Date: Sunday, April 2, 2023 @ 08:59:04
Author: dvzrv
Revision: 1433399
archrelease: copy trunk to community-x86_64
Added:
pesign/repos/community-x86_64/PKGBUILD
(from rev 1433398, pesign/trunk/PKGBUILD)
pesign/repos/community-x86_64/pesign-116-remove_root_check.patch
(from rev 1433398, pesign/trunk/pesign-116-remove_root_check.patch)
pesign/repos/community-x86_64/pesign-create-db.service
(from rev 1433398, pesign/trunk/pesign-create-db.service)
pesign/repos/community-x86_64/pesign.service
(from rev 1433398, pesign/trunk/pesign.service)
pesign/repos/community-x86_64/pesign.sysusers
(from rev 1433398, pesign/trunk/pesign.sysusers)
pesign/repos/community-x86_64/pesign.tmpfiles
(from rev 1433398, pesign/trunk/pesign.tmpfiles)
Deleted:
pesign/repos/community-x86_64/PKGBUILD
pesign/repos/community-x86_64/pesign-113-remove_root_check.patch
pesign/repos/community-x86_64/pesign-create-db.service
pesign/repos/community-x86_64/pesign.service
pesign/repos/community-x86_64/pesign.sysusers
pesign/repos/community-x86_64/pesign.tmpfiles
------------------------------------+
PKGBUILD | 147 ++++++++++++++++++-----------------
pesign-113-remove_root_check.patch | 29 ------
pesign-116-remove_root_check.patch | 15 +++
pesign-create-db.service | 66 +++++++--------
pesign.service | 74 ++++++++---------
pesign.sysusers | 2
pesign.tmpfiles | 4
7 files changed, 166 insertions(+), 171 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2023-04-02 08:58:43 UTC (rev 1433398)
+++ PKGBUILD 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1,69 +0,0 @@
-# Maintainer: David Runge <[email protected]>
-# Contributor: Bruno Pagani <[email protected]>
-# Contributor: Mirco Tischler <mt-ml at gmx dot de>
-
-pkgname=pesign
-pkgver=113
-pkgrel=1
-pkgdesc="Linux tools for signed PE-COFF binaries"
-arch=('x86_64')
-url="https://github.com/rhboot/pesign";
-license=('GPL3')
-depends=('glibc' 'efivar' 'libutil-linux' 'nspr' 'nss' 'popt')
-source=("${pkgname}-${pkgver}.tar.gz::https://github.com/rhboot/${pkgname}/archive/${pkgver}.tar.gz";
- "${pkgname}-113-remove_root_check.patch"
-
"${pkgname}-113-nss3.44.patch::https://github.com/rhboot/pesign/commit/b535d1ac5cbcdf18a97d97a92581e38080d9e521.patch";
-
"${pkgname}-113-assignment.patch::https://github.com/rhboot/pesign/commit/c555fd74c009242c3864576bd5f17a1f8f4fdffd.patch";
- "${pkgname}.sysusers"
- "${pkgname}.tmpfiles"
- "${pkgname}.service"
- "${pkgname}-create-db.service")
-sha512sums=('e71dc90c2ab8085d1b000c0d2cf9cb00ddaed1ea1393db75c2d19a96f1b1c188a26b76850533ba97ec254a3b48db6b07a69b597c329ac891e64422780a358c24'
-
'8541fed1dbdea3b5b36731c2982789db457db2d1c6d62cd8461a7ad10e3f26dc16aef62eb991ac2b6504f741442229195e9e2804b770e859f48c475c0467e457'
-
'03c871d9f03727a98709372d696d38a59d554d9dac487656135f2f043f1eb36515e6988b67a2d0f4d00535771839e934e4f2826959e76221334170837b577d2a'
-
'cfa001265bfda5428ef72134d05ec16bee679a3906832aab4100f2c567f22e62d089b8cd475b9707926485c30958e70ba48c4035e118c480d008114fb6876c62'
-
'46c9958170924632fdf8fdf7b07eac5b35fc2a9292c84e346d9fc69cbedbfb762fc911c5c5dbf6e8391fa38a4f747b891dd295f14b47f594814572a07fcbc44c'
-
'2dca9a1aba9485afe6f07b7a3d9ee1dd0cd7640264f7584e739cab126b501ac1962a3b37509744a2b77abc613c75222801daf2e4fd97dd5211d19fbb7bd9ec33'
-
'5e4eb101b01fd688ca915051e25978e6b7a27ad2588c6b04ed52c179a00c04c1298080f9c2c0ae982cd0d861c649e5e6c244e54cb4962ca39c1d2264d1ec12df'
-
'14a161ec3a883d5c17581a6743a9b5e67e1617228966c4972933a055618f157aafefe8b0f648cb07251f0076384dd19be605acc6b1d31e7dec67749a682f505c')
-
-prepare() {
- cd "${pkgname}-${pkgver}"
- # -Werror, not even once
- sed -e 's/\-Werror//g' -i Make.defaults
- # remove root check
- patch -Np1 -i "../${pkgname}-113-remove_root_check.patch"
