
- LIBDIR := $(PREFIX)/lib
ifeq ($(HOSTARCH), x86_64)
ARCH3264 := -m32
endif
endif
ifeq ($(ARCH), x86_64)
- CFLAGS += -mno-red-zone
- LIBDIR := $(PREFIX)/lib64
+ efi_cflags += -mno-red-zone
ifeq ($(HOSTARCH), ia32)
ARCH3264 := -m64
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Make.deps new/pesign-0.111/Make.deps
--- old/pesign-0.110/Make.deps 1970-01-01 01:00:00.000000000 +0100
+++ new/pesign-0.111/Make.deps 2015-10-28 19:25:51.000000000 +0100
@@ -0,0 +1,17 @@
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ..)
+
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
+include $(TOPDIR)/Make.defaults
+
+.%.d : %.c
+ $(CC) $(cflags) $(CPPFLAGS) -MM -MG -MF $@ $^
+
+.%.d : %.S
+ $(CC) $(cflags) $(CPPFLAGS) -MM -MG -MF $@ $^
+
+SOURCES ?=
+deps :
+ echo SOURCES=$(SOURCES)
+deps : $(call deps-of,$(filter-out %.h,$(SOURCES)))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Make.efirules
new/pesign-0.111/Make.efirules
--- old/pesign-0.110/Make.efirules 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/Make.efirules 2015-10-28 19:25:51.000000000 +0100
@@ -1,3 +1,9 @@
+default : all
+
+.PHONY: default all deps clean install test
+
+include $(TOPDIR)/Make.version
+
%.efi : %.so
$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym -j .rel \
-j .rela -j .reloc --target=$(FORMAT) $*.so $@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Make.rules new/pesign-0.111/Make.rules
--- old/pesign-0.110/Make.rules 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/Make.rules 2015-10-28 19:25:51.000000000 +0100
@@ -1,22 +1,83 @@
+default : all
+
+.PHONY: default all deps clean install install_systemd install_sysvinit test
+
+include $(TOPDIR)/Make.version
+
+all : deps
+
+deps :
+
+clean :
+
+install :
+
+install_systemd :
+
+install_sysvinit :
+
+test :
+
%.a :
$(AR) -cvqs $@ $^
-% : %.o
- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach
pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib)))
-lpthread
+% : %.c
+
+$(BINTARGETS) : % :
+ $(CCLD) $(ccldflags) $(CPPFLAGS) -o $@ $^ $(LDLIBS)
%.so :
- $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o
$@
+ $(CCLD) $(ccldflags) $(CPPFLAGS) $(SOFLAGS) \
+ -Wl,-soname,$@.$(MAJOR_VERSION) \
+ -o $@ $^ $(LDLIBS)
%.o: %.c
- $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
-
-.%.P : %.c
- $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -M -MM -MF $@ $^
+ $(CC) $(cflags) $(CPPFLAGS) -c -o $@ $(filter %.c %.o %.S,$^)
%.S: %.c
- $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -S $< -o $@
+ $(CC) $(cflags) $(CPPFLAGS) -S $< -o $@
%.E: %.c
- $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -E $< -o $@
+ $(CC) $(cflags) $(CPPFLAGS) -E $< -o $@
%.c : %.h
+
+.%.d :
+
+define substitute-version =
+ sed \
+ -e "s,@@VERSION@@,$(VERSION),g" \
+ -e "s,@@LIBDIR@@,$(libdir),g" \
+ -e "s,@@LIBEXECDIR@@,$(libexecdir),g" \
+ $(1) > $(2)
+endef
+
+%.pc : %.pc.in
+ @$(call substitute-version,$<,$@)
+
+%.spec : %.spec.in
+ @$(call substitute-version,$<,$@)
+
+%.service : %.service.in
+ @$(call substitute-version,$<,$@)
+
+%.sysvinit : %.sysvinit.in
+ @$(call substitute-version,$<,$@)
+
+pkg-config-cflags = \
+ $(shell if [ -n "$(PKGS)" ]; then $(PKG_CONFIG) --cflags $(PKGS); fi)
+pkg-config-ldflags = \
+ $(shell if [ -n "$(PKGS)" ]; then $(PKG_CONFIG) --libs-only-L
--libs-only-other $(PKGS) ; fi)
+pkg-config-ldlibs = \
+ $(shell if [ -n "$(PKGS)" ]; then $(PKG_CONFIG) --libs-only-l $(PKGS) ;
fi)
+
+objects-of = \
+ $(patsubst %.c,%.o,$(1))
+
+define deps-of =
+ $(foreach src,$(filter %.c,$(1)),$(patsubst %.c,.%.d,$(src))) \
+ $(foreach src,$(filter %.S,$(1)),$(patsubst %.S,.%.d,$(src)))
+endef
+
+$(TOPDIR)/libdpe/%.a $(TOPDIR)/libdpe/% :
+ $(MAKE) -C $(TOPDIR)/libdpe $(notdir $@)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Make.version
new/pesign-0.111/Make.version
--- old/pesign-0.110/Make.version 1970-01-01 01:00:00.000000000 +0100
+++ new/pesign-0.111/Make.version 2015-10-28 19:25:51.000000000 +0100
@@ -0,0 +1,3 @@
+MAJOR_VERSION = 0
+MINOR_VERSION = 111
+VERSION = $(MAJOR_VERSION).$(MINOR_VERSION)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/Makefile new/pesign-0.111/Makefile
--- old/pesign-0.110/Makefile 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/Makefile 2015-10-28 19:25:51.000000000 +0100
@@ -1,33 +1,35 @@
-TOPDIR = $(shell echo $$PWD)
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath .)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
include $(TOPDIR)/Make.defaults
SUBDIRS := include libdpe src
-DOCDIR := /share/doc/
-VERSION = 0.110
-
-all : $(SUBDIRS)
-
-$(SUBDIRS) :
- $(MAKE) -C $@ TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH)
-
-clean :
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
install :
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/
- $(INSTALL) -pm 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+ $(INSTALL) -pm 644 COPYING
$(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+ @set -e ; for x in $(SUBDIRS) ; do \
+ $(MAKE) -C $$x $@ ; \
+ done
+
+install_systemd install_sysvinit : install
+ @set -e ; for x in $(SUBDIRS) ; do \
+ $(MAKE) -C $$x $@ ; \
+ done
+
+distclean : | clean
+
+clean deps all : | Make.version
+ @set -e ; for x in $(SUBDIRS) ; do \
+ $(MAKE) -C $$x $@ ; \
+ done
-install_systemd:
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
-
-install_sysvinit:
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
-
-.PHONY: $(SUBDIRS) clean install
+$(SUBDIRS) :
+ $(MAKE) -C $@ all
-include $(TOPDIR)/Make.rules
+.PHONY: $(SUBDIRS)
GITTAG = $(VERSION)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/include/Makefile
new/pesign-0.111/include/Makefile
--- old/pesign-0.110/include/Makefile 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/include/Makefile 2015-10-28 19:25:51.000000000 +0100
@@ -1,21 +1,18 @@
-SRCDIR = .
-TOPDIR = $(SRCDIR)/..
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ..)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
include $(TOPDIR)/Make.defaults
SUBDIRS = libdpe
-all : $(SUBDIRS)
+clean all install :
+ for x in $(SUBDIRS) ; do \
+ $(MAKE) -C $$x $@ ; \
+ done
$(SUBDIRS) :
- $(MAKE) -C $@ TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH)
-
-clean :
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
-
-install :
- @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR)
SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done
+ $(MAKE) -C $@ all
-.PHONY: all $(SUBDIRS) clean install
-
-include $(TOPDIR)/Make.rules
+.PHONY: $(SUBDIRS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/include/libdpe/Makefile
new/pesign-0.111/include/libdpe/Makefile
--- old/pesign-0.110/include/libdpe/Makefile 2014-10-24 21:51:06.000000000
+0200
+++ new/pesign-0.111/include/libdpe/Makefile 2015-10-28 19:25:51.000000000
+0100
@@ -1,16 +1,10 @@
-SRCDIR = .
-TOPDIR = $(SRCDIR)/..
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ../..)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
include $(TOPDIR)/Make.defaults
-SUBDIRS = libdpe
-
-all:
-
-clean:
-
-install:
- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/
- $(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/
-
-include $(TOPDIR)/Make.rules
+#install:
+# $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/include/libdpe/
+# $(INSTALL) -m 644 *.h $(INSTALLROOT)$(PREFIX)/include/libdpe/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/libdpe/Makefile
new/pesign-0.111/libdpe/Makefile
--- old/pesign-0.110/libdpe/Makefile 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/libdpe/Makefile 2015-10-28 19:25:51.000000000 +0100
@@ -1,42 +1,40 @@
-SRCDIR = .
-TOPDIR = $(SRCDIR)/..
