Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-01-17 09:54:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign", Maintainer is "[email protected]" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-01-17 09:54:41.000000000 +0100 @@ -0,0 +1,155 @@ +------------------------------------------------------------------- +Wed Dec 12 13:18:40 UTC 2012 - [email protected] + +- Don't call sysv RPM post/pre macros when building for systemd +- Ship rcpesign for systemd, link to /sbin/service +- Update pesign-suse-build.patch to allow change systemd unit + install directory. +- Don't hardcode systemd unit directory, since it changed in + Factory. + +------------------------------------------------------------------- +Tue Dec 11 07:10:04 UTC 2012 - [email protected] + +- Add Requires: pwdutils + +------------------------------------------------------------------- +Wed Nov 28 07:42:09 UTC 2012 - [email protected] + +- Add pesign-local-database.patch to support the local certificate + database +- Amend the spec file to build on openSUSE:Factory + +------------------------------------------------------------------- +Thu Nov 8 06:32:32 UTC 2012 - [email protected] + +- Version bump to 0.99 (FATE#314484) + + Add documentation for --daemonize and --nofork + + Make popt aliases work + + Add documentation for pesign-client + + Add --pinfd and --pinfile to the client +- Update pesign-suse-build.patch and pesign-fix-build-errors.patch +- Add pesign-upstream-fixes.patch to backport fixes from git head + and add sysvinit script +- Add pesign-client-initialize-action.patch to initialize client + action to avoid undetermined flags. +- Add pesign-client-read-pin-file.patch to fix pin file reading + +------------------------------------------------------------------- +Mon Oct 15 09:33:19 UTC 2012 - [email protected] + +- Version bump to 0.98 + + close the socket immediately on invalid input + + Slightly better error messages + + Log an error if digest initialization fails + + Add systemd bits for pesignd + + Add actual signing code to the daemon + + Add input and output setup for sign functionality in the daemon + + Audit allocation of CERTCertificateList/PK11SlotList and + friends + + Fix memory leaks +- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch + +------------------------------------------------------------------- +Mon Aug 13 06:50:35 UTC 2012 - [email protected] + +- Version bump to 0.9 + + Add NSS "token" support for smartcards. + + Allocate space for the section header variable +- Refresh pesign-fix-build-errors.patch to fix the warning +- Drop upstreamed pesign-allocate-shdr.patch + +------------------------------------------------------------------- +Fri Aug 10 10:12:53 UTC 2012 - [email protected] + +- Add pesign-allocate-shdr.patch to allocate space for the section + header variable + +------------------------------------------------------------------- +Thu Aug 9 03:53:45 UTC 2012 - [email protected] + +- Version bump to 0.8 + + Don't open the DB r/w, read-only is fine. + + Attempt to do a better job setting the image size. + + Emit correct OID for encryption type. +- Drop pesign-fix-image-size.patch which is already in 0.8 + +------------------------------------------------------------------- +Tue Aug 7 03:03:17 UTC 2012 - [email protected] + +- Add upstream patch pesign-fix-image-size.patch to set the image + size correctly. +- Drop pesign-elilo-workaround.patch + +------------------------------------------------------------------- +Mon Aug 6 08:03:05 UTC 2012 - [email protected] + +- Version bump to 0.7 + + Fix incorrect initialization error in (undocumented) -e option. + + Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS + + Initialize the index variable of loop + + Adjust the buffer size to avoid overflow + + Make sure pe_populatecert() always returns a value + +------------------------------------------------------------------- +Mon Jul 23 08:49:13 UTC 2012 - [email protected] + +- Add pesign-elilo-workaround.patch to workaround the section + header corruption in some EFI image (elilo for example) + +------------------------------------------------------------------- +Mon Jul 23 03:32:18 UTC 2012 - [email protected] + +- Add pesign-fix-build-errors.patch to fix build error/warning +- Don't install the util efi images +- Fix the RPM_OPT_FLAGS warning + +------------------------------------------------------------------- +Thu Jul 12 09:37:55 UTC 2012 - [email protected] + +- Version bump to 0.5 + + Handle and report mremap() failure + + Man page should be in section 1. + + Add some basic signature list management. + + Add some more efi-defined constants, flesh out efi_guid_t. + + authver: Find a guid for 'namespace'. + + Add some basic ucs2 functions :( + + Support multiple signatures correctly. + + Add ascii_to_ucs2() + + Add file formats and some code for variables-on-disk. + + Allow the memory map to move when we're allocating space in the + binary. + + Remove extra call to ftruncate() + + Adjust section addresses when we remap the pecoff binary. + + Correctly set win_certificate.length to /include/ + win_certificate. + + Move certificate space iterator to wincert.c so other stuff can + get it. + + Split allocating space for certs and filling it in. + + Put the new signature into the cms ctx instead of keeping it + locally. + + Actually calculate space and extend the file before hashing the + binary. + + Bounds-check everything we're hashing so we don't segfault on a + bad bin. +- Add pesign-always-return-value.patch to fix + no-return-in-nonvoid-function +- Drop upsreamed patch pesign-mem-reallocation.patch + +------------------------------------------------------------------- +Fri Jun 29 07:08:11 UTC 2012 - [email protected] + +- Add pesign-mem-reallocation.patch to fix crash when writing + signature + +------------------------------------------------------------------- +Tue Jun 26 07:02:49 UTC 2012 - [email protected] + +- Version bump to 0.3 + + it seems to generate working signatures + +------------------------------------------------------------------- +Thu Jun 21 08:31:42 UTC 2012 - [email protected] + +- New package pesign 0.2 + New: ---- pesign-0.99.tar.bz2 pesign-client-initialize-action.patch pesign-client-read-pin-file.patch pesign-fix-build-errors.patch pesign-local-database.patch pesign-suse-build.patch pesign-upstream-fixes.patch pesign.changes pesign.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign.spec ++++++ # # spec file for package pesign # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: pesign Version: 0.99 Release: 1 License: GPL-2.0 Summary: Signing tool for PE-COFF binaries Url: https://github.com/vathpela/pesign Group: Productivity/Security Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch [email protected] -- fixes from upstream Patch0: pesign-upstream-fixes.patch # PATCH-FIX-SUSE pesign-suse-build.patch [email protected] -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch [email protected] -- Fix gcc warnings Patch2: pesign-fix-build-errors.patch # PATCH-FIX-UPSTREAM pesign-client-initialize-action.patch [email protected] -- Initialize the actions variable Patch3: pesign-client-initialize-action.patch # PATCH-FIX-UPSTREAM pesign-client-read-pin-file.patch [email protected] -- Fix pin file reading error Patch4: pesign-client-read-pin-file.patch # PATCH-FIX-UPSTREAM pesign-local-database.patch [email protected] -- Support local certificate database Patch5: pesign-local-database.patch BuildRequires: mozilla-nss-devel BuildRequires: popt-devel BuildRequires: pkg-config %if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) %{?systemd_requires} %define has_systemd 1 %endif BuildRequires: pwdutils Requires: pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: ia64 %ix86 x86_64 %description Signing tool for PE-COFF binaries, hopefully at least vaguely compliant with the PE and Authenticode specifications. Authors: -------- Peter Jones <[email protected]> %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" %install make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign mkdir -p $RPM_BUILD_ROOT%{_sbindir} %if 0%{?has_systemd} make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd ln -sf /sbin/service $RPM_BUILD_ROOT/%{_sbindir}/rcpesign %else make INSTALLROOT=%{buildroot} install_sysvinit ln -sf %{_sysconfdir}/init.d/pesign $RPM_BUILD_ROOT/%{_sbindir}/rcpesign %endif # there's some stuff that's not really meant to be shipped yet rm -rf %{buildroot}/boot %{buildroot}/usr/include rm -rf %{buildroot}%{_libdir}/libdpe* %clean %{?buildroot:%__rm -rf "%{buildroot}"} %pre getent group pesign >/dev/null || groupadd -r pesign getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign %if 0%{?has_systemd} %service_add_pre pesign.service %endif %preun %if 0%{?has_systemd} %service_del_preun pesign.service %else %stop_on_removal pesign %endif %post %if 0%{?has_systemd} %service_add_post pesign.service systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf %endif %postun %if 0%{?has_systemd} %service_del_preun pesign.service %else %restart_on_update pesign %insserv_cleanup %endif %files %defattr(-,root,root) %doc COPYING %{_bindir}/pesign %{_bindir}/pesign-client %dir %{_sysconfdir}/popt.d %config %{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/pki/ %config %{_sysconfdir}/rpm/macros.pesign %{_mandir}/man?/* /var/lib/pesign %if 0%{?has_systemd} %{_unitdir}/pesign.service /usr/lib/tmpfiles.d/pesign.conf %else %{_sysconfdir}/init.d/pesign %endif %{_sbindir}/rcpesign %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} %changelog ++++++ pesign-client-initialize-action.patch ++++++ diff --git a/src/client.c b/src/client.c index 1ec582b..dcc5257 100644 --- a/src/client.c +++ b/src/client.c @@ -435,7 +435,7 @@ main(int argc, char *argv[]) char *certname = NULL; poptContext optCon; int rc; - int action; + int action = 0; char *infile = NULL; char *outfile = NULL; char *exportfile = NULL; @@ -500,6 +500,12 @@ main(int argc, char *argv[]) exit(1); } + if (action == NO_FLAGS) { + poptPrintUsage(optCon, stdout, 0); + poptFreeContext(optCon); + exit(0); + } + if (action & SIGN_BINARY && (!outfile && !exportfile)) { fprintf(stderr, "pesign-client: neither --outfile nor --export " "specified\n"); ++++++ pesign-client-read-pin-file.patch ++++++ diff --git a/src/client.c b/src/client.c index dcc5257..9bcaf3e 100644 --- a/src/client.c +++ b/src/client.c @@ -201,7 +201,8 @@ get_token_pin(int pinfd, char *pinfile, char *envname) if (!pinf) return NULL; - ssize_t n = getline(&pin, 0, pinf); + size_t pin_n; + ssize_t n = getline(&pin, &pin_n, pinf); if (n < 0 || !pin) { fclose(pinf); return NULL; ++++++ pesign-fix-build-errors.patch ++++++ --- src/daemon.c | 35 ++++++++++++++++++++++++++++------- src/password.c | 3 ++- src/pesign.c | 10 ++++++++-- 3 files changed, 38 insertions(+), 10 deletions(-) --- a/src/daemon.c +++ b/src/daemon.c @@ -436,7 +436,11 @@ malformed: if (rc < 0) { err_attached: pe_end(outpe); - ftruncate(outfd, 0); + if (ftruncate(outfd, 0) != 0) { + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "pesignd: could not truncate output " + "file: %m"); + } goto finish; } ssize_t sigspace = calculate_signature_space(ctx->cms, outpe); @@ -453,21 +457,33 @@ err_attached: finalize_signatures(ctx->cms, outpe); pe_end(outpe); } else { - ftruncate(outfd, 0); + if (ftruncate(outfd, 0) != 0) { + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "pesignd: could not truncate output file: %m"); + } rc = generate_digest(ctx->cms, inpe); if (rc < 0) { err_detached: - ftruncate(outfd, 0); + if (ftruncate(outfd, 0) != 0) { + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "pesignd: could not truncate output " + "file: %m"); + } goto finish; } rc = generate_signature(ctx->cms); if (rc < 0) goto err_detached; rc = export_signature(ctx->cms, outfd, 0); - if (rc >= 0) - ftruncate(outfd, rc); - else if (rc < 0) + if (rc >= 0) { + if (ftruncate(outfd, rc) != 0) { + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, + "pesignd: could not truncate output " + "file: %m"); + } + } else if (rc < 0) { goto err_detached; + } } finish: @@ -979,7 +995,12 @@ daemonize(cms_context *cms_ctx, int do_f exit(1); } - chdir(homedir ? homedir : "/"); + if (chdir(homedir ? homedir : "/") != 0) { + ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR, + "pesignd: could not change working directory " + "for pesign: %m"); + exit(1); + } if (getuid() == 0) { /* process is running as root, drop privileges */ --- a/src/password.c +++ b/src/password.c @@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input echoOff(infd); } - fgets ( phrase, sizeof(phrase), input); + if (fgets(phrase, sizeof(phrase), input) == NULL) + phrase[0] = '\0'; if (isTTY) { fprintf(output, "\n"); --- a/src/pesign.c +++ b/src/pesign.c @@ -161,9 +161,15 @@ open_output(pesign_context *ctx) addr = pe_rawfile(ctx->inpe, &size); - ftruncate(ctx->outfd, size); + if (ftruncate(ctx->outfd, size) != 0) { + fprintf(stderr, "pesign: could not truncate output file: %m\n"); + exit(1); + } lseek(ctx->outfd, 0, SEEK_SET); - write(ctx->outfd, addr, size); + if (write(ctx->outfd, addr, size) != size) { + fprintf(stderr, "pesign: could not write output file: %m\n"); + exit(1); + } Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); ++++++ pesign-local-database.patch ++++++ commit 21439f502b16cd168950cc2e38bfd6b6353ee428 Author: Matthew Garrett <[email protected]> Date: Tue Nov 27 10:11:36 2012 -0500 Add support for local certificate database directories Users may wish to use a certificate database other than the systemwide one. Add an option for that. --- src/daemon.c | 4 ++-- src/daemon.h | 2 +- src/pesign.c | 9 +++++++-- 3 files changed, 10 insertions(+), 5 deletions(-) --- a/src/daemon.c +++ b/src/daemon.c @@ -877,7 +877,7 @@ err: } int -daemonize(cms_context *cms_ctx, int do_fork) +daemonize(cms_context *cms_ctx, char *certdir, int do_fork) { int rc = 0; context ctx = { @@ -913,7 +913,7 @@ daemonize(cms_context *cms_ctx, int do_f "pesignd starting (pid %d)", ctx.pid); - SECStatus status = NSS_Init("/etc/pki/pesign"); + SECStatus status = NSS_Init(certdir); if (status != SECSuccess) { fprintf(stderr, "Could not initialize nss: %s\n", PORT_ErrorToString(PORT_GetError())); --- a/src/daemon.h +++ b/src/daemon.h @@ -19,7 +19,7 @@ #ifndef DAEMON_H #define DAEMON_H 1 -extern int daemonize(cms_context *ctx, int do_fork); +extern int daemonize(cms_context *ctx, char *certdir, int do_fork); typedef struct { uint32_t version; --- a/src/pesign.c +++ b/src/pesign.c @@ -443,6 +443,7 @@ main(int argc, char *argv[]) char *tokenname = "NSS Certificate DB"; char *origtoken = tokenname; char *certname = NULL; + char *certdir = "/etc/pki/pesign"; rc = pesign_context_new(&ctxp); if (rc < 0) { @@ -460,6 +461,10 @@ main(int argc, char *argv[]) {"certficate", 'c', POPT_ARG_STRING, &certname, 0, "specify certificate nickname", "<certificate nickname>" }, + {"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, + &certdir, 0, + "specify nss certificate database directory", + "<certificate directory path>" }, {"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0, "specify private key file", "<privkey>" }, {"force", 'f', POPT_ARG_VAL, &ctxp->force, 1, @@ -542,7 +547,7 @@ main(int argc, char *argv[]) poptFreeContext(optCon); if (!daemon) { - SECStatus status = NSS_Init("/etc/pki/pesign"); + SECStatus status = NSS_Init(certdir); if (status != SECSuccess) { fprintf(stderr, "Could not initialize nss: %s\n", PORT_ErrorToString(PORT_GetError())); @@ -796,7 +801,7 @@ main(int argc, char *argv[]) close_output(ctxp); break; case DAEMONIZE: - rc = daemonize(ctxp->cms_ctx, fork); + rc = daemonize(ctxp->cms_ctx, certdir, fork); break; default: fprintf(stderr, "Incompatible flags (0x%08x): ", action); ++++++ pesign-suse-build.patch ++++++ --- Make.defaults | 5 +++-- Make.rules | 4 ++-- Makefile | 6 +++--- src/Makefile | 10 +++++----- src/pesign.sysvinit | 12 ++++++++---- util/Makefile | 6 +++--- 6 files changed, 24 insertions(+), 19 deletions(-) Index: pesign-0.99/Make.defaults =================================================================== --- pesign-0.99.orig/Make.defaults +++ pesign-0.99/Make.defaults @@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[ ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) INCDIR = -I$(TOPDIR)/include CPPFLAGS = -DCONFIG_$(ARCH) -CFLAGS = $(ARCH3264) -g -O0 -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE +OPTFLAGS = -O0 -g +CFLAGS = $(ARCH3264) $(OPTFLAGS) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE ASFLAGS = $(ARCH3264) LDFLAGS = -nostdlib CCLDFLAGS = -shared @@ -22,7 +23,7 @@ OBJCOPY = $(bindir)objcopy ifeq ($(ARCH),ia64) CFLAGS += -mfixed-range=f32-f127 - LIBDIR = $(PREFIX)/lib64 + LIBDIR = $(PREFIX)/lib endif ifeq ($(ARCH), ia32) Index: pesign-0.99/Make.rules =================================================================== --- pesign-0.99.orig/Make.rules +++ pesign-0.99/Make.rules @@ -2,10 +2,10 @@ $(AR) -cvqs $@ $^ % : %.o - $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) + $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) %.so : - $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@ + $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $^ $(CCLDFLAGS) -o $@ %.o: %.c $(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ Index: pesign-0.99/Makefile =================================================================== --- pesign-0.99.orig/Makefile +++ pesign-0.99/Makefile @@ -2,7 +2,7 @@ TOPDIR = $(shell echo $$PWD) include $(TOPDIR)/Make.defaults -SUBDIRS := include libdpe src util +SUBDIRS := include libdpe src DOCDIR := /share/doc/ VERSION = 0.99 @@ -16,8 +16,8 @@ clean : install : @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done - $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ - $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ + $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ + $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ install_systemd: @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done Index: pesign-0.99/src/Makefile =================================================================== --- pesign-0.99.orig/src/Makefile +++ pesign-0.99/src/Makefile @@ -7,8 +7,9 @@ LIBS = popt STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a PKLIBS = nss LDFLAGS = -CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags --libs $(pklib))) +CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags --libs $(pklib))) -lpthread CFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror +UNITDIR = /lib/systemd/system TARGETS = pesign authvar client @@ -60,12 +61,12 @@ clean : depclean install_systemd: $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/ $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf - $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/systemd/system/ - $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/usr/lib/systemd/system/ + $(INSTALL) -d -m 755 $(INSTALLROOT)/$(UNITDIR) + $(INSTALL) -m 644 pesign.service $(INSTALLROOT)/$(UNITDIR) install_sysvinit: - $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/rc.d/init.d/ - $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/rc.d/init.d/pesign + $(INSTALL) -d -m 755 $(INSTALLROOT)/etc/init.d/ + $(INSTALL) -m 755 pesign.sysvinit $(INSTALLROOT)/etc/init.d/pesign install : $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ Index: pesign-0.99/util/Makefile =================================================================== --- pesign-0.99.orig/util/Makefile +++ pesign-0.99/util/Makefile @@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/.. include $(TOPDIR)/Make.defaults FORMAT=efi-app-$(HOSTARCH) -LDFLAGS = -nostdlib -T $(LIBDIR)/gnuefi/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/gnuefi/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) +LDFLAGS = -nostdlib -T $(LIBDIR)/elf_$(HOSTARCH)_efi.lds -shared -Bsymbolic $(LIBDIR)/crt0-efi-$(HOSTARCH).o -L$(LIBDIR) LIBS=-lefi -lgnuefi $(shell $(CC) -print-libgcc-file-name) CCLDFLAGS = CFLAGS = -I/usr/include/efi/ -I/usr/include/efi/$(HOSTARCH)/ -I/usr/include/efi/protocol -fpic -fshort-wchar -fno-reorder-functions -fno-strict-aliasing -fno-merge-constants -mno-red-zone -Wimplicit-function-declaration @@ -17,8 +17,8 @@ clean : @rm -rfv *.o *.a *.so $(TARGETS) install : - $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/redhat/ - $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/redhat/ + $(INSTALL) -d -m 755 $(INSTALLROOT)/boot/efi/EFI/SuSE/ + $(INSTALL) -m 755 *.efi $(INSTALLROOT)/boot/efi/EFI/SuSE/ .PHONY: all clean install Index: pesign-0.99/src/pesign.sysvinit =================================================================== --- pesign-0.99.orig/src/pesign.sysvinit +++ pesign-0.99/src/pesign.sysvinit @@ -6,21 +6,25 @@ # processname: /usr/bin/pesign # pidfile: /var/run/pesign.pid ### BEGIN INIT INFO -# Provides: pesign -# Default-Start: +# Provides: pesign +# Should-Start: $remote_fs +# Should-Stop: $remote_fs +# Required-Start: +# Required-Stop: +# Default-Start: 2 3 5 # Default-Stop: # Short-Description: The pesign PE signing daemon # Description: The pesign PE signing daemon ### END INIT INFO -. /etc/init.d/functions [ -f /usr/bin/pesign ] || exit 1 +PESIGN_PIDFILE=/var/run/pesign.pid RETVAL=0 start(){ echo -n "Starting pesign: " - daemon /usr/bin/pesign --daemonize + startproc -f -p "$PESIGN_PIDFILE" /usr/bin/pesign --daemonize RETVAL=$? echo touch /var/lock/subsys/pesign ++++++ pesign-upstream-fixes.patch ++++++ ++++ 2482 lines (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