- # fix assignment
- patch -Np1 -i "../${pkgname}-113-assignment.patch"
- # fix issues with nss >=3.44
- patch -Np1 -i "../${pkgname}-113-nss3.44.patch"
-}
-
-build() {
- cd "${pkgname}-${pkgver}"
- make
-}
-
-package() {
- cd "${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" \
- libdir=/usr/lib \
- libexecdir=/usr/lib \
- install
- # removing a lot of stuff that we don't need
- rm -rfv "${pkgdir}/var"
- rm -rfv "${pkgdir}/etc/rpm"
- rm -rfv "${pkgdir}/etc/pesign"
- rm -rfv "${pkgdir}/etc/pki"
- rm -rfv "${pkgdir}/usr/lib/"
-
- install -vDm 644 "../${pkgname}.sysusers" \
- "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
- install -vDm 644 "../${pkgname}.tmpfiles" \
- "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
- # install custom service, that can run as separate user
- # https://github.com/rhboot/pesign/issues/57
- install -vDm 644 ../*.service \
- -t "${pkgdir}/usr/lib/systemd/system/"
- install -vdm 755 "${pkgdir}/etc/pki/pesign"
-}
Copied: pesign/repos/community-x86_64/PKGBUILD (from rev 1433398,
pesign/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1,78 @@
+# Maintainer: David Runge <[email protected]>
+# Contributor: Bruno Pagani <[email protected]>
+# Contributor: Mirco Tischler <mt-ml at gmx dot de>
+
+pkgname=pesign
+pkgver=116
+pkgrel=1
+pkgdesc="Linux tools for signed PE-COFF binaries"
+arch=(x86_64)
+url="https://github.com/rhboot/pesign";
+license=(GPL3)
+depends=(
+ bash
+ gcc-libs
+ glibc
+ efivar
+ util-linux-libs
+ nspr
+ nss
+ popt
+)
+makedepends=(mandoc)
+options=(debug)
+source=(
+
$pkgname-$pkgver.tar.gz::https://github.com/rhboot/$pkgname/archive/$pkgver.tar.gz
+ $pkgname-116-remove_root_check.patch
+ $pkgname.sysusers
+ $pkgname.tmpfiles
+ $pkgname.service
+ $pkgname-create-db.service
+)
+sha512sums=('c76a67e6ce59911ccde371080b38c08d17f5e418bf415ee112cc433f1b27ccf56c5f5580c21b17354f5d3017c2e6f13af31958179a6ad80e5e908535d215227c'
+
'c79365268a56111af98b5ed20518df9ab955531d4a3978de83b2491ae9b96643cc7bfb6f24ca493885275429a4ecb79e6edb8135206ea65c4147d63727aa8f3a'
+
'46c9958170924632fdf8fdf7b07eac5b35fc2a9292c84e346d9fc69cbedbfb762fc911c5c5dbf6e8391fa38a4f747b891dd295f14b47f594814572a07fcbc44c'
+
'2dca9a1aba9485afe6f07b7a3d9ee1dd0cd7640264f7584e739cab126b501ac1962a3b37509744a2b77abc613c75222801daf2e4fd97dd5211d19fbb7bd9ec33'
+
'5e4eb101b01fd688ca915051e25978e6b7a27ad2588c6b04ed52c179a00c04c1298080f9c2c0ae982cd0d861c649e5e6c244e54cb4962ca39c1d2264d1ec12df'
+
'14a161ec3a883d5c17581a6743a9b5e67e1617228966c4972933a055618f157aafefe8b0f648cb07251f0076384dd19be605acc6b1d31e7dec67749a682f505c')
+b2sums=('41c6cba82d34b13406167ea171d1630b158246259c242bd0f339da45d86a66789940f9d5361199efbf52f181bbc1653b7e1807039bcb829b26d73c7f92bfc1b5'
+
'77edd4517c46c71d63c8003045ae16b9a252bf9e0e070066142f397b21d2a3634d4c4e72d1eab0a32aed441d860db7c7b9546d6b018200a6d85f9b32bf577ec2'
+
'c4a1934f747207ffc6414db831ef138318a062e3b7186891e5294b7fb87b843204070573c762aa8da519f9c076601d8d343fcd2c336c9f7f78ee32781e930def'
+
'ea7e579848648df60da248f657402cdbe3b0b866e6dcf7c062a39914e297f1dde91ec8a7d7dcfa3081c4309604c464a9e3f1263795cc3001fdbaef711028d3e5'
+
'8daa7a7b5042a1d19ef53092b4c200d5ce12736d72dd561fac1adf6262db18dfc54eeaad7cf28365e06dc8322ba435674d608fdeb165c86c9f148852c2e48cea'
+
'94bb44d1a95a31958b2808ae70782c3f3e38c26a132659ded7cf7ba5548e39b790bf54e6e62f0b3634fbcd21d68b62108e2ce18b0689500982225f45ca5a3b2e')
+
+prepare() {
+ # -Werror, not even once
+ sed -e 's/\-Werror//g' -i $pkgname-$pkgver/Make.defaults
+ # remove root check so that we may run as unprivileged user:
https://github.com/rhboot/pesign/issues/57
+ patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-116-remove_root_check.patch