-
-SONAME = libdpe.so.0
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ..)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
include $(TOPDIR)/Make.defaults
-BUILDFLAGS += -fPIC
-CCLDFLAGS += -fPIC -Wl,-z,relro,-z,now
-
-TARGETS = libdpe.so libdpe.a
-all : $(TARGETS)
-
-SOURCES = $(patsubst %.c,%,$(wildcard *.c))
-OBJECTS = $(foreach source,$(SOURCES),$(source).o)
-DEPS = $(foreach source,$(SOURCES),.$(source).P)
-# PEOBJECTS = $(foreach source,$(SOURCES),$(source)_pe.o)
-
-libdpe.a :: $(OBJECTS)
-
-libdpe.so :: $(OBJECTS)
-
-deps : $(DEPS)
+LIBTARGETS=libdpe.so
+STATICLIBTARGETS=libdpe.a
+TARGETS=$(LIBTARGETS) $(STATICLIBTARGETS)
+
+LIBDPE_SOURCES = $(wildcard *.c)
+ALL_SOURCES=$(LIBDPE_SOURCES)
+-include $(call deps-of,$(ALL_SOURCES))
+
+all : deps $(TARGETS)
+
+libdpe.a : $(call objects-of,$(LIBDPE_SOURCES))
+libdpe.a : LIBS=pthread
+# libdpe.a : | $(wildcard *.h) $(wildcard $(TOPDIR)/include/libdpe/*.h)
+libdpe.so : $(call objects-of,$(LIBDPE_SOURCES))
+libdpe.so : LIBS=pthread
+# libdpe.so : | $(wildcard *.h) $(wildcard $(TOPDIR)/include/libdpe/*.h)
+
+deps : $(ALL_SOURCES)
+ $(MAKE) -f $(TOPDIR)/Make.deps deps SOURCES="$(ALL_SOURCES)"
+
+clean :
+ @rm -rfv *~ *.o *.a *.so *.so.* .*.d
+
+#install :
+# $(INSTALL) -d -m 755 $(DESTDIR)$(libdir)
+# $(foreach x,$(LIBTARGETS), \
+# $(INSTALL) -m 755 $(x) $(DESTDIR)$(libdir)/$(x).$(VERSION) ;\
+# ln -fs $(x).$(VERSION)
$(DESTDIR)$(libdir)/$(x).$(MAJOR_VERSION) ;\
+# ln -fs $(x).$(VERSION) $(DESTDIR)$(libdir)/$(x); )
+# $(foreach x,$(STATICLIBTARGETS), \
+# $(INSTALL) -m 644 $(x) $(DESTDIR)$(libdir)/$(x); )
--include $(DEPS)
-
-depclean :
- @rm -fv .*.P
-
-clean : depclean
- @rm -rfv *~ *.o *.a *.so
-
-install :
- echo "LIBDIR: $(LIBDIR)"
- $(INSTALL) -d -m 755 $(INSTALLROOT)$(LIBDIR)
- for x in $(TARGETS) ; do \
- $(INSTALL) -m 755 $$x $(INSTALLROOT)$(LIBDIR) ; \
- done
-
-.PHONY: all clean install
-
-include $(TOPDIR)/Make.rules
+.SECONDARY : $(foreach x,$(LIBTARGETS),$(x).$(VERSION) $(x).$(MAJOR_VERSION))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/libdpe/pe_updatefile.c
new/pesign-0.111/libdpe/pe_updatefile.c
--- old/pesign-0.110/libdpe/pe_updatefile.c 2014-10-24 21:51:06.000000000
+0200
+++ new/pesign-0.111/libdpe/pe_updatefile.c 2015-10-28 19:25:51.000000000
+0100
@@ -137,7 +137,7 @@
size_t dd_size = sizeof (*dd) / sizeof (dd->exports);
data_dirent *dde = &dd->exports;
- for (int i = 0; i < dd_size; i++, dde++) {
+ for (unsigned int i = 0; i < dd_size; i++, dde++) {
if (dde->size != 0) {
char *addr = compute_mem_addr(pe, dde->virtual_address);
msync(addr, dde->size, MS_SYNC);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/.gitignore
new/pesign-0.111/src/.gitignore
--- old/pesign-0.110/src/.gitignore 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/.gitignore 2015-10-28 19:25:51.000000000 +0100
@@ -3,14 +3,13 @@
*.so
*.a
*.efi
-.*.P
pesign
authvar
-*.sw?
-core.*
ms
client
efikeygen
efisiglist
pesigcheck
peverify
+pesign.service
+pesign.sysvinit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/Makefile
new/pesign-0.111/src/Makefile
--- old/pesign-0.110/src/Makefile 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/Makefile 2015-10-28 19:25:51.000000000 +0100
@@ -1,95 +1,94 @@
-SRCDIR = .
-TOPDIR = $(SRCDIR)/..
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ..)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
include $(TOPDIR)/Make.defaults
-PKLIBS = nss
-LIBS = popt uuid efivar
-STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
-LDFLAGS =
-CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config
--libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
-BUILDFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config
--cflags $(pklib))) -Werror -fPIE
-
-TARGETS = pesign authvar client efisiglist efikeygen pesigcheck
-
-all : $(TARGETS)
-
-generic_SOURCES = cms_common.c wincert.c password.c ucs2.c oid.c signed_data.c
signer_info.c content_info.c
-generic_OBJECTS = $(foreach source,$(generic_SOURCES),$(patsubst
%.c,%,$(source)).o)
-generic_DEPS = $(foreach source,$(generic_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-generic.a : $(generic_OBJECTS)
-
-authvar_SOURCES = authvar.c authvar_context.c
-authvar_OBJECTS = $(foreach source,$(authvar_SOURCES),$(patsubst
%.c,%,$(source)).o) generic.a
-authvar_DEPS = $(foreach source,$(authvar_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-authvar : $(authvar_OBJECTS) $(STATIC_LIBS)
-
-pesign_SOURCES = pesign.c pesign_context.c actions.c daemon.c
-pesign_OBJECTS = $(foreach source,$(pesign_SOURCES),$(patsubst
%.c,%,$(source)).o) generic.a
-pesign_DEPS = $(foreach source,$(pesign_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-pesign : $(pesign_OBJECTS) $(STATIC_LIBS)
-
-pesigcheck_SOURCES = pesigcheck.c pesigcheck_context.c certdb.c
-pesigcheck_OBJECTS = $(foreach source,$(pesigcheck_SOURCES),$(patsubst
%.c,%,$(source)).o) generic.a
-pesigcheck_DEPS = $(foreach source,$(pesigcheck_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-pesigcheck : $(pesigcheck_OBJECTS) $(STATIC_LIBS)
-
-client_SOURCES = pesign_context.c actions.c client.c
-client_OBJECTS = $(foreach source,$(client_SOURCES),$(patsubst
%.c,%,$(source)).o) generic.a
-client_DEPS = $(foreach source,$(client_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-client : $(client_OBJECTS) $(STATIC_LIBS)
-
-efisiglist_SOURCES = efisiglist.c siglist.c
-efisiglist_OBJECTS = $(foreach source,$(efisiglist_SOURCES),$(patsubst
%.c,%,$(source)).o)
-efisiglist_DEPS = $(foreach source,$(efisiglist_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-efisiglist : $(efisiglist_OBJECTS)
-
-efikeygen_SOURCES = efikeygen.c
-efikeygen_OBJECTS = $(foreach source,$(efikeygen_SOURCES),$(patsubst
%.c,%,$(source)).o) generic.a
-efikeygen_DEPS = $(foreach source,$(efikeygen_SOURCES),.$(patsubst
%.c,%,$(source)).P)
-efikeygen : $(efikeygen_OBJECTS) $(STATIC_LIBS)
-
-DEPS = $(generic_DEPS) $(authvar_DEPS) $(pesign_DEPS) $(client_DEPS) \
- $(pesigcheck_DEPS) $(efisiglist_DEPS) $(efikeygen_DEPS)
-
-deps : $(DEPS)
-
-depclean :
- @rm -fv .*.P
+BINTARGETS=authvar client efikeygen efisiglist pesigcheck pesign
+SVCTARGETS=pesign.sysvinit pesign.service
+TARGETS=$(BINTARGETS) $(SVCTARGETS)
+
+all : deps $(TARGETS)
+
+COMMON_SOURCES = cms_common.c content_info.c oid.c password.c \
+ signed_data.c signer_info.c wincert.c ucs2.c
+AUTHVAR_SOURCES = authvar.c authvar_context.c
+CLIENT_SOURCES = pesign_context.c actions.c client.c
+EFIKEYGEN_SOURCES = efikeygen.c
+EFISIGLIST_SOURCES = efisiglist.c siglist.c
+PESIGCHECK_SOURCES = pesigcheck.c pesigcheck_context.c certdb.c
+PESIGN_SOURCES = pesign.c pesign_context.c actions.c daemon.c
+
+ALL_SOURCES=$(COMMON_SOURCES) $(AUTHVAR_SORUCES) $(CLIENT_SOURCES) \
+ $(EFIKEYGEN_SOURCES) $(EFISIGLIST_SOURCES) $(PESIGCHECK_SOURCES) \
+ $(PESIGN_SOURCES)
+-include $(call deps-of,$(ALL_SOURCES))
+
+authvar : $(call objects-of,$(AUTHVAR_SOURCES) $(COMMON_SOURCES)) \
+ $(TOPDIR)/libdpe/libdpe.a
+authvar : PKGS=efivar nss nspr popt
+
+client : $(call objects-of,$(CLIENT_SOURCES) $(COMMON_SOURCES))
+client : PKGS=efivar nss nspr popt
+
+efikeygen : $(call objects-of,$(EFIKEYGEN_SOURCES) $(COMMON_SOURCES))
+efikeygen : PKGS=nss nspr popt uuid
+
+efisiglist : $(call objects-of,$(EFISIGLIST_SOURCES) $(COMMON_SOURCES))
+efisiglist : PKGS=efivar nss nspr popt
+
+pesigcheck : $(call objects-of,$(PESIGCHECK_SOURCES) $(COMMON_SOURCES)) \
+ $(TOPDIR)/libdpe/libdpe.a
+pesigcheck : PKGS=efivar nss nspr popt
+
+pesign : $(call objects-of,$(PESIGN_SOURCES) $(COMMON_SOURCES)) \
+ $(TOPDIR)/libdpe/libdpe.a
+pesign : PKGS=efivar nss nspr popt
--include $(DEPS)
+deps : $(ALL_SOURCES)
+ $(MAKE) -f $(TOPDIR)/Make.deps deps SOURCES="$(ALL_SOURCES)"
-clean : depclean
+clean :
@rm -rfv *.o *.a *.so $(TARGETS)
+ @rm -rfv .*.d
-install_systemd:
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/
- $(INSTALL) -m 644 tmpfiles.conf
$(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/
- $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/
+install_systemd: pesign.service
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(libdatadir)tmpfiles.d/
+ $(INSTALL) -m 644 tmpfiles.conf
$(INSTALLROOT)$(libdatadir)tmpfiles.d/pesign.conf
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(libdatadir)systemd/system/
+ $(INSTALL) -m 644 pesign.service
$(INSTALLROOT)$(libdatadir)systemd/system/
-install_sysvinit:
+install_sysvinit: pesign.sysvinit
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/
$(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
$(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
- $(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
- $(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
- $(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(PREFIX)/bin/
- #$(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(PREFIX)/bin/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 client $(INSTALLROOT)$(bindir)pesign-client
+ $(INSTALL) -m 755 efikeygen $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 efisiglist $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 pesigcheck $(INSTALLROOT)$(bindir)
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/popt.d/
$(INSTALL) -m 644 pesign.popt $(INSTALLROOT)/etc/popt.d/
- $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/share/man/man1/
- $(INSTALL) -m 644 pesign.1 $(INSTALLROOT)/usr/share/man/man1/
- $(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)/usr/share/man/man1/
- $(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)/usr/share/man/man1/
- #$(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)/usr/share/man/man1/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 pesign.1 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 pesign-client.1 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 efikeygen.1 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 pesigcheck.1 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 authvar.1 $(INSTALLROOT)$(mandir)man1/
+ $(INSTALL) -m 644 efisiglist.1 $(INSTALLROOT)$(mandir)man1/
$(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rpm/
$(INSTALL) -m 644 macros.pesign $(INSTALLROOT)/etc/rpm/
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(libexecdir)/pesign/
+ $(INSTALL) -m 750 pesign-authorize-users
$(INSTALLROOT)$(libexecdir)/pesign/
+ $(INSTALL) -m 750 pesign-authorize-groups
$(INSTALLROOT)$(libexecdir)/pesign/
+ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pesign
+ $(INSTALL) -m 600 /dev/null $(INSTALLROOT)/etc/pesign/users
+ $(INSTALL) -m 600 /dev/null $(INSTALLROOT)/etc/pesign/groups
-.PHONY: all deps clean depclean install
-
-include $(TOPDIR)/Make.rules
+.PHONY: all deps clean install
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/actions.c
new/pesign-0.111/src/actions.c
--- old/pesign-0.110/src/actions.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/actions.c 2015-10-28 19:25:51.000000000 +0100
@@ -211,7 +211,7 @@
SECItem derPublicKey = ctx->cert->derPublicKey;
rc = write(p_ctx->outkeyfd, derPublicKey.data, derPublicKey.len);
close(p_ctx->outkeyfd);
- if (rc == derPublicKey.len)
+ if (rc >= 0 && (unsigned long)rc == derPublicKey.len)
exit(0);
exit(1);
}
@@ -225,15 +225,15 @@
SECItem derCert = ctx->cert->derCert;
rc = write(p_ctx->outcertfd, derCert.data, derCert.len);
close(p_ctx->outcertfd);
- if (rc == derCert.len)
+ if (rc >= 0 && (unsigned long)rc == derCert.len)
exit(0);
exit(1);
}
-off_t
+ssize_t
export_signature(cms_context *cms, int fd, int ascii_armor)
{
- off_t ret = 0;
+ ssize_t ret = 0;
int rc = 0;
SECItem *sig = &cms->newsig;
@@ -416,10 +416,9 @@
ssize_t available = available_cert_space(ctx->outpe);
ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
- if (available == target)
- return;
+ target += ALIGNMENT_PADDING(target, 8);
- if (target + 8 > available)
+ if (available >= target)
return;
fprintf(stderr, "Could not add new signature: insufficient space.\n");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/actions.h
new/pesign-0.111/src/actions.h
--- old/pesign-0.110/src/actions.h 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/actions.h 2015-10-28 19:25:51.000000000 +0100
@@ -27,7 +27,7 @@
extern int list_signatures(pesign_context *ctx);
extern void check_signature_space(pesign_context *ctx);
extern void allocate_signature_space(Pe *pe, ssize_t sigspace);
-extern off_t export_signature(cms_context *cms, int fd, int ascii_armor);
+extern ssize_t export_signature(cms_context *cms, int fd, int ascii_armor);
extern void import_raw_signature(pesign_context *pctx);
extern void remove_signature(pesign_context *ctx);
extern void export_pubkey(pesign_context *ctx);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/authvar.1
new/pesign-0.111/src/authvar.1
--- old/pesign-0.110/src/authvar.1 1970-01-01 01:00:00.000000000 +0100
+++ new/pesign-0.111/src/authvar.1 2015-10-28 19:25:51.000000000 +0100
@@ -0,0 +1,81 @@
+.TH AUTHVAR "1" "June 2015"
+.SH NAME
+authvar \- handles authenticated variables for pesign
+
+.SH SYNOPSIS
+\fBauthvar\fR [\-?] [\-a|\-\-append] [\-d|\-\-certdir=<certificate directory
path>]
+ [\-c|\-\-clear] [\-s|\-\-set] [\-N|\-\-namespace={<namespace>|<guid>}]
+ [\-n|\-\-name=<name>] [\-t|\-\-timestamp=<time>]
[\-v|\-\-value=<value>]
+ [\-f|\-\-valuefile=<file>] [\-i|\-\-import=<file>]
[\-e|\-\-export=<file>]
+ [\-S|\-\-sign=<nickname>] [\-?|\-\-help] [\-\-usage]
+
+.SH DESCRIPTION
+\fBauthvar\fR is a command line utility for handling authenticated UEFI
variables.