+}
+
+build() {
+ make -C $pkgname-$pkgver
+}
+
+package() {
+ local make_options=(
+ DESTDIR="$pkgdir"
+ rundir=/run/
+ libdir=/usr/lib/
+ libexecdir=/usr/lib/
+ install
+ -C $pkgname-$pkgver
+ )
+
+ make "${make_options[@]}"
+
+ # remove a lot of stuff that we don't need
+ # rm -rfv "$pkgdir/"{run,var,etc/{rpm,pesign,pki},usr/lib}
+ rm -frv "$pkgdir/"{run,etc/{rpm,pki/pesign-rh-test/}}
+
+ install -vDm 644 $pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+ install -vDm 644 $pkgname.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+
+ # install custom service, that can run as separate user
+ install -vDm 644 $pkgname*.service -t "$pkgdir/usr/lib/systemd/system/"
+ install -vdm 755 "$pkgdir/etc/pki/pesign"
+}
Deleted: pesign-113-remove_root_check.patch
===================================================================
--- pesign-113-remove_root_check.patch 2023-04-02 08:58:43 UTC (rev 1433398)
+++ pesign-113-remove_root_check.patch 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1,29 +0,0 @@
-diff -ruN a/src/daemon.c b/src/daemon.c
---- a/src/daemon.c 2019-05-10 20:53:51.000000000 +0200
-+++ b/src/daemon.c 2020-04-26 13:34:02.064214277 +0200
-@@ -1159,11 +1159,6 @@
- ctx.backup_cms->log_priv = &ctx;
- ctx.sd = -1;
-
-- if (getuid() != 0) {
-- fprintf(stderr, "pesignd must be started as root");
-- exit(1);
-- }
--
- check_socket(&ctx);
-
- openlog("pesignd", LOG_PID, LOG_DAEMON);
-diff -ruN a/src/daemon.h b/src/daemon.h
---- a/src/daemon.h 2019-05-10 20:53:51.000000000 +0200
-+++ b/src/daemon.h 2020-04-26 13:51:56.580675620 +0200
-@@ -49,8 +49,8 @@
- } pesignd_cmd;
-
- #define PESIGND_VERSION 0x2a9edaf0
--#define SOCKPATH "/var/run/pesign/socket"
--#define PIDFILE "/var/run/pesign.pid"
-+#define SOCKPATH "/run/pesign/socket"
-+#define PIDFILE "/run/pesign/pesign.pid"
-
- static inline uint32_t UNUSED
- pesignd_string_size(char *buffer)
Copied: pesign/repos/community-x86_64/pesign-116-remove_root_check.patch (from
rev 1433398, pesign/trunk/pesign-116-remove_root_check.patch)
===================================================================
--- pesign-116-remove_root_check.patch (rev 0)
+++ pesign-116-remove_root_check.patch 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1,15 @@
+diff -ruN a/src/daemon.c b/src/daemon.c
+--- a/src/daemon.c 2019-05-10 20:53:51.000000000 +0200
++++ b/src/daemon.c 2020-04-26 13:34:02.064214277 +0200
+@@ -1159,11 +1159,6 @@
+ ctx.backup_cms->log_priv = &ctx;
+ ctx.sd = -1;
+
+- if (getuid() != 0) {
+- fprintf(stderr, "pesignd must be started as root");
+- exit(1);
+- }
+-
+ check_socket(&ctx);
+
+ openlog("pesignd", LOG_PID, LOG_DAEMON);
Deleted: pesign-create-db.service
===================================================================
--- pesign-create-db.service 2023-04-02 08:58:43 UTC (rev 1433398)
+++ pesign-create-db.service 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1,33 +0,0 @@
-[Unit]
-Description=Pesign database generation
-Documentation=man:certutil(1)
-ConditionPathExists=|!/etc/pki/pesign/cert9.db
-ConditionPathExists=|!/etc/pki/pesign/key4.db
-ConditionPathExists=|!/etc/pki/pesign/pkcs11.txt
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-User=pesign
-Group=pesign
-ExecStart=/usr/bin/certutil -N -d sql:/etc/pki/pesign --empty-password
-ProtectSystem=strict
-ProtectHome=true
-PrivateTmp=true
-PrivateDevices=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-NoNewPrivileges=true
-MemoryDenyWriteExecute=true
-LockPersonality=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-RemoveIPC=true
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@resources
-ReadWritePaths=/etc/pki/pesign
Copied: pesign/repos/community-x86_64/pesign-create-db.service (from rev