+
+.SH OPTIONS
+.TP
+\fB\-a\fR, \fB\-\-append\fR
+append to variable
+
+.TP
+\fB\-d\fR, \fB\-\-certdir=\fR<certificate directory path>
+specify nss certificate
+database directory (default:
+"/etc/pki/pesign")
+
+.TP
+\fB\-c\fR, \fB\-\-clear\fR
+clear variable
+
+.TP
+\fB\-s\fR, \fB\-\-set\fR
+set variable
+
+.TP
+\fB\-N\fR, \fB\-\-namespace=\fR{<namespace>|<guid>}
+specified variable is in
+<namespace> or <guid>
+(default: "global")
+
+.TP
+\fB\-n\fR, \fB\-\-name=\fR<name>
+variable name
+
+.TP
+\fB\-t\fR, \fB\-\-timestamp=\fR<time>
+timestamp for the variable
+
+.TP
+\fB\-v\fR, \fB\-\-value=\fR<value>
+value to set or append
+
+.TP
+\fB\-f\fR, \fB\-\-valuefile=\fR<file>
+read value from <file>
+
+.TP
+\fB\-i\fR, \fB\-\-import=\fR<file>
+import variable from <file>
+
+.TP
+\fB\-e\fR, \fB\-\-export=\fR<file>
+export variable to <file>
+instead of firmware
+
+.TP
+\fB\-S\fR, \fB\-\-sign=\fR<nickname>
+sign variable with
+certificate <nickname>
+
+.SS "Help options:"
+
+.TP
+\-?, \fB\-\-help\fR
+Show this help message
+
+.TP
+\fB\-\-usage\fR
+Display brief usage message
+
+.SH "SEE ALSO"
+.BR pesign (1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/authvar.c
new/pesign-0.111/src/authvar.c
--- old/pesign-0.110/src/authvar.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/authvar.c 2015-10-28 19:25:51.000000000 +0100
@@ -136,11 +136,20 @@
static void
generate_efivars_filename(authvar_context *ctx)
{
- int rc = efi_guid_to_str(&ctx->guid, &ctx->exportfile);
+ char *guid = NULL;
+ int rc = efi_guid_to_str(&ctx->guid, &guid);
if (rc < 0) {
fprintf(stderr, "authvar: Couldn't convert guid to string:
%m\n");
exit(1);
}
+ char *filename = NULL;
+ rc = asprintf(&filename, "/sys/firmware/efi/efivars/%s-%s", ctx->name,
guid);
+ if (rc < 0) {
+ fprintf(stderr, "authvar: can't make string: %m\n");
+ exit(1);
+ }
+ free(guid);
+ ctx->exportfile = filename;
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/certdb.c
new/pesign-0.111/src/certdb.c
--- old/pesign-0.110/src/certdb.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/certdb.c 2015-10-28 19:25:51.000000000 +0100
@@ -195,8 +195,8 @@
cert = (EFI_SIGNATURE_DATA *)((uint8_t *)certlist +
sizeof(EFI_SIGNATURE_LIST) +
certlist->SignatureHeaderSize);
-
- for (int i = 0; i < certcount; i++) {
+
+ for (unsigned int i = 0; i < certcount; i++) {
sig.data = cert->SignatureData;
sig.len = certlist->SignatureSize -
sizeof(efi_guid_t);
found = check(ctx, &sig,
&certlist->SignatureType,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/cms_common.c
new/pesign-0.111/src/cms_common.c
--- old/pesign-0.110/src/cms_common.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/cms_common.c 2015-10-28 19:25:51.000000000 +0100
@@ -45,7 +45,7 @@
SECOidTag digest_tag;
SECOidTag signature_tag;
SECOidTag digest_encryption_tag;
- efi_guid_t *efi_guid;
+ const efi_guid_t *efi_guid;
int size;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/content_info.c
new/pesign-0.111/src/content_info.c
--- old/pesign-0.110/src/content_info.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/content_info.c 2015-10-28 19:25:51.000000000 +0100
@@ -338,7 +338,7 @@
goto err;
}
- if (cms->ci_digest->len > digest_get_digest_size(cms))
+ if ((long long)cms->ci_digest->len > digest_get_digest_size(cms))
goto err;
PK11_DestroyContext(ctx, PR_TRUE);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/daemon.c
new/pesign-0.111/src/daemon.c
--- old/pesign-0.110/src/daemon.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/daemon.c 2015-10-28 19:25:51.000000000 +0100
@@ -184,7 +184,7 @@
n = recvmsg(pollfd->fd, &msg, MSG_WAITALL);
pesignd_string *tn = (pesignd_string *)buffer;
- if (n < sizeof(tn->size)) {
+ if (n < (long long)sizeof(tn->size)) {
malformed:
ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
"unlock-token: invalid data");
@@ -202,7 +202,7 @@
goto malformed;
pesignd_string *tp = pesignd_string_next(tn);
- if (n < sizeof(tp->size))
+ if (n < (long long)sizeof(tp->size))
goto malformed;
n -= sizeof(tp->size);
if (n < tp->size)
@@ -288,7 +288,7 @@
n = recvmsg(pollfd->fd, &msg, MSG_WAITALL);
pesignd_string *tn = (pesignd_string *)buffer;
- if (n < sizeof(tn->size)) {
+ if (n < (long long)sizeof(tn->size)) {
malformed:
ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
"unlock-token: invalid data");
@@ -476,7 +476,7 @@
n = recvmsg(pollfd->fd, &msg, MSG_WAITALL);
pesignd_string *tn = (pesignd_string *)buffer;
- if (n < sizeof(tn->size)) {
+ if (n < (long long)sizeof(tn->size)) {
malformed:
ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
"handle_signing: invalid data");
@@ -497,7 +497,7 @@
if (!ctx->cms->tokenname)
goto oom;
- if (n < sizeof(tn->size))
+ if (n < (long long)sizeof(tn->size))
goto malformed;
pesignd_string *cn = pesignd_string_next(tn);
n -= sizeof(cn->size);
@@ -690,7 +690,7 @@
int32_t version = -1;
uint32_t command;
- if (n < sizeof(command)) {
+ if (n < (long long)sizeof(command)) {
ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
"unlock-token: invalid data");
ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
@@ -760,7 +760,7 @@
if (n == 0)
return n;
- if (n < sizeof (pm)) {
+ if (n < (long long)sizeof (pm)) {
ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR,
"got message with invalid size %zu", n);
ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/efikeygen.1
new/pesign-0.111/src/efikeygen.1
--- old/pesign-0.110/src/efikeygen.1 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/efikeygen.1 2015-10-28 19:25:51.000000000 +0100
@@ -3,12 +3,12 @@
efikeygen \- command line tool for generating keys to use for PE image signing
.SH SYNOPSIS
-\fBefikeygen\fR <[--ca | -C] [--self-sign | -S] | [--signer=\fInickname\fR]>
- [--token=\fItoken\fR | -t \fItoken\fR]
- [--nickname=\fInickname\fR | -n \fInickname\fR]
- [--common-name=\fIcommon name\fR | -c \fIcommon name\fR]
- [--url=\fIurl\fR | -u \fIurl\fR]
- [--serial=\fIserial\fR | -s \fIserial\fR]
+\fBefikeygen\fR <[\-\-ca | \-C] [\-\-self\-sign | \-S] |
[\-\-signer=\fInickname\fR]>
+ [\-\-token=\fItoken\fR | \-t \fItoken\fR]
+ [\-\-nickname=\fInickname\fR | \-n \fInickname\fR]
+ [\-\-common\-name=\fIcommon name\fR | \-c \fIcommon name\fR]
+ [\-\-url=\fIurl\fR | \-u \fIurl\fR]
+ [\-\-serial=\fIserial\fR | \-s \fIserial\fR]
.SH DESCRIPTION
\fBefikeygen\fR is a command line tool for generating keys and certificates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/efisiglist.1
new/pesign-0.111/src/efisiglist.1
--- old/pesign-0.110/src/efisiglist.1 1970-01-01 01:00:00.000000000 +0100
+++ new/pesign-0.111/src/efisiglist.1 2015-10-28 19:25:51.000000000 +0100
@@ -0,0 +1,50 @@
+.TH EFISIGLIST "1" "June 2015"
+.SH NAME
+efisiglist \- utility for managing UEFI signature lists
+
+.SH SYNOPSIS
+\fBefisiglist\fR [\-?] [\-o|\-\-outfile=<outfile>] [\-a|\-\-add]
[\-r|\-\-remove]
+ [\-h|\-\-hash=<hash>] [\-t|\-\-hash\-type=<hash\-type>]
+ [\-c|\-\-certificate=<certfile>] [\-?|\-\-help] [\-\-usage]
+
+.SH DESCRIPTION
+\fBefisiglist\fR is a command line utility for management of UEFI signature
lists
+in detached files. That is, it's for command line generation and management of
files in
+the format of KEK, DB, and DBX.
+
+.SH OPTIONS
+.TP
+\fB\-o\fR, \fB\-\-outfile=\fR<outfile>
+output filename
+
+.TP
+\fB\-a\fR, \fB\-\-add\fR
+add hash or certificate to list
+
+.TP
+\fB\-r\fR, \fB\-\-remove\fR
+remove hash or certificate from list
+
+.TP
+\fB\-h\fR, \fB\-\-hash=\fR<hash>
+hash value to add
+
+.TP
+\fB\-t\fR, \fB\-\-hash\-type=\fR<hash\-type>
+hash type to add (default: "sha256")
+
+.TP
+\fB\-c\fR, \fB\-\-certificate=\fR<certfile>
+certificate to add
+.PP
+Options implemented via popt alias/exec:
+.SS "Help options:"
+.TP
+\-?, \fB\-\-help\fR
+Show this help message
+.TP
+\fB\-\-usage\fR
+Display brief usage message
+
+.SH "SEE ALSO"
+.BR pesign (1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/efisiglist.c
new/pesign-0.111/src/efisiglist.c
--- old/pesign-0.110/src/efisiglist.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/efisiglist.c 2015-10-28 19:25:51.000000000 +0100
@@ -32,7 +32,7 @@
struct hash_param {
char *name;
- efi_guid_t *guid;
+ const efi_guid_t *guid;
int size;
};
@@ -86,7 +86,7 @@
if (!ret)
return NULL;
- for (int i = 0, j = 0; i < size*2; i+= 2, j++) {
+ for (unsigned int i = 0, j = 0; i < size*2; i+= 2, j++) {
uint8_t val;
val = hexchar_to_bin(hex[i]);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesigcheck.1
new/pesign-0.111/src/pesigcheck.1
--- old/pesign-0.110/src/pesigcheck.1 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/pesigcheck.1 2015-10-28 19:25:51.000000000 +0100
@@ -3,9 +3,9 @@
pesign \- command line tool for verifying UEFI applications
.SH SYNOPSIS
-\fBpesign\fR [--in=\fIinfile\fR | -i \fIinfile\fR] [--quiet | -q ]
- [--db=\fIdbfile\fR | -D \fIdbfile\fR ]
- [--dbx=\fIdbxfile\fR | -X \fIdbxfile\fR ]
+\fBpesign\fR [\-\-in=\fIinfile\fR | \-i \fIinfile\fR] [\-\-quiet | \-q ]
+ [\-\-db=\fIdbfile\fR | \-D \fIdbfile\fR ]
+ [\-\-dbx=\fIdbxfile\fR | \-X \fIdbxfile\fR ]
.SH DESCRIPTION
\fBpesigcheck\fR is a command line tool for verifying the signature of UEFI
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign-authorize-groups
new/pesign-0.111/src/pesign-authorize-groups
--- old/pesign-0.110/src/pesign-authorize-groups 1970-01-01
01:00:00.000000000 +0100
+++ new/pesign-0.111/src/pesign-authorize-groups 2015-10-28
19:25:51.000000000 +0100
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+#
+# With /run/pesign/socket on tmpfs, a simple way of restoring the
+# acls for specific groups is useful
+#
+# Compare to:
http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
+#
+
+# License: GPLv2
+
+if [[ -r /etc/pesign/groups ]]; then
+ for group in $(cat /etc/pesign/groups); do
+ setfacl -m g:${group}:rx /var/run/pesign
+ setfacl -m g:${group}:rw /var/run/pesign/socket
+ done
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign-authorize-users
new/pesign-0.111/src/pesign-authorize-users
--- old/pesign-0.110/src/pesign-authorize-users 1970-01-01 01:00:00.000000000
+0100
+++ new/pesign-0.111/src/pesign-authorize-users 2015-10-28 19:25:51.000000000
+0100
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+#
+# With /run/pesign/socket on tmpfs, a simple way of restoring the
+# acls for specific users is useful
+#
+# Compare to:
http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
+#
+
+# License: GPLv2
+
+if [[ -r /etc/pesign/users ]]; then
+ for username in $(cat /etc/pesign/users); do
+ setfacl -m u:${username}:rx /var/run/pesign
+ setfacl -m u:${username}:rw /var/run/pesign/socket
+ done
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign-client.1
new/pesign-0.111/src/pesign-client.1
--- old/pesign-0.110/src/pesign-client.1 2014-10-24 21:51:06.000000000
+0200
+++ new/pesign-0.111/src/pesign-client.1 2015-10-28 19:25:51.000000000
+0100
@@ -3,14 +3,14 @@
pesign-client \- command line tool for signing UEFI applications
.SH SYNOPSIS
-\fBpesign\fR [--in=\fIinfile\fR | -i \fIinfile\fR]
- [--out=\fIoutfile\fR | -o \fIoutfile\fR]
- [--export=\fIexportfile\fR | -e \fIexportfile\fR]
- [--token=\fItoken\fR | -t \fItoken\fR]
- [--certificate=\fInickname\fR | -c \fInickname\fR]
- [--unlock | -u] [--kill | -k] [--sign | -s] [ --is-unlocked | -q ]
- [--pinfd=\fIpinfd\fR | -f \fIpinfd\fR]
- [--pinfile=\fIpinfile\fR | -F \fIpinfile\fR]
+\fBpesign\fR [\-\-in=\fIinfile\fR | \-i \fIinfile\fR]
+ [\-\-out=\fIoutfile\fR | \-o \fIoutfile\fR]
+ [\-\-export=\fIexportfile\fR | \-e \fIexportfile\fR]
+ [\-\-token=\fItoken\fR | \-t \fItoken\fR]
+ [\-\-certificate=\fInickname\fR | \-c \fInickname\fR]
+ [\-\-unlock | \-u] [\-\-kill | \-k] [\-\-sign | \-s] [ \-\-is\-unlocked
| \-q ]
+ [\-\-pinfd=\fIpinfd\fR | \-f \fIpinfd\fR]
+ [\-\-pinfile=\fIpinfile\fR | \-F \fIpinfile\fR]
.SH DESCRIPTION
\fBpesign\fR is a command line tool for manipulating signatures and
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.1
new/pesign-0.111/src/pesign.1
--- old/pesign-0.110/src/pesign.1 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/pesign.1 2015-10-28 19:25:51.000000000 +0100
@@ -3,18 +3,18 @@
pesign \- command line tool for signing UEFI applications
.SH SYNOPSIS
-\fBpesign\fR [--in=\fIinfile\fR | -i \fIinfile\fR]
- [--out=\fIoutfile\fR | -o \fIoutfile\fR]
- [--certdir=\fIcertdir/fR | -n \fIcertdir\fR]
- [--nss-token=\fItoken\fR | -t \fItoken\fR]
- [--certificate=\fInickname\fR | -c \fInickname\fR]
- [--force | -f] [--sign | -s] [--hash | -h]
- [--digest_type=\fIdigest\fR | -d \fIdigest\fR]
- [--show-signature | -S ] [--remove-signature | -r ]
- [--export-pubkey=\fIoutkey\fR | -K \fIoutkey\fR]
- [--export-cert=\fIoutcert\fR | -C \fIoutcert\fR]
- [--ascii-armor | -a] [--daemonize | -D] [--nofork | -N]
- [--signature-number=\fIsignum\fR | -u \fIsignum\fR]
+\fBpesign\fR [\-\-in=\fIinfile\fR | \-i \fIinfile\fR]
+ [\-\-out=\fIoutfile\fR | \-o \fIoutfile\fR]
+ [\-\-certdir=\fIcertdir/fR | \-n \fIcertdir\fR]
+ [\-\-nss\-token=\fItoken\fR | \-t \fItoken\fR]
+ [\-\-certificate=\fInickname\fR | \-c \fInickname\fR]
+ [\-\-force | \-f] [\-\-sign | \-s] [\-\-hash | \-h]
+ [\-\-digest_type=\fIdigest\fR | \-d \fIdigest\fR]
+ [\-\-show\-signature | \-S ] [\-\-remove\-signature | \-r ]
+ [\-\-export\-pubkey=\fIoutkey\fR | \-K \fIoutkey\fR]
+ [\-\-export\-cert=\fIoutcert\fR | \-C \fIoutcert\fR]
+ [\-\-ascii\-armor | \-a] [\-\-daemonize | \-D] [\-\-nofork | \-N]
+ [\-\-signature\-number=\fIsignum\fR | \-u \fIsignum\fR]
.SH DESCRIPTION
\fBpesign\fR is a command line tool for manipulating signatures and
@@ -57,7 +57,7 @@
.TP
\fB-\-digest_type\fR=\fIdigest\fR
Use the specified digest in hashing and signing operations. By default,
-this value is "sha256". Use "--digest_type=help" to list the available
+this value is "sha256". Use "\-\-digest_type=help" to list the available
digests.
.TP
@@ -74,11 +74,11 @@
.TP
\fB-\-export-pubkey\fR=\fIoutkey\fR
-Export the public key specified by --certificate to \fIoutkey\fR
+Export the public key specified by \-\-certificate to \fIoutkey\fR
.TP
\fB-\-export-cert\fR=\fIoutcert\fR
-Export the certificate specified by --certificate to \fIoutcert\fR
+Export the certificate specified by \-\-certificate to \fIoutcert\fR
.TP
\fB-\-ascii\fR
@@ -103,30 +103,30 @@
# certificate file.
.RE
.RS 4
-host:~$ openssl pkcs12 -export -out foo_key.p12 \\
+host:~$ openssl pkcs12 \-export \-out foo_key.p12 \\
.RE
.RS 20
--inkey signing_key.pem \\
+\-inkey signing_key.pem \\
.RE
.RS 20
--in xyz_cert.x509.pem
+\-in xyz_cert.x509.pem
.LP
.RE
.RS 4
# Import pkcs12 file into pesign db
.RE
.RS 4
-host:~$ pk12util -i foo_key.p12 -d /etc/pki/pesign
+host:~$ pk12util \-i foo_key.p12 \-d /etc/pki/pesign
.LP
.RE
.RS 4
# Do the signing
.RE
.RS 4
-host:~$ pesign -i <input-file> -o <output-file> \\
+host:~$ pesign \-i <input\-file> \-o <output\-file> \\
.RE
.RS 19
--c <cert nickname> -s
+\-c <cert nickname> \-s
.RE
.LP
Please note that this is just an example, and that recommended best practice
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.c
new/pesign-0.111/src/pesign.c
--- old/pesign-0.110/src/pesign.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/pesign.c 2015-10-28 19:25:51.000000000 +0100
@@ -387,7 +387,7 @@
printf("hash: ");
int j = ctx->selected_digest;
- for (int i = 0; i < ctx->digests[j].pe_digest->len; i++)
+ for (unsigned int i = 0; i < ctx->digests[j].pe_digest->len; i++)
printf("%02x",
(unsigned char)ctx->digests[j].pe_digest->data[i]);
printf("\n");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.service
new/pesign-0.111/src/pesign.service
--- old/pesign-0.110/src/pesign.service 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/pesign.service 1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-[Unit]
-Description=Pesign signing daemon
-
-[Service]
-PrivateTmp=true
-Type=forking
-PIDFile=/var/run/pesign.pid
-ExecStart=/usr/bin/pesign --daemonize
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.service.in
new/pesign-0.111/src/pesign.service.in
--- old/pesign-0.110/src/pesign.service.in 1970-01-01 01:00:00.000000000
+0100
+++ new/pesign-0.111/src/pesign.service.in 2015-10-28 19:25:51.000000000
+0100
@@ -0,0 +1,10 @@
+[Unit]
+Description=Pesign signing daemon
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/pesign.pid
+ExecStart=/usr/bin/pesign --daemonize
+ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
+ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.sysvinit
new/pesign-0.111/src/pesign.sysvinit
--- old/pesign-0.110/src/pesign.sysvinit 2014-10-24 21:51:06.000000000
+0200
+++ new/pesign-0.111/src/pesign.sysvinit 1970-01-01 01:00:00.000000000
+0100
@@ -1,86 +0,0 @@
-#! /bin/sh
-#
-# pesign This starts the pesign PE signing daemon
-#
-# chkconfig: - 50 50
-# processname: /usr/bin/pesign
-# pidfile: /var/run/pesign.pid
-### BEGIN INIT INFO
-# Provides: pesign
-# Default-Start:
-# Default-Stop:
-# Short-Description: The pesign PE signing daemon
-# Description: The pesign PE signing daemon
-### END INIT INFO
-
-. /etc/init.d/functions
-[ -f /usr/bin/pesign ] || exit 1
-
-RETVAL=0
-
-start(){
- echo -n "Starting pesign: "
- daemon /usr/bin/pesign --daemonize
- RETVAL=$?