1433398, pesign/trunk/pesign-create-db.service)
===================================================================
--- pesign-create-db.service (rev 0)
+++ pesign-create-db.service 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1,33 @@
+[Unit]
+Description=Pesign database generation
+Documentation=man:certutil(1)
+ConditionPathExists=|!/etc/pki/pesign/cert9.db
+ConditionPathExists=|!/etc/pki/pesign/key4.db
+ConditionPathExists=|!/etc/pki/pesign/pkcs11.txt
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User=pesign
+Group=pesign
+ExecStart=/usr/bin/certutil -N -d sql:/etc/pki/pesign --empty-password
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources
+ReadWritePaths=/etc/pki/pesign
Deleted: pesign.service
===================================================================
--- pesign.service 2023-04-02 08:58:43 UTC (rev 1433398)
+++ pesign.service 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1,37 +0,0 @@
-[Unit]
-Description=Pesign signing daemon
-Documentation=man:pesign(1)
-Wants=pesign-create-db.service
-After=pesign-create-db.service
-
-[Service]
-User=pesign
-Group=pesign
-PIDFile=/run/pesign/pesign.pid
-ExecStart=/usr/bin/pesign --daemonize --nofork
-ProtectSystem=strict
-ProtectHome=true
-PrivateTmp=true
-PrivateDevices=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-NoNewPrivileges=true
-MemoryDenyWriteExecute=true
-LockPersonality=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-RemoveIPC=true
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@resources
-ReadWritePaths=/run/pesign
-RuntimeDirectory=pesign
-StateDirectory=pesign
-LogsDirectory=pesign
-
-[Install]
-WantedBy=multi-user.target
Copied: pesign/repos/community-x86_64/pesign.service (from rev 1433398,
pesign/trunk/pesign.service)
===================================================================
--- pesign.service (rev 0)
+++ pesign.service 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1,37 @@
+[Unit]
+Description=Pesign signing daemon
+Documentation=man:pesign(1)
+Wants=pesign-create-db.service
+After=pesign-create-db.service
+
+[Service]
+User=pesign
+Group=pesign
+PIDFile=/run/pesign/pesign.pid
+ExecStart=/usr/bin/pesign --daemonize --nofork
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources
+ReadWritePaths=/run/pesign
+RuntimeDirectory=pesign
+StateDirectory=pesign
+LogsDirectory=pesign
+
+[Install]
+WantedBy=multi-user.target
Deleted: pesign.sysusers
===================================================================
--- pesign.sysusers 2023-04-02 08:58:43 UTC (rev 1433398)
+++ pesign.sysusers 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1 +0,0 @@
-u pesign - "pesign signing daemon" -
Copied: pesign/repos/community-x86_64/pesign.sysusers (from rev 1433398,
pesign/trunk/pesign.sysusers)
===================================================================
--- pesign.sysusers (rev 0)
+++ pesign.sysusers 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1 @@
+u pesign - "pesign signing daemon" -
Deleted: pesign.tmpfiles
===================================================================
--- pesign.tmpfiles 2023-04-02 08:58:43 UTC (rev 1433398)
+++ pesign.tmpfiles 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -1,2 +0,0 @@
-d /etc/pki/pesign 0755 pesign pesign -
-z /etc/pki/pesign/* 0600 pesign pesign -
Copied: pesign/repos/community-x86_64/pesign.tmpfiles (from rev 1433398,
pesign/trunk/pesign.tmpfiles)
===================================================================
--- pesign.tmpfiles (rev 0)
+++ pesign.tmpfiles 2023-04-02 08:59:04 UTC (rev 1433399)
@@ -0,0 +1,2 @@
+d /etc/pki/pesign 0755 pesign pesign -
+z /etc/pki/pesign/* 0600 pesign pesign -