- echo
- touch /var/lock/subsys/pesign
- setfacl -m u:kojibuilder:x /var/run/pesign
- setfacl -m u:kojibuilder:rw /var/run/pesign/socket
- setfacl -m g:kojibuilder:x /var/run/pesign
- setfacl -m g:kojibuilder:rw /var/run/pesign/socket
-}
-
-stop(){
- echo -n "Stopping pesign: "
- killproc -p /var/run/pesign.pid pesignd
- RETVAL=$?
- echo
- rm -f /var/lock/subsys/pesign
-}
-
-restart(){
- stop
- start
-}
-
-reload(){
- stop
- start
-}
-
-condrestart(){
- [ -e /var/lock/subsys/pesign ] && restart
-}
-
-# See how we were called.
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- status)
- status /usr/bin/pesign
- ;;
- restart)
- restart
- ;;
- reload)
- reload
- ;;
- force-reload)
- reload
- ;;
- condrestart)
- condrestart
- ;;
- try-restart)
- condrestart
- ;;
- *)
- echo "Usage: pesign {start|stop|status|restart|condrestart|reload}"
- RETVAL=1
-esac
-
-exit $RETVAL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/pesign.sysvinit.in
new/pesign-0.111/src/pesign.sysvinit.in
--- old/pesign-0.110/src/pesign.sysvinit.in 1970-01-01 01:00:00.000000000
+0100
+++ new/pesign-0.111/src/pesign.sysvinit.in 2015-10-28 19:25:51.000000000
+0100
@@ -0,0 +1,84 @@
+#! /bin/sh
+#
+# pesign This starts the pesign PE signing daemon
+#
+# chkconfig: - 50 50
+# processname: /usr/bin/pesign
+# pidfile: /var/run/pesign.pid
+### BEGIN INIT INFO
+# Provides: pesign
+# Default-Start:
+# Default-Stop:
+# Short-Description: The pesign PE signing daemon
+# Description: The pesign PE signing daemon
+### END INIT INFO
+
+. /etc/init.d/functions
+[ -f /usr/bin/pesign ] || exit 1
+
+RETVAL=0
+
+start(){
+ echo -n "Starting pesign: "
+ daemon /usr/bin/pesign --daemonize
+ RETVAL=$?
+ echo
+ touch /var/lock/subsys/pesign
+ @@LIBEXECDIR@@/pesign/pesign-authorize-users
+ @@LIBEXECDIR@@/pesign/pesign-authorize-groups
+}
+
+stop(){
+ echo -n "Stopping pesign: "
+ killproc -p /var/run/pesign.pid pesignd
+ RETVAL=$?
+ echo
+ rm -f /var/lock/subsys/pesign
+}
+
+restart(){
+ stop
+ start
+}
+
+reload(){
+ stop
+ start
+}
+
+condrestart(){
+ [ -e /var/lock/subsys/pesign ] && restart
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status /usr/bin/pesign
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ reload
+ ;;
+ force-reload)
+ reload
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ try-restart)
+ condrestart
+ ;;
+ *)
+ echo "Usage: pesign {start|stop|status|restart|condrestart|reload}"
+ RETVAL=1
+esac
+
+exit $RETVAL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/siglist.c
new/pesign-0.111/src/siglist.c
--- old/pesign-0.110/src/siglist.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/siglist.c 2015-10-28 19:25:51.000000000 +0100
@@ -51,7 +51,7 @@
};
struct signature_list {
- efi_guid_t *SignatureType;
+ const efi_guid_t *SignatureType;
uint32_t SignatureListSize;
uint32_t SignatureHeaderSize;
uint32_t SignatureSize;
@@ -60,7 +60,7 @@
};
struct sig_type {
- efi_guid_t *type;
+ const efi_guid_t *type;
uint32_t size;
};
@@ -78,7 +78,7 @@
static int num_sig_types = sizeof (sig_types) / sizeof (struct sig_type);
static int32_t
-get_sig_type_size(efi_guid_t *sig_type)
+get_sig_type_size(const efi_guid_t *sig_type)
{
for (int i = 0; i < num_sig_types; i++) {
if (!memcmp(sig_type, sig_types[i].type, sizeof (*sig_type)))
@@ -88,7 +88,7 @@
}
signature_list *
-signature_list_new(efi_guid_t *SignatureType)
+signature_list_new(const efi_guid_t *SignatureType)
{
int32_t size = get_sig_type_size(SignatureType);
if (size < 0)
@@ -137,14 +137,21 @@
sl->realized = NULL;
}
- efi_guid_t x509_guid = efi_guid_x509_cert;
-
- if (memcmp(&sl->SignatureType, &x509_guid, sizeof (efi_guid_t)) == 0) {
+ if (!efi_guid_cmp(sl->SignatureType, &efi_guid_x509_cert)) {
if (sigsize > sl->SignatureSize)
resize_entries(sl, sigsize + sizeof (efi_guid_t));
- } else if (sigsize != get_sig_type_size(sl->SignatureType)) {
- fprintf(stderr, "sigsize: %d sl->SignatureSize: %d\n",
- sigsize, sl->SignatureSize);
+ } else if (sigsize !=
+ (unsigned long long)get_sig_type_size(sl->SignatureType)) {
+ char *guidname = NULL;
+ int rc = efi_guid_to_id_guid(sl->SignatureType, &guidname);
+ if (rc < 0) {
+ fprintf(stderr, "Could not get ID guid, uhoh: %m\n");
+ } else {
+ fprintf(stderr, "sl->SignatureType: %s\n", guidname);
+ free(guidname);
+ }
+ fprintf(stderr, "sigsize: %d sl->SignatureSize: %d type size:
%d\n",
+ sigsize, sl->SignatureSize,
get_sig_type_size(sl->SignatureType));
errno = EINVAL;
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/siglist.h
new/pesign-0.111/src/siglist.h
--- old/pesign-0.110/src/siglist.h 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/siglist.h 2015-10-28 19:25:51.000000000 +0100
@@ -21,7 +21,7 @@
typedef struct signature_list signature_list;
-extern signature_list *signature_list_new(efi_guid_t *SignatureType);
+extern signature_list *signature_list_new(const efi_guid_t *SignatureType);
extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
uint8_t *sig, uint32_t sigsize);
extern int signature_list_realize(signature_list *sl,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/ucs2.c new/pesign-0.111/src/ucs2.c
--- old/pesign-0.110/src/ucs2.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/ucs2.c 2015-10-28 19:25:51.000000000 +0100
@@ -51,7 +51,7 @@
ret = calloc(2, size);
if (!ret)
return NULL;
- for (int i = 0; i < size; i++)
+ for (unsigned int i = 0; i < size; i++)
ret[i] = s[i];
return ret;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/wincert.c
new/pesign-0.111/src/wincert.c
--- old/pesign-0.110/src/wincert.c 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/wincert.c 2015-10-28 19:25:51.000000000 +0100
@@ -131,7 +131,7 @@
return 0;
}
- off_t n = iter->n;
+ size_t n = iter->n;
void *certs = iter->certs;
size_t size = iter->size;
@@ -149,7 +149,7 @@
tmpcert = (win_certificate *)((uint8_t *)certs + n);
- if ((intptr_t)tmpcert > (intptr_t)map + map_size)
+ if ((intptr_t)tmpcert > (intptr_t)((intptr_t)map + map_size))
return -1;
/* length _includes_ the size of the structure. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/src/wincert.h
new/pesign-0.111/src/wincert.h
--- old/pesign-0.110/src/wincert.h 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/src/wincert.h 2015-10-28 19:25:51.000000000 +0100
@@ -36,7 +36,7 @@
typedef struct cert_iter {
Pe *pe;
- off_t n;
+ size_t n;
void *certs;
size_t size;
} cert_iter;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pesign-0.110/util/Makefile
new/pesign-0.111/util/Makefile
--- old/pesign-0.110/util/Makefile 2014-10-24 21:51:06.000000000 +0200
+++ new/pesign-0.111/util/Makefile 2015-10-28 19:25:51.000000000 +0100
@@ -1,6 +1,9 @@
-SRCDIR = .
-TOPDIR = $(SRCDIR)/..
+SRCDIR = $(realpath .)
+TOPDIR = $(realpath ..)
+include $(TOPDIR)/Make.version
+include $(TOPDIR)/Make.rules
+include $(TOPDIR)/Make.efirules
include $(TOPDIR)/Make.defaults
FORMAT=efi-app-$(HOSTARCH)
@@ -14,12 +17,16 @@
all : $(TARGETS)
clean :
- @rm -rfv *.o *.a *.so $(TARGETS)
+ @rm -rfv *.o *.a *.so .*.d $(TARGETS)
install :
$(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
$(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
+install_systemd:
+
+install_sysvinit:
+
.PHONY: all clean install
include $(TOPDIR)/Make.efirules
++++++ pesign-fix-build-errors.patch ++++++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:15.000000000 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:15.000000000 +0100
@@ -1,7 +1,7 @@
-diff --git a/src/daemon.c b/src/daemon.c
-index c14b64b..5652ba1 100644
---- a/src/daemon.c
-+++ b/src/daemon.c
+Index: pesign-0.111/src/daemon.c
+===================================================================
+--- pesign-0.111.orig/src/daemon.c
++++ pesign-0.111/src/daemon.c
@@ -544,7 +544,11 @@ malformed:
if (rc < 0) {
err_attached:
@@ -55,7 +55,7 @@
}
finish:
-@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int
do_fork)
+@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce
exit(1);
}
@@ -69,11 +69,11 @@
if (getuid() == 0) {
/* process is running as root, drop privileges */
-diff --git a/src/password.c b/src/password.c
-index 43186df..9a9c911 100644
---- a/src/password.c
-+++ b/src/password.c
-@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char
*prompt,
+Index: pesign-0.111/src/password.c
+===================================================================
+--- pesign-0.111.orig/src/password.c
++++ pesign-0.111/src/password.c
+@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input
echoOff(infd);
}
@@ -83,10 +83,10 @@
if (isTTY) {
fprintf(output, "\n");
-diff --git a/src/pesign.c b/src/pesign.c
-index ff4f2bf..40a1e43 100644
---- a/src/pesign.c
-+++ b/src/pesign.c
+Index: pesign-0.111/src/pesign.c
+===================================================================
+--- pesign-0.111.orig/src/pesign.c
++++ pesign-0.111/src/pesign.c
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
addr = pe_rawfile(ctx->inpe, &size);
@@ -98,18 +98,18 @@
+ }
lseek(ctx->outfd, 0, SEEK_SET);
- write(ctx->outfd, addr, size);
-+ if (write(ctx->outfd, addr, size) != size) {
++ if ((size_t)write(ctx->outfd, addr, size) != size) {
+ fprintf(stderr, "pesign: could not write output file: %m\n");
+ exit(1);
+ }
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
-diff --git a/src/signed_data.c b/src/signed_data.c
-index 2fa1cdd..247ec57 100644
---- a/src/signed_data.c
-+++ b/src/signed_data.c
-@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo
***signerInfo_list_p, S
+Index: pesign-0.111/src/signed_data.c
+===================================================================
+--- pesign-0.111.orig/src/signed_data.c
++++ pesign-0.111/src/signed_data.c
+@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm
SpcSignerInfo **signerInfo_list;
int err, rc;
++++++ pesign-fix-signness.patch ++++++
>From ae2520e013caf4f5d0dae89623dc08925d6cd472 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjo...@redhat.com>
Date: Wed, 28 Oct 2015 15:58:07 -0400
Subject: [PATCH] Fix one more -Wsign-compare problem I missed.
Signed-off-by: Peter Jones <pjo...@redhat.com>
---
src/daemon.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c
index 02b7352..175c874 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -194,7 +194,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -202,10 +202,10 @@ malformed:
goto malformed;
pesignd_string *tp = pesignd_string_next(tn);
- if (n < (long long)sizeof(tp->size))
+ if ((size_t)n < sizeof(tp->size))
goto malformed;
n -= sizeof(tp->size);
- if (n < tp->size)
+ if ((size_t)n < tp->size)
goto malformed;
n -= tp->size;
@@ -298,7 +298,7 @@ malformed:
return;
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -487,7 +487,7 @@ malformed:
}
n -= sizeof(tn->size);
- if (n < tn->size)
+ if ((size_t)n < tn->size)
goto malformed;
n -= tn->size;
@@ -497,11 +497,11 @@ malformed:
if (!ctx->cms->tokenname)
goto oom;
- if (n < (long long)sizeof(tn->size))
+ if ((size_t)n < sizeof(tn->size))
goto malformed;
pesignd_string *cn = pesignd_string_next(tn);
n -= sizeof(cn->size);
- if (n < cn->size)
+ if ((size_t)n < cn->size)
goto malformed;
ctx->cms->certname = PORT_ArenaStrdup(ctx->cms->arena,
--
2.6.2
++++++ pesign-privkey_unneeded.diff ++++++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:15.000000000 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:15.000000000 +0100
@@ -4,9 +4,11 @@
src/pesign.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-)
---- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -272,6 +272,7 @@ struct cbdata {
+Index: pesign-0.111/src/cms_common.c
+===================================================================
+--- pesign-0.111.orig/src/cms_common.c
++++ pesign-0.111/src/cms_common.c
+@@ -280,6 +280,7 @@ struct cbdata {
CERTCertificate *cert;
PK11SlotListElement *psle;
secuPWData *pwdata;
@@ -14,7 +16,7 @@
};
static SECStatus
-@@ -283,6 +284,12 @@ is_valid_cert(CERTCertificate *cert, voi
+@@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
void *pwdata = cbdata->pwdata;
SECKEYPrivateKey *privkey = NULL;
@@ -27,7 +29,7 @@
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) {
cbdata->cert = cert;
-@@ -413,7 +420,7 @@ find_certificate(cms_context *cms, int n
+@@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
}
SECStatus status;
@@ -36,7 +38,7 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
-@@ -442,6 +449,7 @@ find_certificate(cms_context *cms, int n
+@@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
@@ -44,7 +46,7 @@
};
if (needs_private_key) {
-@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms,
+@@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
}
SECStatus status;
@@ -53,8 +55,10 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
---- a/src/cms_common.h
-+++ b/src/cms_common.h
+Index: pesign-0.111/src/cms_common.h
+===================================================================
+--- pesign-0.111.orig/src/cms_common.h
++++ pesign-0.111/src/cms_common.h
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context {
PRArenaPool *arena;
@@ -63,9 +67,11 @@
char *tokenname;
char *certname;
---- a/src/pesign.c
-+++ b/src/pesign.c
-@@ -626,6 +626,7 @@ main(int argc, char *argv[])
+Index: pesign-0.111/src/pesign.c
+===================================================================
+--- pesign-0.111.orig/src/pesign.c
++++ pesign-0.111/src/pesign.c
+@@ -651,6 +651,7 @@ main(int argc, char *argv[])
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
++++++ pesign-run.patch ++++++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:16.000000000 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:16.000000000 +0100
@@ -6,19 +6,23 @@
src/tmpfiles.conf | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -74,7 +74,7 @@ install_sysvinit:
+Index: pesign-0.111/src/Makefile
+===================================================================
+--- pesign-0.111.orig/src/Makefile
++++ pesign-0.111/src/Makefile
+@@ -65,7 +65,7 @@ install_sysvinit: pesign.sysvinit
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
- $(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
- $(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
---- a/src/daemon.h
-+++ b/src/daemon.h
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
+ $(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
+Index: pesign-0.111/src/daemon.h
+===================================================================
+--- pesign-0.111.orig/src/daemon.h
++++ pesign-0.111/src/daemon.h
@@ -49,7 +49,7 @@ typedef enum {
} pesignd_cmd;
@@ -29,8 +33,10 @@
+#define PIDFILE "/run/pesign.pid"
#endif /* DAEMON_H */
---- a/src/macros.pesign
-+++ b/src/macros.pesign
+Index: pesign-0.111/src/macros.pesign
+===================================================================
+--- pesign-0.111.orig/src/macros.pesign
++++ pesign-0.111/src/macros.pesign
@@ -36,7 +36,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \
@@ -40,8 +46,17 @@
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
---- a/src/pesign.sysvinit
-+++ b/src/pesign.sysvinit
+Index: pesign-0.111/src/tmpfiles.conf
+===================================================================
+--- pesign-0.111.orig/src/tmpfiles.conf
++++ pesign-0.111/src/tmpfiles.conf
+@@ -1 +1 @@
+-D /var/run/pesign 0770 pesign pesign -
++D /run/pesign 0770 pesign pesign -
+Index: pesign-0.111/src/pesign.sysvinit.in
+===================================================================
+--- pesign-0.111.orig/src/pesign.sysvinit.in
++++ pesign-0.111/src/pesign.sysvinit.in
@@ -4,7 +4,7 @@
#
# chkconfig: - 50 50
@@ -51,38 +66,44 @@
### BEGIN INIT INFO
# Provides: pesign
# Should-Start: $remote_fs
-@@ -19,7 +19,7 @@
-
- [ -f /usr/bin/pesign ] || exit 1
-
--PESIGN_PIDFILE=/var/run/pesign.pid
-+PESIGN_PIDFILE=/run/pesign.pid
- RETVAL=0
-
- start(){
-@@ -28,15 +28,15 @@ start(){
- RETVAL=$?
- echo
- touch /var/lock/subsys/pesign
-- setfacl -m u:kojibuilder:x /var/run/pesign
-- setfacl -m u:kojibuilder:rw /var/run/pesign/socket
-- setfacl -m g:kojibuilder:x /var/run/pesign
-- setfacl -m g:kojibuilder:rw /var/run/pesign/socket
-+ setfacl -m u:kojibuilder:x /run/pesign
-+ setfacl -m u:kojibuilder:rw /run/pesign/socket
-+ setfacl -m g:kojibuilder:x /run/pesign
-+ setfacl -m g:kojibuilder:rw /run/pesign/socket
- }
-
- stop(){
- echo -n "Stopping pesign: "
-- killproc -p /var/run/pesign.pid pesignd
-+ killproc -p /run/pesign.pid pesignd
- RETVAL=$?
- echo
- rm -f /var/lock/subsys/pesign
---- a/src/tmpfiles.conf
-+++ b/src/tmpfiles.conf
-@@ -1 +1 @@
--D /var/run/pesign 0770 pesign pesign -
-+D /run/pesign 0770 pesign pesign -
+Index: pesign-0.111/src/pesign.service.in
+===================================================================
+--- pesign-0.111.orig/src/pesign.service.in
++++ pesign-0.111/src/pesign.service.in
+@@ -4,7 +4,7 @@ Description=Pesign signing daemon
+ [Service]
+ PrivateTmp=true
+ Type=forking
+-PIDFile=/var/run/pesign.pid
++PIDFile=/run/pesign.pid
+ ExecStart=/usr/bin/pesign --daemonize
+ ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
+ ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
+Index: pesign-0.111/src/pesign-authorize-groups
+===================================================================
+--- pesign-0.111.orig/src/pesign-authorize-groups
++++ pesign-0.111/src/pesign-authorize-groups
+@@ -11,7 +11,7 @@
+
+ if [[ -r /etc/pesign/groups ]]; then
+ for group in $(cat /etc/pesign/groups); do
+- setfacl -m g:${group}:rx /var/run/pesign
+- setfacl -m g:${group}:rw /var/run/pesign/socket
++ setfacl -m g:${group}:rx /run/pesign
++ setfacl -m g:${group}:rw /run/pesign/socket
+ done
+ fi
+Index: pesign-0.111/src/pesign-authorize-users
+===================================================================
+--- pesign-0.111.orig/src/pesign-authorize-users
++++ pesign-0.111/src/pesign-authorize-users
+@@ -11,7 +11,7 @@
+
+ if [[ -r /etc/pesign/users ]]; then
+ for username in $(cat /etc/pesign/users); do
+- setfacl -m u:${username}:rx /var/run/pesign
+- setfacl -m u:${username}:rw /var/run/pesign/socket
++ setfacl -m u:${username}:rx /run/pesign
++ setfacl -m u:${username}:rw /run/pesign/socket
+ done
+ fi
++++++ pesign-suse-build.patch ++++++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:16.000000000 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:16.000000000 +0100
@@ -1,67 +1,44 @@
-diff --git a/Make.defaults b/Make.defaults
-index 95ba9d5..c03bf70 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
- ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
- INCDIR = -I$(TOPDIR)/include
- CPPFLAGS = -DCONFIG_$(ARCH)
--CFLAGS = -g -O0
-+OPTFLAGS = -g -O0
-+CFLAGS = $(OPTFLAGS)
- BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing
-fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result
-Wno-unused-function
- ASFLAGS = $(ARCH3264)
- LDFLAGS = -nostdlib
-@@ -23,7 +24,7 @@ OBJCOPY = $(bindir)objcopy
+Index: pesign-0.111/util/Makefile
+===================================================================
+--- pesign-0.111.orig/util/Makefile
++++ pesign-0.111/util/Makefile
+@@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules
+ include $(TOPDIR)/Make.defaults
- ifeq ($(ARCH),ia64)
- CFLAGS += -mfixed-range=f32-f127
-- LIBDIR = $(PREFIX)/lib64
-+ LIBDIR = $(PREFIX)/lib
- endif
-
- ifeq ($(ARCH), ia32)
-@@ -41,3 +42,6 @@ ifeq ($(ARCH), x86_64)
- endif
- endif
-
-+ifeq ($(ARCH), aarch64)
-+ LIBDIR := $(PREFIX)/lib64
-+endif
-diff --git a/Make.rules b/Make.rules
-index 2749521..3553a03 100644
---- a/Make.rules
-+++ b/Make.rules
-@@ -2,10 +2,11 @@
- $(AR) -cvqs $@ $^
-
- % : %.o
-- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach
pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib)))
-lpthread
-+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach
pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib)))
-lpthread
-
- %.so :
- $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o
$@
-+ $(CC) $(INCDIR) $(BUILDFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o
$@
-
- %.o: %.c
- $(CC) $(INCDIR) $(BUILDFLAGS) $(CPPFLAGS) -c $< -o $@
-diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit
-index ea37c58..120a49c 100644
---- a/src/pesign.sysvinit
-+++ b/src/pesign.sysvinit
-@@ -6,21 +6,25 @@
+ FORMAT=efi-app-$(HOSTARCH)
+-LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared
-Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
++LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic
$(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
+ LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
+ CCLDFLAGS =
+ BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/
-I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions
-fno-strict-aliasing -fno-merge-constants -mno-red-zone
-Wimplicit-function-declaration
+@@ -20,8 +20,8 @@ clean :
+ @rm -rfv *.o *.a *.so .*.d $(TARGETS)
+
+ install :
+- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
+- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
++ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
++ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
+
+ install_systemd:
+
+Index: pesign-0.111/src/pesign.sysvinit.in
+===================================================================
+--- pesign-0.111.orig/src/pesign.sysvinit.in
++++ pesign-0.111/src/pesign.sysvinit.in
+@@ -6,21 +6,24 @@
# processname: /usr/bin/pesign
# pidfile: /var/run/pesign.pid
### BEGIN INIT INFO
-# Provides: pesign
-# Default-Start:
+-# Default-Stop:
+# Provides: pesign
+# Should-Start: $remote_fs
+# Should-Stop: $remote_fs
+# Required-Start:
+# Required-Stop:
+# Default-Start: 2 3 5
- # Default-Stop:
# Short-Description: The pesign PE signing daemon
# Description: The pesign PE signing daemon
### END INIT INFO
@@ -79,27 +56,37 @@
RETVAL=$?
echo
touch /var/lock/subsys/pesign
-diff --git a/util/Makefile b/util/Makefile
-index ff11cb8..5d4cebb 100644
---- a/util/Makefile
-+++ b/util/Makefile
-@@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/..
- include $(TOPDIR)/Make.defaults
+@@ -30,7 +33,7 @@ start(){
- FORMAT=efi-app-$(HOSTARCH)
--LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared
-Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
-+LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic
$(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR)
- LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name)
- CCLDFLAGS =
- BUILDFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/
-I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions
-fno-strict-aliasing -fno-merge-constants -mno-red-zone
-Wimplicit-function-declaration
-@@ -17,8 +17,8 @@ clean :
- @rm -rfv *.o *.a *.so $(TARGETS)
+ stop(){
+ echo -n "Stopping pesign: "
+- killproc -p /var/run/pesign.pid pesignd
++ killproc -p /run/pesign.pid pesignd
+ RETVAL=$?
+ echo
+ rm -f /var/lock/subsys/pesign
+Index: pesign-0.111/Make.defaults
+===================================================================
+--- pesign-0.111.orig/Make.defaults
++++ pesign-0.111/Make.defaults
+@@ -55,7 +55,7 @@ efi_cflags = $(cflags)
+ ASFLAGS = $(ARCH3264)
+ CPPFLAGS ?=
- install :
-- $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/
-- $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/
-+ $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/
-+ $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/
+-LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
++LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call
pkg-config-ldlibs)
- .PHONY: all clean install
+ ifeq ($(ARCH),ia64)
+ efi_cflags += -mfixed-range=f32-f127
+Index: pesign-0.111/Makefile
+===================================================================
+--- pesign-0.111.orig/Makefile
++++ pesign-0.111/Makefile
+@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src
+ install :
+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+- $(INSTALL) -pm 644 COPYING
$(INSTALLROOT)$(prefix)$(docdir)/pesign-$(VERSION)/
+ @set -e ; for x in $(SUBDIRS) ; do \
+ $(MAKE) -C $$x $@ ; \
+ done
